Hi,

I have tried to debuging your script there's something issue with the script it's fetching two groups for the User - $userserver.Domain. It might be impacting that the first group doesn't have the users.

Please try below script it might work.

#Validate if groupname is not empty
if (test-path env:\SNC_groupname) {
  $groupname = $env:SNC_groupname;
  $username = $env:SNC_username;
  $domainname = $env:SNC_domainname; 
  if($env:SNC_domainuser){
    $domainuser = $env:SNC_domainuser; 
  }else{
    $domainuser = $domainname; 
  }
};

#Normalize fields
 $groupname =   $groupname -replace "%27","'";
 $username =   $username -replace "%27","'";
 $domainname=   $domainname-replace "%27","'";
 $domainuser= $domainuser-replace "%27","'";
 
#Get the Domain of the User
$sam = $username 

if($domainname -eq $domainuser)
{
  $forest = (Get-ADForest).Name + ":3268"
}else
{
    $forest = $domainuser
}

$type = Get-ADObject -Filter 'SamAccountName -eq $username' -Server $forest | Select -Expand ObjectClass

 if($type -eq 'computer')
{
$userserver = Get-ADComputer -Filter 'SamAccountName -eq $sam' -Server $forest -Properties CanonicalName | Select @{N='Domain';E={($_.CanonicalName -split '/')[0]}}

#Grab User and Group objects to allow Cross-Domain adds
$User = Get-ADComputer $username -Server $userserver.Domain
$Group = Get-ADGroup $groupname -Server  $domainname 
Add-ADGroupMember -Identity $Group -Members $User -Server  $domainname  -credential $cred
}

if($type -eq 'user')
{
#$userserver = Get-ADUser -Filter 'SamAccountName -eq $sam' -Server $forest -Properties CanonicalName | Select @{N='Domain';E={($_.CanonicalName -split '/')[0]}}
#Grab User and Group objects to allow Cross-Domain adds
$User = Get-ADUser $username -Server $domainuser
$Group = Get-ADGroup $groupname -Server  $domainname 
Add-ADGroupMember -Identity $Group -Members $User -Server  $domainname  -credential $cred
#Get-ADGroupMember -Identity $Group
}

If my answer helps any way please mark it helpful.

Thanks,

Chaitanya