Friday, November 21, 2014

Managing users in SCCM application security group

When applications are getting updated, we need to move the users from old application AD group to new application AD group.
So first we need to export the members list from old group then import into new group. There are quite a few ways to do it. However I find myself an easy of doing this task using simple PowerShell script.
First; export all the members of an AD security group by running following command;

Import-Module ActiveDirectory
Get-ADGroupMember -identity “Name of Group” | select name | Export-csv -path C:\Test\Users.txt –NoTypeInformation


Now add these users to a new group;
1. Create PowerShell script using following commands and save as ADexport.ps1
Import-Module ActiveDirectory
$comps=Get-Content C:\Test\Users.txt
foreach ($comp in $comps)
{$dns=get-adcomputer $comp
$b=$dns.distinguishedname
Add-ADPrincipalGroupMembership $b Group_Name
}

2. Make sure Get-Content path is correct path for your folder and file then update the Group_Name to the correct name
3.Launch PowerShell command window with elevated privileges then run your ADexport.ps1 from there

No comments:

Post a Comment