I will regroup in this post ways to deal with users and groups within an active directory domain.
Add all users of a specific OU to a specific security group
In this example, we set all users of the HR group to be part of the HR security group:
Get-ADUser -SearchBase 'OU=RH,OU=Domain Users,DC=corp,DC=fevio,DC=fr' -Filter * | ForEach-Object {Add-ADGroupMember -Identity 'Service - HR' -Members $_ }Batch set a specific setting to a whole OU (recursively)
Here, we set all our user in order to prevent them from changing their password (That was used during a migration). The way I used here was a bit different:
Get-ADUser -filter * -searchbase "OU=Domain Users,DC=corp,DC=fevio,DC=fr" |
set-aduser -CannotChangePassword $True