Adds members to an existing Active Directory group managed by DRA.
Add-DRAGroupMembers -Domain <String> [-Computers <String[]>] [-Contacts <String[]>] [-Gmsas <String[]>] [-Groups <String[]>] [-Users <String[]>] -Identifier <String> [-DRARestServer <String>] [-DRARestPort <Int32>] [-IgnoreCertificateErrors <SwitchParameter>] [-Force <SwitchParameter>] [-Timeout <Int32>] [<CommonParameters>]
The Add-DRAGroupMembers cmdlet adds objects to a group managed by DRA. The requesting user must have one of the Modify Group Membership powers. The command accepts arrays of identifiers for each of the supported object types that can be members of a group: Contacts, Computers, Group Managed Service Accounts, Groups, and Users. At least one identifier must be specified.
IMPORTANT:Adding a synced user to a group associated with a Office 365 policy creates an Exchange Online mailbox for the synced user.
Attribute / Description |
Parameters / Values |
||||
---|---|---|---|---|---|
Required |
Position |
Default Value |
Accept Pipeline input? |
Accept wildcard characters? |
|
Computers [<String[]>] An array of existing Active Directory computer identifiers to add to or remove from the group. An identifier can be either a name or a distinguished name. |
false |
named |
|
true (ByPropertyName) |
false |
Contacts [<String>] An array of existing Active Directory contact identifiers to add to or remove from the group. An identifier can be either a name or a distinguished name. |
false |
named |
|
true (ByPropertyName) |
false |
Gmsas [<String[]>] An array of existing Active Directory group managed service account identifiers to add to or remove from the group. An identifier can be either a name or a distinguished name. When an identifier is a name, an additional call to the DRA Server is made to query for the distinguished name. |
false |
named |
|
true (ByPropertyName) |
false |
Groups [<String[]>] An array of existing Active Directory group identifiers to add to or remove from the group. An identifier can be either a name or a distinguished name. |
false |
named |
|
true (ByPropertyName) |
false |
Users [<String[]>] An array of existing Active Directory user identifiers to add to or remove from the group. An identifier can be either a name or a distinguished name. |
false |
named |
|
true (ByPropertyName) |
false |
Identifier <String> The name or distinguished name of an existing Active Directory object. When the name is specified, an additional call to the DRA Server is needed to obtain the distinguished name for the object. |
true |
named |
|
true (ByPropertyName) |
false |
Domain <String> The domain of the object in fqdn format. For example: mydomain.corp |
true |
named |
|
true (ByPropertyName) |
false |
DRARestServer [<String>] The name of the computer running the DRA Rest Service. The requested DRA operation will execute on this server. If the parameter is not specified, the value defaults to 'localhost'. |
false |
named |
|
true (ByPropertyName) |
false |
DRARestPort [<Int32>] The port where the DRA REST Service listens for requests. If the parameter is not specified, the value defaults to 8755. |
false |
named |
8755 |
true (ByPropertyName) |
false |
IgnoreCertificateErrors [<SwitchParameter>] Allows the request to bypass any SSL certificate errors, such as the InvalidOperation error that occurs when the REST Service is bound to a self-signed certificate. |
false |
named |
|
false |
false |
Force [<SwitchParameter>] Suppresses any request for user input and supplies a 'yes' response. For example: -Force with a delete request will perform the delete without presenting the confirmation request to the user. |
false |
named |
|
false |
false |
Timeout [<Int32>] The number of seconds to wait before the request to the DRA REST server times out. To specify an infinite timeout, you can set this parameter to -1. |
false |
named |
100 seconds |
true (ByPropertyName) |
false |
<CommonParameters> Verbose, Debug, ErrorAction, ErrorVariable, WarningAction, WarningVariable, OutBuffer, PipelineVariable, and OutVariable. For more information, see About CommonParameters. |
|
|
|
|
|
NOTE:For more information, type "Get-Help Add-DRAGroupMembers -detailed". For technical information, type "Get-Help Add-DRAGroupMembers -full".
Example 16-7 1
PS C:\>Add-DRAGroupMembers -Identifier "CN=MyGroup,OU=XYZ,DC=MYDOMAIN,DC=corp" -Domain "DRDOM610.lab" -Contacts "MyDomain.corp/OU-A/OU-A1/Contact02CN" -Computers "CN=TESTCREATE12,OU=XYZ-Child,OU=XYZ,DC=MYDOMAIN,DC=corp" -Gmsas "CN=GMSA123,CN=Managed Service Accounts,DC=MYDOMAIN,DC=corp" -Groups "CN=TestGroup06,OU=Accounting,DC=MYDOMAIN,DC=corp" -Users "CN=User DN22,OU=Users,OU=ABC,OU=ABC-Parent,DC=MYDOMAIN,DC=corp", "CN=UserFriendly01,OU=XYZ-Child,OU=XYZ,DC=MYDOMAIN,DC=corp"
This example adds members to a group named MyGroup in Active Directory. Five members are listed: one each of Contacts, Computers, Group Managed Service Accounts, and Groups, and two Users.