Running Powershell as an admin
I would like to have a script that I can run daily to add users from "cn=users,dc=costco,dc=com" to an AD group "groupname" "CN=groupname,OU=Groups,DC=costco,DC=com"
$When = (Get-Date).AddDays(-1).Date
Get-ADUser -SearchBase 'cn=users,dc=costco,dc=com' -Filter { whenCreated -ge $When } | add-adgroupmember -MemberOf 'groupname'
it errors out with
Add-ADGroupMember : A parameter cannot be found that matches parameter name 'MemberOf'. At line:2 char:111 + ... ilter { whenCreated -ge $When } | add-adgroupmember -MemberOf 'groupname ... + ~~~~~~~~~ + CategoryInfo : InvalidArgument: (:) [Add-ADGroupMember], ParameterBindingException + FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.ActiveDirectory.Management.Commands.AddADGroupMember
I have also tried with the help of a redditor
When = (Get-Date).AddDays(-1).Date
Get-ADUser -SearchBase 'CN=users,dc=costo,dc=com' -Filter { whenCreated -ge $When } | ForEach-Object { Add-ADGroupMember -Identity 'Groupname' -Members $_ }
Error:
Add-ADGroupMember : Insufficient access rights to perform the operation At line:2 char:109 + ... ach-Object {Add-ADGroupMember -Identity ‘groupname’ -Members $_ } ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (groupname:ADGroup) [Add-ADGroupMember], ADException + FullyQualifiedErrorId : ActiveDirectoryServer:8344,Microsoft.ActiveDirectory.Management.Commands.AddADGroupMember
MemberOf. As for the second error: you should be running this as a user with AD permissions to add users to a AD group. It seems you do not have that permission. 'Run as Admin' does not help, because the local administrator is still not a user with these AD permissions.. - Theo