PowerShell: Bulk Add/Remove Users From Groups

KB ID 0001475

Problem

I had to do this a few weeks ago, so I documented it. I had a list of usernames in a CSV file and I needed to bulk-add them to a security group.

Bulk Add Group Users Solution

Firstly you will need the usernames (sAMAccountNames) in .csv format like so,  (Note: As a header Im using User-Name.) I’ve saved the file to C:\Temp on my server.

User Name CSV

Execute the following commands;

Import-Module ActiveDirectory 

Import-Csv -Path “C:\Temp\Users-To-Add.csv” | ForEach-Object {Add-ADGroupMember -Identity “Group-Name” -Members $_.’User-Name’}

Bulk add Users to Group

And there’s our users;

Bulk add Users from CSV

Bulk Remove Group Users Solution

Use the following command;

Import-Csv -Path “C:\Temp\Users-To-Remove.csv” | ForEach-Object {Remove-ADGroupMember -Identity “Group-Name” -Members $_.’User-Name’ -Confirm:$false}

Bulk remove Users from a Group

Now if we check the group, the users have gone;

Bulk remove Users from group with CSV

Related Articles, References, Credits, or External Links

PowerShell: Bulk Enable / Disable Users

Exchange Bulk Export / Import Mail Contacts

Bulk Export Users From One Domain, and Import Into Another

PowerShell: Add All Members of an OU to a Security Group

Author: PeteLong

Share This Post On

24 Comments

  1. What if i wanted to add users to multiple groups . For example if i had a list of sam account names and they needed to be addedd to multiple groups

    Post a Reply
    • Hi,
      Assuming you have Groups in a column called ‘Group’, and Users in a column called ‘User-Name’;

      $list = import-csv “C:\Folder\Input-File.csv”

      Foreach($user in $list){
      add-adgroupmember -identity $user.Group -member (Get-ADUser $user.User-Name)
      }

      Pete

      Post a Reply
      • This does not work, unless you enter the user-name in the column next to every single group you want it added to. Otherwise this will only add the user to the first group in the list. Error:
        Get-ADUser : Cannot validate argument on parameter ‘Identity’. The Identity property on the argument is null or empty.
        Do you know how to fix this? Thanks!

        Post a Reply
        • >>Assuming you have Groups in a column called ‘Group’,

          P

          Post a Reply
  2. I’m trying to do something similar. I have a list of AD groups I would like to remove all users from. I can do them individually, but can’t seem to get the format down to import a txt/cvs list of the groups, and then delete all the users from those groups. Any help would be appreciated.

    Post a Reply
  3. I get an error, why is that, ive followed your instructions.

    PS C:\temp> Import-Csv -Path “C:\Temp\Users-To-Remove.xlsx” | ForEach-Object {Remove-ADGroupMember -Identity “ESB Admins” -Member $_.’User-Name’ -Confirm:$false}

    Remove-ADGroupMember : Cannot validate argument on parameter ‘Members’. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.
    At line:1 char:119
    + … dmins” -Member $_.’User-Name’ -Confirm:$false}
    + ~~~~~~~~~~~~~~
    + CategoryInfo : InvalidData: (:) [Remove-ADGroupMember], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.RemoveADGroupMember

    Remove-ADGroupMember : Cannot validate argument on parameter ‘Members’. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.
    At line:1 char:119
    + … dmins” -Member $_.’User-Name’ -Confirm:$false}
    + ~~~~~~~~~~~~~~
    + CategoryInfo : InvalidData: (:) [Remove-ADGroupMember], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.RemoveADGroupMember

    Remove-ADGroupMember : Cannot validate argument on parameter ‘Members’. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.
    At line:1 char:119
    + … dmins” -Member $_.’User-Name’ -Confirm:$false}
    + ~~~~~~~~~~~~~~
    + CategoryInfo : InvalidData: (:) [Remove-ADGroupMember], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.RemoveADGroupMember

    Post a Reply
    • 1. Make sure that the users in you CSV are actually in ‘ESB Admins’.
      2. Make sure on their user account that they have a SAMAccountName and/or an entry under username.

      Post a Reply
  4. Add an s to the member clause “members”

    Post a Reply
    • Sorry Matt, I can’t see what you mean?

      P

      Post a Reply
      • Add-ADGroupMember and Remove-ADGroupMember both are using the parameter -Members.
        So, just a typo (missing “s”) in the examples above.

        Otherwise it works great. Thank you for this posting.

        Post a Reply
        • Hi Martin, unless the syntax has changed, then it’s using Member without an ‘s’ look at the screenshots?

          P

          Post a Reply
  5. Hi Guys
    just ran into the same problem and discovered that Martin is right. Changed -Member to -Members and everything worked fine (Windows Server 2019).

    Post a Reply
    • Hi Patrick, Thanks updated accordingly

      Post a Reply
      • It is completely unneccesary to loop over them as it accepts an array of users.

        $users = Get-Aduser -filter ”
        Add-ADGroupMember -members $users

        Post a Reply
  6. Also your input file extension is .xlsx and not.csv

    Post a Reply
  7. This is a great. Unfortunately it doesn’t work for users within child domains only users within current Domain. Is there any way of getting this method to work through entire forest?

    Post a Reply
  8. This is the easiest working PS command. Thank you.

    Post a Reply
  9. I have a list of users and need to remove them from all the AD groups. how to replace group name with any group?

    Post a Reply
  10. I am looking to add just under 100 users to a group, but when I try using this script I’m getting an error:

    Add-ADGroupMember : Cannot validate argument on parameter ‘Members’. The argument is null or empty. Provide an argument that is not null or empty,
    and then try the command again.
    At line:3 char:109
    + … ADGroupMember -Identity “License-O365-Basic” -Members $_.’User-Name’}
    + ~~~~~~~~~~~~~~
    + CategoryInfo : InvalidData: (:) [Add-ADGroupMember], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.AddADGroupMember

    I am still very new to PowerShell and apologize if this is actually a simple fix. I’m just on a time constraint and could really use some assistance to figure out what is wrong. Any assistance is greatly appreciated.

    Post a Reply
    • This is telling you that Members is returning ‘Null’. So nothing is getting ‘read in’.

      Post a Reply
  11. Hello Everyone,

    We are currently cleaning our AD environment and I need a Powershell script that find AD groups that have only Disabled users as members .
    Can anyone please help me with the script

    Post a Reply
  12. Great, Works perfectly fine !!

    Post a Reply

Submit a Comment

Your email address will not be published. Required fields are marked *