This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 67%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWS%3C/text%3E%3C/svg%3E)
Hi,
The script below keeps dropping into the 'Automation has failed...' else statement once a user has been added into a security group. I can see that the user has been added but need the additional check to write the output as these outputs are being used in a workflow in ServiceNow to determine the next action to be taken.
I'm not a windows administrator and don't use PS that often but the logic looks sound to me. Wondering if I need to 'wait' a certain amount of time to do the additional check to give the domain controllers chance to replicate? Hench it coming back as a failure?
Appreciate any assistance.
# Get the user and group information
$user = get-aduser $UserName -server $UserController -credential $MyCredentials
$group = get-adgroup $GroupName -server $DomainController -credential $MyCredentials
$members = Get-ADGroupMember -server $DomainController -credential $MyCredentials -Identity $GroupName -Recursive |Select -ExpandProperty distinguishedName
# Check group membership
If ($members -contains $user) {
Write-Host("User exists in the group")
}
Else
{
Set-ADObject -identity $group -add @{member=$user.DistinguishedName} -server $DomainController -credential $MyCredentials
If ($members -contains $user) {
Write-Host("User successfully added to group")
}
Else {
Write-Host("Automation has failed, user not added to group")
}
}
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 52%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJB%3C/text%3E%3C/svg%3E)
I stumbled across this and I think I know where the problem is. Your $members variable is not refreshed after you've added the member.
You should copy the line:
$members = Get-ADGroupMember -server $DomainController -credential $MyCredentials -Identity $GroupName -Recursive |Select -ExpandProperty distinguishedName
and paste it after the Set-ADObject... line, so that the membership is refreshed into the variable before it is checked again.
Also you can use add-adgroupmember instead of set-adobject, if you desire.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 74%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERM%3C/text%3E%3C/svg%3E)
This line: If ($members -contains $user) {
Should be: If ($members -contains $user.distinguishedname) {
This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Comments have been turned off. Learn more