JSI Tip 9920. How can I add the users of an Organizational Unit (OU) to a group?

Using the Active Directory command-line tools, I have scripted OUUsr2Grp.bat to add all the users in an OU to a group that you specify. If the group does NOT exist, it will be created as a global security group.

The syntax for using OUUsr2Grp.bat is:

OUUsr2Grp "OU" "Group"


OU     is the distinguished name of the OU, like "OU=West_Coast,DC=JSIINC,DC=COM".

Group" is the distinguished name of the group, like "CN=West_Coast_Users,OU=West_Coast,DC=JSIINC,DC=COM"
OUUsr2Grp.bat contains:
@echo off
if \{%2\}==\{\} @echo Syntax: OUUsr2Grp "OU" "Group"&goto :EOF
set ou=%1
set group=%2
set GRP="NONE"
call :chkgrp>nul 2>&1
if %GRP% EQU "NONE" @echo Syntax: OUUsr2Grp %ou% %group% - %group% could not be added.&endlocal&goto :EOF
for /f "Tokens=*" %%u in ('dsquery user %ou%') do (
 call :add2grp %%u>nul 2>&1
goto :EOF
dsadd group %group% -desc "Added using OUUsr2Grp.bat by %UserName%"
for /f "Tokens=*" %%g in ('dsquery group %group%') do (
 set GRP=%%g
goto :EOF
dsmod group %GRP% -addmbr %1

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.