0

I am trying to create five Active Directory Users (Manager1, Manager2, etc) and put them in an OU called Managers. I started by creating the OU manually in Active Directory Users and Computers. Then, I tried running the script but got this error:

"Add-ADGroupMember : Either the specified user account is already a member of the specified group, or the specified group cannot be deleted because it contains a member At (the path to the .ps1 file)

Here is my script:

Import-Module ActiveDirectory
$totalusers = 5
for ($i=0; $i -lt $totalusers; $i++) 
 { 
 $userID = "{0:00}" -f ($i + 1)
 $userName = "Manager$userID"

 Write-Host "Creating AD user" ($i + 1) "of" $totalusers ":" $userName

New-ADUser `
 -Name $userName  `
 -Path  "OU=Managers,DC=dsu,DC=com" `
 -SamAccountName $userName `
 -AccountPassword (ConvertTo-SecureString "MyPassword123" -AsPlainText -Force) `
 -Enabled $true
 Add-ADGroupMember "Domain Users" $userName;
}
paulb
  • 1
  • 1

1 Answers1

3

New active directory users are automatically added into the "Domain Users" group. You can see a simple example below:

PS C:\temp> New-ADUser webejammin 

PS C:\temp> Get-ADUser webejammin -Properties memberof


DistinguishedName : CN=webejammin,CN=Users,DC=BA,DC=NET
Enabled           : False
GivenName         : 
MemberOf          : {}

Wait? I thought I said they were automatically added to the group. So why is the memberof empty? Well the users PrimaryGroup contains the answer. 

PS C:\temp> (Get-ADUser webejammin -Properties primarygroup).PrimaryGroup
CN=Domain Users,CN=Users,DC=BA,DC=NET

That is why you get the error you see. The group is there at user creation

Matt
  • 45,022
  • 8
  • 78
  • 119