PowerShell - How do I add a User to an AD User Group using ADSI and alternate credentials

Question

I need to add a user to an AD Group using specific credentials and cannot figure this out.... Here's what I have so far which gives me an "unspecified error" retrieving member 'Add'. Must be done using ADSI as the AD module won't work in my scenario.

$CredsUserName = 'domain\user'
$CredsPassword = 'password'

$GroupPath = "LDAP://CN=<UserGroup>...."
$UserPath = "LDAP://CN=<UserDN>...."
$Group = [ADSI]$GroupPath
$User = [ADSI]$UserPath

$GroupArgs = New-Object -TypeName System.DirectoryServices.DirectoryEntry -ArgumentList $Group, "$CredsUserName", "$CredsPassword"

$GroupArgs.Add($User.adspath)

Stuart Squibb · Answer 1 · 2020-01-17T16:40:49.177

Try this:

$CredsUserName = 'domain\user'
$CredsPassword = 'password'
$Domain = "<FQDN of the AD domain>/"

$GroupPath = "CN=<UserGroup>...."
$UserPath = "CN=<UserDN>...."

$Group = [adsi]::new("LDAP://$($Domain)$($GroupPath)",$CredsUserName,$CredsPassword)
$Group.member.Add($UserPath)
$Group.CommitChanges()

You only need $Domain if the computer you are using isn't part of the AD domain that contains the group.

Regards,

Stuart.

PowerShell - How do I add a User to an AD User Group using ADSI and alternate credentials

1 Answers1