16.3 Add-DRAGroupMembers

Synopsis

Adds members to an existing Active Directory group managed by DRA.

Syntax

Add-DRAGroupMembers -Domain <String> [-Computers <String[]>] [-Contacts <String[]>] [-Gmsas <String[]>] [-Groups <String[]>] [-Users <String[]>] -Identifier <String> [-DRARestServer <String>] [-DRARestPort <Int32>] [-IgnoreCertificateErrors <SwitchParameter>] [-Force <SwitchParameter>] [-Timeout <Int32>] [<CommonParameters>]

Description

The Add-DRAGroupMembers cmdlet adds objects to a group managed by DRA. The requesting user must have one of the Modify Group Membership powers. The command accepts arrays of identifiers for each of the supported object types that can be members of a group: Contacts, Computers, Group Managed Service Accounts, Groups, and Users. At least one identifier must be specified.

IMPORTANT:Adding a synced user to a group associated with a Office 365 policy creates an Exchange Online mailbox for the synced user.

Parameters

Attribute / Description

Parameters / Values

Required

Position

Default Value

Accept Pipeline input?

Accept wildcard characters?

Computers [<String[]>]

An array of existing Active Directory computer identifiers to add to or remove from the group. An identifier can be either a name or a distinguished name.

false

named

 

true (ByPropertyName)

false

Contacts [<String>]

An array of existing Active Directory contact identifiers to add to or remove from the group. An identifier can be either a name or a distinguished name.

false

named

 

true (ByPropertyName)

false

Gmsas [<String[]>]

An array of existing Active Directory group managed service account identifiers to add to or remove from the group. An identifier can be either a name or a distinguished name. When an identifier is a name, an additional call to the DRA Server is made to query for the distinguished name.

false

named

 

true (ByPropertyName)

false

Groups [<String[]>]

An array of existing Active Directory group identifiers to add to or remove from the group. An identifier can be either a name or a distinguished name.

false

named

 

true (ByPropertyName)

false

Users [<String[]>]

An array of existing Active Directory user identifiers to add to or remove from the group. An identifier can be either a name or a distinguished name.

false

named

 

true (ByPropertyName)

false

Identifier <String>

The name or distinguished name of an existing Active Directory object. When the name is specified, an additional call to the DRA Server is needed to obtain the distinguished name for the object.

true

named

 

true (ByPropertyName)

false

Domain <String>

The domain of the object in fqdn format. For example: mydomain.corp

true

named

 

true (ByPropertyName)

false

DRARestServer [<String>]

The name of the computer running the DRA Rest Service. The requested DRA operation will execute on this server. If the parameter is not specified, the value defaults to 'localhost'.

false

named

 

true (ByPropertyName)

false

DRARestPort [<Int32>]

The port where the DRA REST Service listens for requests. If the parameter is not specified, the value defaults to 8755.

false

named

8755

true (ByPropertyName)

false

IgnoreCertificateErrors [<SwitchParameter>]

Allows the request to bypass any SSL certificate errors, such as the InvalidOperation error that occurs when the REST Service is bound to a self-signed certificate.

false

named

 

false

false

Force [<SwitchParameter>]

Suppresses any request for user input and supplies a 'yes' response. For example: -Force with a delete request will perform the delete without presenting the confirmation request to the user.

false

named

 

false

false

Timeout [<Int32>]

The number of seconds to wait before the request to the DRA REST server times out. To specify an infinite timeout, you can set this parameter to -1.

false

named

100 seconds

true (ByPropertyName)

false

<CommonParameters>

Verbose, Debug, ErrorAction, ErrorVariable, WarningAction, WarningVariable, OutBuffer, PipelineVariable, and OutVariable. For more information, see About CommonParameters.

 

 

 

 

 

NOTE:For more information, type "Get-Help Add-DRAGroupMembers -detailed". For technical information, type "Get-Help Add-DRAGroupMembers -full".

Example 16-7 1

PS C:\>Add-DRAGroupMembers -Identifier "CN=MyGroup,OU=XYZ,DC=MYDOMAIN,DC=corp"  -Domain "DRDOM610.lab" -Contacts "MyDomain.corp/OU-A/OU-A1/Contact02CN" -Computers "CN=TESTCREATE12,OU=XYZ-Child,OU=XYZ,DC=MYDOMAIN,DC=corp" -Gmsas "CN=GMSA123,CN=Managed Service Accounts,DC=MYDOMAIN,DC=corp" -Groups  "CN=TestGroup06,OU=Accounting,DC=MYDOMAIN,DC=corp" -Users "CN=User DN22,OU=Users,OU=ABC,OU=ABC-Parent,DC=MYDOMAIN,DC=corp", "CN=UserFriendly01,OU=XYZ-Child,OU=XYZ,DC=MYDOMAIN,DC=corp"

This example adds members to a group named MyGroup in Active Directory. Five members are listed: one each of Contacts, Computers, Group Managed Service Accounts, and Groups, and two Users.