Hi everybody!

I have a little problem with the Add-ADPrincipalGroupMembership cmdlet.
If I run following command it will add the user "wuha" to the group "s_muiger" as expected.

Add-ADPrincipalGroupMembership -Identity wuha -MemberOf s_muiger

But if I'm running the command again, there will be no warning message. And that's my problem. Why isn't there any warning that the user already is member of the group?!

If I try adding the user to the "Domain Users" group (which is the primary group) I'll get the warning message that it was not possible to add the user to the group because it already is meber of the group.

I tried to use the "-WarningAction" parameter with "Continue" or "Inquire" but that doesn't work.
I also checked the $WarningPreference Variable but it also is et on "Continue".

Has anybody any ideas why I don't get a warning?
Thank you!

Michael

Post this query in Connect as feedback

Alternatively you can try below

try {
    Add-ADPrincipalGroupMembership -identity Wuha -ea stop
    }
catch {
    write-warning 'Already a member'
    }

Hi Chen!

I already have tried something similar, but that cannot work because it isn't marked as an error. The command runs successfully even if the user already is member of the group.

When I check the $? - variable it always says "True"

The strange thing is, that the warning message will appear for the "Domain Users" group but not for the other ones.

Meanwhile I'm using a workaround which filters out the groups the user already is member of before adding the new groups.

That is the way the CmdLet is designed.  It makes no difference if the member already exists however, if you try to alter the Primary Group, you will get an error. The only solution is to test first.

Hi jrv,

is that so? But why then there is following warning message implemented?

"Error is: Either the specified user account is already member of the specified group, or the specified group cannot be deleted because it contains a member".

That will be the warning message that appears if I try to add the user to the "Domain Users" group.
I already thought about it that it may has something to do with the Primary Group but then, the warning text makes no sense for me.

But you said: "But if I'm running the command again, there will be no warning message. And that's my problem. Why isn't there any warning that the user already is member of the group?!"

What question is it that you are asking?

The question is why I don't get a warning message when I try to add an user to a group he already is member of?!

This is actually hard to explain because of the way you are arguing it. Nearly every account has "Domain Users" as a "default primary".  If you try to change that in any way it will throw an error/warning.  This is by design.  Any time you try to add a user to that particular group it is likely to cause the warning.

The same is true if a user has a different group as the default primary.  Adding that user to that group will trigger the warning.  Adding a user to any group that is not chosen as the primary will never cause an error or warning if they already belong.  That is also by design.

Don't worry about it.  It confuses me too.

The question is why I don't get a warning message when I try to add an user to a group he already is member of?!

Because that is the way it is designed.  If you think about it for a while you will see that this behavior is sensible because we tend to do batch adds and removes of users from groups during normal operations.  With this design we don't have to worry about adding the same user more than once to the same group.

Ok, I understand this, thank you for your explanation.

But I think there should be a warning anyway.
If you don't like the warning you easily can surpress it.

Thank you again!

Michael