Windows OS Hub
  • Windows Server
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Group Policies
  • Windows Clients
    • Windows 10
    • Windows 8
    • Windows 7
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
  • PowerShell
  • Exchange
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Group Policies
  • Windows Clients
    • Windows 10
    • Windows 8
    • Windows 7
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
  • PowerShell
  • Exchange

 Windows OS Hub / Active Directory / Copy AD Group Membership to Another User in PowerShell

December 11, 2020 Active DirectoryPowerShell

Copy AD Group Membership to Another User in PowerShell

When you create a new user in an Active Directory domain, sometimes you need to make them a member of a large number of groups. It is quite tiresome to add a user to groups manually through the ADUC console, so it is easier to copy the group membership from one user to another using a PowerShell script. It is also convenient when an employee leaves your company department and you have to assign a new employee the same AD security groups.

Suppose, you need to copy the group membership from user jsanti and add a new user account (a.adams) to the same groups.

How to copy AD user group membership to another user

To run the following PoSh scripts, Active Directory for PowerShell module is used. You can install it as a part of RSAT toolkit or copy and import the AD PowerShell module manually without RSAT installation.

Get the list of groups of the source user using Get-ADUser cmdlet:

$getusergroups = Get-ADUser –Identity jsanti -Properties memberof | Select-Object -ExpandProperty memberof

get all AD groups that a user is a member of via PowerShell

To add a new user to the same groups, it is enough to send the list of groups to Add-ADGroupMember cmdlet via a pipe:

$getusergroups | Add-ADGroupMember -Members a.adams -verbose

To add a user to a domain security groups, run the commands under a domain administrator account or a user account that is delegated privileges to add users to AD groups.

Then make sure that a new user has been successfully added to the same groups as the source user:

Get-ADUser -Identity a.adams -Properties memberof | Select-Object -ExpandProperty memberof

You can use the Get-ADPrincipalGroupMembership generic cmdlet to copy group membership of any AD object (user, computer or group).

$userSource= “jsanti"
$userTarget=”a.adams”
$sourceGroups = Get-ADPrincipalGroupMembership -Identity $userSource
Add-ADPrincipalGroupMembership -Identity $userTarget -MemberOf $sourceGroups

You can use a PowerShell script that automatically writes a text log file containing the information about adding a user to groups:

$logfile="c:\LOG\CopyAdGroup.log"
$userSource= “jsanti"
$userTarget=”a.adams”
$Time = Get-Date
Add-content $logfile -value $Time -Encoding UTF8
Add-content $logfile -value "_______________"
Add-content $logfile -value "Copying AD groups from $userSource to $userTarget" -Encoding UTF8
$sourceGroups = (Get-ADPrincipalGroupMembership -Identity $userSource).SamAccountName
foreach ($group in $sourceGroups)
{
Add-content $logfile -value "Adding $userTarget to $group" -Encoding UTF8
try
{
$log=Add-ADPrincipalGroupMembership -Identity $userTarget -MemberOf $group
Add-content $logfile -value $log -Encoding UTF8
}
catch
{
Add-content $logfile $($Error[0].Exception.Message) -Encoding UTF8
Continue
}
}
Add-content $logfile -value "_______________"

PowerShell script to copy Active Directory security groups to another user

You can track adding users to AD groups in the domain controller security logs.

Another popular task is to copy all users from one domain group to another. To do it, you can use this PowerShell command:

Get-ADGroupMember "LA-GPO-Admins" | ForEach-Object {Add-ADGroupMember "LA-Server-Admins" -Members $_ }

You can use other ways to automatically add a user to AD groups depending on their position or other user attribute specified in AD. The following article provides an example of creating Active Directory dynamic groups.

0 comment
1
Facebook Twitter Google + Pinterest
previous post
How to Extend or Shrink Virtual Hard Disks on Hyper-V?
next post
Auditing Weak Passwords in Active Directory

Related Reading

Windows 10: No Internet Connection After Connecting to...

January 13, 2021

Updating the PowerShell Version on Windows

December 24, 2020

Restoring Deleted Active Directory Objects/Users

December 21, 2020

Zabbix: Single Sign-On (SSO) Authentication in Active Directory

December 17, 2020

Auditing Weak Passwords in Active Directory

December 14, 2020

Leave a Comment Cancel Reply

Categories

  • Active Directory
  • Group Policies
  • Exchange
  • Windows 10
  • Windows 8
  • Windows 7
  • Windows Server 2016
  • Windows Server 2012 R2
  • Windows Server 2008 R2
  • PowerShell
  • VMWare
  • MS Office

Recent Posts

  • MS SQL Server 2019 Installation Guide: Basic Settings and Recommendations

    January 19, 2021
  • USB Device Passthrough (Redirect) to Hyper-V Virtual Machine

    January 15, 2021
  • Windows 10: No Internet Connection After Connecting to VPN Server

    January 13, 2021
  • Updating the PowerShell Version on Windows

    December 24, 2020
  • How to Enable and Configure User Disk Quotas in Windows?

    December 23, 2020
  • Restoring Deleted Active Directory Objects/Users

    December 21, 2020
  • Fix: Search Feature in Outlook is Not Working

    December 18, 2020
  • Zabbix: Single Sign-On (SSO) Authentication in Active Directory

    December 17, 2020
  • Preparing Windows for Adobe Flash End of Life on December 31, 2020

    December 15, 2020
  • Auditing Weak Passwords in Active Directory

    December 14, 2020

Follow us

woshub.com
  • Facebook
  • Twitter
  • RSS
Popular Posts
  • How to Configure Google Chrome Using Group Policy ADMX Templates?
  • Allow RDP Access to Domain Controller for Non-admin Users
  • Get-ADUser: Getting Active Directory Users Info via PowerShell
  • Get-ADComputer: Find Computer Details in Active Directory with PowerShell
  • How to Find the Source of Account Lockouts in Active Directory domain?
  • Changing Desktop Background Wallpaper in Windows through GPO
  • Restricting Group Policy with WMI Filtering
Footer Logo

@2014 - 2018 - Windows OS Hub. All about operating systems for sysadmins


Back To Top