PowerShell Logo Small


This is the built-in help made by Microsoft for the command 'Add-ADPrincipalGroupMembership', in PowerShell version 5 - as retrieved from Windows version 'Microsoft Windows Server 2012 R2 Standard' PowerShell help files on 2016-06-23.

For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.


Adds a member to one or more Active Directory groups.


Add-ADPrincipalGroupMembership [-Identity] <ADPrincipal> [-MemberOf] <ADGroup[]> [-AuthType {Negotiate | Basic}] [-Credential <PSCredential>] [-Partition <String>]
[-PassThru] [-Server <String>] [-Confirm] [-WhatIf] [<CommonParameters>]

Search powershellhelp.space


The Add-ADPrincipalGroupMembership cmdlet adds a user, group, service account, or computer as a new member to one or more Active Directory groups.

The Identity parameter specifies the new user, computer, or group to add. You can identify the user, group, or computer by its distinguished name (DN), GUID, security
identifier (SID), or SAM account name. You can also specify a user, group, or computer object variable, such as $<localGroupObject>, or pass an object through the pipeline
to the Identity parameter. For example, you can use the Get-ADGroup cmdlet to get a group object and then pass the object through the pipeline to the
Add-ADPrincipalGroupMembership cmdlet. Similarly, you can use Get-ADUser or Get-ADComputer to get user and computer objects to pass through the pipeline.

This cmdlet collects all of the user, computer and group objects from the pipeline, and then adds these objects to the specified group by using one Active Directory

The MemberOf parameter specifies the groups that receive the new member. You can identify a group by its distinguished name (DN), GUID, security identifier (SID), or
Security Accounts Manager (SAM) account name. You can also specify group object variable, such as $<localGroupObject>. To specify more than one group, use a comma-separated
list. You cannot pass group objects through the pipeline to the MemberOf parameter. To add to a group by passing the group through the pipeline, use the Add-ADGroupMember

For AD LDS environments, the Partition parameter must be specified except in the following two conditions:

-- The cmdlet is run from an Active Directory provider drive.

-- A default naming context or partition is defined for the AD LDS environment. To specify a default naming context for an AD LDS environment, set the
msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance.



Online Version: http://go.microsoft.com/fwlink/p/?linkid=291007




-------------------------- EXAMPLE 1 --------------------------

PS C:\>Add-ADPrincipalGroupMembership -Identity SQLAdmin1 -MemberOf DlgtdAdminsPSOGroup

This command adds the user with SamAccountName SQLAdmin1 to the group DlgtdAdminsPSOGroup.

-------------------------- EXAMPLE 2 --------------------------

PS C:\>Get-ADUser -Filter 'Name -like "*SvcAccount*"' | Add-ADPrincipalGroupMembership -MemberOf SvcAccPSOGroup

This command gets all users with SvcAccount in their name and adds it to the group SvcAccPSOGroup.

-------------------------- EXAMPLE 3 --------------------------

PS C:\>Add-ADPrincipalGroupMembership
cmdlet Add-ADPrincipalGroupMembership at command pipeline position 1
Supply values for the following parameters:
Identity: JeffPrice
MemberOf[0]: RodcAdmins
MemberOf[1]: Allowed RODC Password Replication Group

This command demonstrates the default behavior of this cmdlet, with no parameters specified.

-------------------------- EXAMPLE 4 --------------------------

PS C:\>Get-ADUser -Server localhost:60000 -SearchBase "DC=AppNC" -filter { Title -eq "Account Lead" -and Office -eq "Branch1" } | Add-ADPrincipalGroupMembership -MemberOf

This command adds all employees in Branch1 in the AD LDS instance localhost:60000 whose title is Account Lead to the group with the DistinguishedName