Windows OS Hub
  • Windows Server
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Group Policies
  • Windows Clients
    • Windows 10
    • Windows 8
    • Windows 7
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
  • PowerShell
  • Exchange
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Group Policies
  • Windows Clients
    • Windows 10
    • Windows 8
    • Windows 7
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
  • PowerShell
  • Exchange

 Windows OS Hub / Active Directory / Copy AD Group Membership to Another User in PowerShell

December 11, 2020 Active DirectoryPowerShell

Copy AD Group Membership to Another User in PowerShell

When you create a new user in an Active Directory domain, sometimes you need to make them a member of a large number of groups. It is quite tiresome to add a user to groups manually through the ADUC console, so it is easier to copy the group membership from one user to another using a PowerShell script. It is also convenient when an employee leaves your company department and you have to assign a new employee the same AD security groups.

Suppose, you need to copy the group membership from user jsanti and add a new user account (a.adams) to the same groups.

How to copy AD user group membership to another user

To run the following PoSh scripts, Active Directory for PowerShell module is used. You can install it as a part of RSAT toolkit or copy and import the AD PowerShell module manually without RSAT installation.

Get the list of groups of the source user using Get-ADUser cmdlet:

$getusergroups = Get-ADUser –Identity jsanti -Properties memberof | Select-Object -ExpandProperty memberof

get all AD groups that a user is a member of via PowerShell

To add a new user to the same groups, it is enough to send the list of groups to Add-ADGroupMember cmdlet via a pipe:

$getusergroups | Add-ADGroupMember -Members a.adams -verbose

To add a user to a domain security groups, run the commands under a domain administrator account or a user account that is delegated privileges to add users to AD groups.

Then make sure that a new user has been successfully added to the same groups as the source user:

Get-ADUser -Identity a.adams -Properties memberof | Select-Object -ExpandProperty memberof

You can use the Get-ADPrincipalGroupMembership generic cmdlet to copy group membership of any AD object (user, computer or group).

$userSource= “jsanti"
$userTarget=”a.adams”
$sourceGroups = Get-ADPrincipalGroupMembership -Identity $userSource
Add-ADPrincipalGroupMembership -Identity $userTarget -MemberOf $sourceGroups

You can use a PowerShell script that automatically writes a text log file containing the information about adding a user to groups:

$logfile="c:\LOG\CopyAdGroup.log"
$userSource= “jsanti"
$userTarget=”a.adams”
$Time = Get-Date
Add-content $logfile -value $Time -Encoding UTF8
Add-content $logfile -value "_______________"
Add-content $logfile -value "Copying AD groups from $userSource to $userTarget" -Encoding UTF8
$sourceGroups = (Get-ADPrincipalGroupMembership -Identity $userSource).SamAccountName
foreach ($group in $sourceGroups)
{
Add-content $logfile -value "Adding $userTarget to $group" -Encoding UTF8
try
{
$log=Add-ADPrincipalGroupMembership -Identity $userTarget -MemberOf $group
Add-content $logfile -value $log -Encoding UTF8
}
catch
{
Add-content $logfile $($Error[0].Exception.Message) -Encoding UTF8
Continue
}
}
Add-content $logfile -value "_______________"

PowerShell script to copy Active Directory security groups to another user

You can track adding users to AD groups in the domain controller security logs.

Another popular task is to copy all users from one domain group to another. To do it, you can use this PowerShell command:

Get-ADGroupMember "LA-GPO-Admins" | ForEach-Object {Add-ADGroupMember "LA-Server-Admins" -Members $_ }

You can use other ways to automatically add a user to AD groups depending on their position or other user attribute specified in AD. The following article provides an example of creating Active Directory dynamic groups.

0 comment
2
Facebook Twitter Google + Pinterest
previous post
How to Extend or Shrink Virtual Hard Disks on Hyper-V?
next post
Auditing Weak Passwords in Active Directory

Related Reading

Enable Windows Lock Screen after Inactivity via GPO

April 8, 2021

How to Create and Manage Scheduled Tasks with...

April 7, 2021

Updating Windows VM Templates on VMWare with PowerShell

April 5, 2021

Configuring a Domain Password Policy in the Active...

March 26, 2021

Using Native Package Manager (WinGet) on Windows 10

March 24, 2021

Leave a Comment Cancel Reply

Categories

  • Active Directory
  • Group Policies
  • Exchange
  • Windows 10
  • Windows 8
  • Windows 7
  • Windows Server 2016
  • Windows Server 2012 R2
  • Windows Server 2008 R2
  • PowerShell
  • VMWare
  • MS Office

Recent Posts

  • How to Disable NetBIOS and LLMNR Protocols in Windows Using GPO?

    April 9, 2021
  • Enable Windows Lock Screen after Inactivity via GPO

    April 8, 2021
  • How to Create and Manage Scheduled Tasks with PowerShell?

    April 7, 2021
  • Updating Windows VM Templates on VMWare with PowerShell

    April 5, 2021
  • Running Multiple IIS Websites on the Same Port or IP Address

    April 1, 2021
  • Can’t Copy and Paste via Remote Desktop (RDP) Clipboard

    March 31, 2021
  • UAC: This App Has Been Blocked for Your Protection on Windows 10

    March 30, 2021
  • How to Unlock a File Locked by Any Process or SYSTEM?

    March 29, 2021
  • Configuring a Domain Password Policy in the Active Directory

    March 26, 2021
  • Using Native Package Manager (WinGet) on Windows 10

    March 24, 2021

Follow us

woshub.com
  • Facebook
  • Twitter
  • RSS
Popular Posts
  • How to Configure Google Chrome Using Group Policy ADMX Templates?
  • Allow RDP Access to Domain Controller for Non-admin Users
  • Get-ADUser: Getting Active Directory Users Info via PowerShell
  • How to Find the Source of Account Lockouts in Active Directory domain?
  • Get-ADComputer: Find Computer Details in Active Directory with PowerShell
  • Configuring Proxy Settings on Windows Using Group Policy Preferences
  • Changing Desktop Background Wallpaper in Windows through GPO
Footer Logo

@2014 - 2018 - Windows OS Hub. All about operating systems for sysadmins


Back To Top