Skip to main content
PowerShellScripting

Using PowerShell to manage Active Directory Groups

It is common in my Citrix work that I need to create many groups and populate them. The groups will represent application access in Citrix. Now, of course I can create and populate the groups using the GUI Active Directory Users and Computers. For a single group this is OK but for many groups is is cumbersome and slow. This video will step you through how simple and quick PowerShell is to manage these tasks.

With PowerShell command prompt started on a member server in the domain or workstation with the Remote Server Administration features enabled for the Active Directory PowerShell modules we first need to load the correct module:

Import-Module ActiveDirectory

This will give us a PowerShell Drive assignment of AD: that links into the Active Directory forest domain to which we are authenticated. We can use this drive letter should we wish to view objects we create. For the moment we will look at creating the group.

New-AdGroup -Name Excel -Path "ou=Citrix,dc=text,dc=local" -GroupScope 1

The group scope can be 0, 1 or 2

  • 0 = DomainLocal
  • 1 = Global
  • 2 = Universal

Now we can populate the group:

Add-AdGroupMember -Identity Excel  -Members andrew, Joe

Should we need to remove members then:

Remove-ADGroupMember -Identity Excel -Members Joe

We can verify group membership with:

get-ADGroupMember -identity Excel

The video will provide a great basis for you managing your own groups in AD.