= Organization Change - Bulk AD Changes - Groups - Departments =

**Summary**: A few scripts to create bulk changes in AD groups or on users. \\
**Date**: Around 2017 \\
**Refactor**: 20 February 2025: Checked links and formatting. \\
{{tag>ad powershell}}

The scripts below will give you a taste of adding or removing groups based on a CSV inputfile.

= Add Users to Group =

<code powershell>
### Quick script for adding users in to groups based on a CSV input file

Start-Transcript "outputfileadd.log"

### CSV Variables
### CSV Format
### Header: UserSamAccountName,GroupSamAccountName
### Datalines: samaccountname,samaccountname
$csvfile = "\\filerepository\dfs\SCRIPT_REPOSITORY$\Organizational changes\orgchangeinput-add.csv"

### Get all changes from inputfile
$changes = Import-CSV $csvfile

### Get number of changes
$changescount = $changes.count
Write-host "Number of changes in csv: $changescount " -ForegroundColor green

Read-Host -Prompt 'You are about to add group memberships to AD. If you are sure, press ENTER to continue or close the script to cancel'

ForEach ($change in $changes){
  $usersam = $change.UserSamAccountName
  $groupsam = $change.GroupSamAccountName
  #Check for valid user
  if (Get-ADObject -Filter {objectClass -eq "user" -and samAccountName -eq $usersam}){
    #User is valid
    #now check for valid group
    if (Get-ADObject -Filter {objectClass -eq "group" -and samAccountName -eq $groupsam}){
      #Group is valid, we can add the user to the group
      Add-ADGroupMember -Identity $groupsam -Members $usersam -Confirm:$false
      Write-Host "Success. Added $usersam to $groupsam" -ForegroundColor green
    }else{
      # Group is not valid
      Write-Host "Failed. $groupsam is not a valid Group SamAccountName" -ForegroundColor red
    }
  }else{
  #user is not valid
  Write-Host "Failed. $usersam is not a valid User SamAccountName" -ForegroundColor red
  }
}

Stop-Transcript
</code>

= Remove Users from Group =

<code powershell>
### Quick script for adding users in to groups based on a CSV input file

Start-Transcript "outputfileremove.log"

### CSV Variables
### CSV Format
### Header: UserSamAccountName,GroupSamAccountName
### Datalines: samaccountname,samaccountname
$csvfile = "\\filerepository\dfs\SCRIPT_REPOSITORY$\Organizational changes\orgchangeinput-remove.csv"

### Get all changes from inputfile
$changes = Import-CSV $csvfile

### Get number of changes
$changescount = $changes.count
Write-host "Number of changes in csv: $changescount " -ForegroundColor green

Read-Host -Prompt 'You are about to remove group memberships to AD. If you are sure, press ENTER to continue or close the script to cancel'

ForEach ($change in $changes){
  $usersam = $change.UserSamAccountName
  $groupsam = $change.GroupSamAccountName
  #Check for valid user
  if (Get-ADObject -Filter {objectClass -eq "user" -and samAccountName -eq $usersam}){
    #User is valid
    #now check for valid group
    if (Get-ADObject -Filter {objectClass -eq "group" -and samAccountName -eq $groupsam}){
      #Group is valid, we can add the user to the group
      Remove-ADGroupMember -Identity $groupsam -Members $usersam -Confirm:$false
      Write-Host "Success. Removed $usersam from $groupsam" -ForegroundColor green
    }else{
      # Group is not valid
      Write-Host "Failed. $groupsam is not a valid Group SamAccountName" -ForegroundColor red
    }
  }else{
  #user is not valid
  Write-Host "Failed. $usersam is not a valid User SamAccountName" -ForegroundColor red
  }
}
Stop-Transcript
</code>

= Change Department =

<code powershell>
### Quick script for adding users in to groups based on a CSV input file

Start-Transcript "outputfiledepartment.log"

### CSV Variables
### CSV Format
### Header: UserSamAccountName,DepartmentName
### Datalines: samaccountname,department
$csvfile = "\\networkstorage\dfs\SCRIPT_REPOSITORY$\Org changes\2019-March\departmentinput.csv"

### Get all changes from inputfile
$changes = Import-CSV $csvfile

### Get number of changes
$changescount = $changes.count
Write-host "Number of changed departments in csv: $changescount " -ForegroundColor green

Read-Host -Prompt 'You are about to add change departments for users in AD. If you are sure, press ENTER to continue or close the script to cancel'

ForEach ($change in $changes){
  $usersam = $change.UserSamAccountName
  $department = $change.DepartmentName
  #Get Current department
  $user = Get-ADUser $usersam -properties samaccountname,department
  $currentdepartment = $user.department
  Write-host "$usersam : Change $currentdepartment to $department " -ForegroundColor green
  Set-ADUser $usersam -Department $department
}
Stop-Transcript
</code>

= Check =

<code powershell>
# get all ad users
$adusers = Get-ADUser -Filter * -properties * -SearchBase "OU=Users,OU=DELFT,DC=ad,DC=shift,DC=com"

$csv = "orgcheck.csv"

$allusers = @()

Foreach ($user in $adusers){
  $userinfo = "" | select Name,SamAccountName,Department,Title,enabled,Groups
  $userinfo.name = $user.name
  $sam = $user.samaccountname
  $userinfo.samaccountname = $sam
  $userinfo.department = $user.department
  $userinfo.title = $user.title
  $userinfo.enabled = $user.enabled
  $groups = "No group Membership"
  $groups = Get-ADUser $sam -Properties memberof | select -ExpandProperty memberof
  $allgroups = $groups -join '; '
  $userinfo.groups = $allgroups
  $allusers += $userinfo
}

$allusers | export-csv -notypeinformation $csv

Send-MailMessage -To "sjoerd_getshifting.com" -From "sjoerd_getshifting.com" -SmtpServer "smtp" -Subject "Org change controle csv" -Body "See attachment" -BodyAsHtml -Attachments $csv
</code>