PowerShell Logo Small

Add-ADPrincipalGroupMembership



This is the built-in help made by Microsoft for the command 'Add-ADPrincipalGroupMembership', in PowerShell version 3 - as retrieved from Windows version 'Microsoft Windows Server 2012 Standard' PowerShell help files on 2016-06-23.

For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.

SYNOPSIS

Adds a member to one or more Active Directory groups.

SYNTAX


Add-ADPrincipalGroupMembership [-Identity] <ADPrincipal> [-MemberOf] <ADGroup[]> [-AuthType <ADAuthType>] [-Credential <PSCredential>]
[-Partition <String>] [-PassThru [<SwitchParameter>]] [-Server <String>] [-Confirm [<SwitchParameter>]] [-WhatIf [<SwitchParameter>]]
[<CommonParameters>]



Search powershellhelp.space

DESCRIPTION


The Add-ADPrincipalGroupMembership cmdlet adds a user, group, service account, or computer as a new member to one or more Active Directory
groups.


The Identity parameter specifies the new user, computer, or group to add. You can identify the user, group, or computer by its distinguished
name (DN), GUID, security identifier (SID), or SAM account name. You can also specify a user, group, or computer object variable, such as
$<localGroupObject>, or pass an object through the pipeline to the Identity parameter. For example, you can use the Get-ADGroup cmdlet to get
a group object and then pass the object through the pipeline to the Add-ADPrincipalGroupMembership cmdlet. Similarly, you can use Get-ADUser
or Get-ADComputer to get user and computer objects to pass through the pipeline.


This cmdlet collects all of the user, computer and group objects from the pipeline, and then adds these objects to the specified group by
using one Active Directory operation.


The MemberOf parameter specifies the groups that receive the new member. You can identify a group by its distinguished name (DN), GUID,
security identifier (SID), or Security Accounts Manager (SAM) account name. You can also specify group object variable, such as
$<localGroupObject>. To specify more than one group, use a comma-separated list. You cannot pass group objects through the pipeline to the
MemberOf parameter. To add to a group by passing the group through the pipeline, use the Add-ADGroupMember cmdlet.


For AD LDS environments, the Partition parameter must be specified except in the following two conditions:


-The cmdlet is run from an Active Directory provider drive.


-A default naming context or partition is defined for the AD LDS environment. To specify a default naming context for an AD LDS environment,
set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance.



<

RELATED LINKS

Online Version: http://go.microsoft.com/fwlink/?LinkID=219288
Add-ADGroupMember
Get-ADComputer
Get-ADGroup
Get-ADGroupMember
Get-ADPrincipalGroupMembership
Get-ADUser
Remove-ADGroupMember
Remove-ADPrincipalGroupMembership

REMARKS

<

Examples


-------------------------- EXAMPLE 1 --------------------------

C:\PS>Add-ADPrincipalGroupMembership -Identity SQLAdmin1 -MemberOf DlgtdAdminsPSOGroup



Description

-----------

Adds the user with SamAccountName "SQLAdmin1" to the group "DlgtdAdminsPSOGroup".




-------------------------- EXAMPLE 2 --------------------------

C:\PS>Get-ADUser -Filter 'Name -like "*SvcAccount*"' | Add-ADPrincipalGroupMembership -MemberOf SvcAccPSOGroup



Description

-----------

Gets all users with "SvcAccount" in their name and adds it to the group "SvcAccPSOGroup".




-------------------------- EXAMPLE 3 --------------------------

C:\PS>Add-ADPrincipalGroupMembership

cmdlet Add-ADPrincipalGroupMembership at command pipeline position 1
Supply values for the following parameters:
Identity: JeffPrice
MemberOf[0]: RodcAdmins
MemberOf[1]: Allowed RODC Password Replication Group
MemberOf[2]:



Description

-----------

Demonstrates the default behavior of this cmdlet (no parameters specified).




-------------------------- EXAMPLE 4 --------------------------

C:\PS>Get-ADUser -Server localhost:60000 -SearchBase "DC=AppNC" -filter { Title -eq "Account Lead" -and Office -eq "Branch1" } |
Add-ADPrincipalGroupMembership -MemberOf "CN=AccountLeads,OU=AccountDeptOU,DC=AppNC"



Description

-----------

Adds all employees in "Branch1" in the AD LDS instance "localhost:60000" whose title is "Account Lead" to the group with the DistinguishedName
"CN=AccountLeads,OU=AccountDeptOU,DC=AppNC".