Knowledge Base

Our dedicated Product Specialist team is always ready to help you when you need it the most. Contact Support

Add one computer object to many AD groups

I recently visited a Specops Deploy customer that was migrating from Windows 7 to Windows 10.  As a part of the preparations, they went through their Deploy App targets to make sure that the correct application would be rolled out to the new Windows 10 machines.

Since they had only used Windows 7, they were using a single target based on the computer OU in Active Directory. In other words, all standard application deployments on the same target. Going forward, they wanted to split everything into one target for each deployment, and all targets based on a security group in AD.

This was easily done using Specops Deploy App. We simply exported all Deployments and associated computer names, and put the computers in the newly created security groups. Afterwards, we changed the target for each deployment from the old OU-based target to the new targets based on security groups.

This will of course make the pre-staging of new computers a bit more time consuming as you will need to make the computer a member of the security groups so that the applications can be installed.

Here is a script you can use to make a computer account a member of many security groups. It uses a text file that contains all the security group names.

function Add-ComputerToGroups {
[CmdletBinding()]
param(

    [Parameter(Mandatory=$true)]
    [ValidateNotNullOrEmpty()]
    [string]$ComputerName,

    [Parameter(Mandatory=$true)]
    [ValidateNotNullOrEmpty()]
    [string]$FileNameWithGroupNames
)

    if ($Host.Name -eq 'Windows PowerShell ISE Host')
    {
      $Host.PrivateData.ErrorForegroundColor = 'Pink'
    }
    if ($Host.Name -eq 'ConsoleHost')
    {
      $Host.PrivateData.ErrorForegroundColor = 'Cyan'
    }


    # Stop the script if an error occurs
    $ErrorActionPreference = 'Stop'

    # Show messages with Write-Verbose
    $VerbosePreference = 'Continue'

    Write-Verbose "Getting computer $ComputerName"
    $computer = Get-ADComputer $ComputerName
    Write-Verbose "Found computer $ComputerName"

    Get-Content $FileNameWithGroupNames | where { -not [string]::IsNullOrEmpty($_) } | foreach {
        Write-Verbose "Getting group $_"
        Add-ADGroupMember $_ $computer.DistinguishedName
        Write-Verbose "Adding $ComputerName to group $_ succeeded"
    }

}

Add-ComputerToGroups -ComputerName 'CLIENT17' -FileNameWithGroupNames 'C:\Temp\Groups.txt'

The text file Groups.txt should only have the security group name in it, one name per line with no comma or other separation character.

Happy Deployment!

Publication date: July 14, 2016
Modification date: October 30, 2023

Was this article helpful?
Yes No

Related Articles