Skip to content
February 27, 2026 Junior (1-3 years) Script Drop

Active Directory Group Management Scripts

PowerShell scripts for managing Active Directory groups. Add/remove members, create groups, and bulk operations.

Active Directory Group Management Scripts

Managing AD groups is a daily task. These scripts make it fast and consistent.

Add User to Group

<#
.SYNOPSIS
    Add user to security group
#>
param(
    [Parameter(Mandatory=$true)]
    [string]$Username,
    
    [Parameter(Mandatory=$true)]
    [string]$GroupName
)

try {
    Add-ADGroupMember -Identity $GroupName -Members $Username -ErrorAction Stop
    Write-Host "Added $Username to $GroupName" -ForegroundColor Green
}
catch {
    Write-Host "Error: $($_.Exception.Message)" -ForegroundColor Red
}

Remove User from Group

<#
.SYNOPSIS
    Remove user from group
#>
param(
    [Parameter(Mandatory=$true)]
    [string]$Username,
    
    [Parameter(Mandatory=$true)]
    [string]$GroupName
)

Remove-ADGroupMember -Identity $GroupName -Members $Username -Confirm:$false
Write-Host "Removed $Username from $GroupName"

List Group Members

<#
.SYNOPSIS
    Get all members of a group
#>
param(
    [Parameter(Mandatory=$true)]
    [string]$GroupName
)

Get-ADGroupMember -Identity $GroupName | 
    Select-Object Name, SamAccountName, objectClass |
    Format-Table

Create Group with Owners

<#
.SYNOPSIS
    Create AD security group
#>
param(
    [Parameter(Mandatory=$true)]
    [string]$GroupName,
    
    [Parameter(Mandatory=$true)]
    [string]$Description,
    
    [Parameter(Mandatory=$false)]
    [string]$OU = "CN=Users"
)

$Params = @{
    Name = $GroupName
    SamAccountName = $GroupName
    GroupCategory = "Security"
    GroupScope = "Global"
    Description = $Description
    Path = "OU=Groups,$((Get-ADDomain).DistinguishedName)"
    DisplayName = $GroupName
}

New-ADGroup @Params
Write-Host "Created group: $GroupName"

Bulk Add Members from CSV

<#
.SYNOPSIS
    Add multiple users to group from CSV
#>
param(
    [Parameter(Mandatory=$true)]
    [string]$GroupName,
    
    [Parameter(Mandatory=$true)]
    [string]$CSVPath
)

$Members = Import-Csv $CSVPath

foreach ($Member in $Members) {
    try {
        Add-ADGroupMember -Identity $GroupName -Members $Member.Username -ErrorAction Stop
        Write-Host "Added: $($Member.Username)" -ForegroundColor Green
    }
    catch {
        Write-Host "Failed: $($Member.Username) - $($_.Exception.Message)" -ForegroundColor Red
    }
}

Find Empty Groups

<#
.SYNOPSIS
    Find groups with no members
#>

Get-ADGroup -Filter * | Where-Object {
    (Get-ADGroupMember -Identity $_.SamAccountName -ErrorAction SilentlyContinue).Count -eq 0
} | Select-Object Name, SamAccountName

Group Membership Report

<#
.SYNOPSIS
    Generate group membership report
#>
param(
    [Parameter(Mandatory=$true)]
    [string]$OutputPath
)

$Groups = Get-ADGroup -Filter *

$Report = foreach ($Group in $Groups) {
    $Members = Get-ADGroupMember -Identity $Group.SamAccountName -ErrorAction SilentlyContinue
    
    [PSCustomObject]@{
        GroupName = $Group.Name
        MemberCount = $Members.Count
        Members = ($Members.Name -join ", ")
    }
}

$Report | Export-Csv -Path $OutputPath -NoTypeInformation
Write-Host "Report saved to: $OutputPath"

Wrap-Up

These scripts cover the most common AD group operations. Save them to your toolkit.

Questions? Drop them below!

#powershell #active-directory #groups #security-groups #script
Was this helpful?