Windows OS Hub
  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu

 Windows OS Hub / Active Directory / Copy AD Group Membership to Another User in PowerShell

December 11, 2020 Active DirectoryPowerShell

Copy AD Group Membership to Another User in PowerShell

When you create a new user in an Active Directory domain, sometimes you need to make them a member of a large number of groups. It is quite tiresome to add a user to groups manually through the ADUC console, so it is easier to copy the group membership from one user to another using a PowerShell script. It is also convenient when an employee leaves your company department and you have to assign a new employee the same AD security groups.

Suppose, you need to copy the group membership from user jsanti and add a new user account (a.adams) to the same groups.

How to copy AD user group membership to another user

To run the following PoSh scripts, Active Directory for PowerShell module is used. You can install it as a part of RSAT toolkit or copy and import the AD PowerShell module manually without RSAT installation.

Get the list of groups of the source user using Get-ADUser cmdlet:

$getusergroups = Get-ADUser –Identity jsanti -Properties memberof | Select-Object -ExpandProperty memberof

get all AD groups that a user is a member of via PowerShell

To add a new user to the same groups, it is enough to send the list of groups to Add-ADGroupMember cmdlet via a pipe:

$getusergroups | Add-ADGroupMember -Members a.adams -verbose

To add a user to a domain security groups, run the commands under a domain administrator account or a user account that is delegated privileges to add users to AD groups.

Then make sure that a new user has been successfully added to the same groups as the source user:

Get-ADUser -Identity a.adams -Properties memberof | Select-Object -ExpandProperty memberof

You can use the Get-ADPrincipalGroupMembership generic cmdlet to copy group membership of any AD object (user, computer or group).

$userSource= “jsanti"
$userTarget=”a.adams”
$sourceGroups = Get-ADPrincipalGroupMembership -Identity $userSource
Add-ADPrincipalGroupMembership -Identity $userTarget -MemberOf $sourceGroups

You can use a PowerShell script that automatically writes a text log file containing the information about adding a user to groups:

$logfile="c:\LOG\CopyAdGroup.log"
$userSource= “jsanti"
$userTarget=”a.adams”
$Time = Get-Date
Add-content $logfile -value $Time -Encoding UTF8
Add-content $logfile -value "_______________"
Add-content $logfile -value "Copying AD groups from $userSource to $userTarget" -Encoding UTF8
$sourceGroups = (Get-ADPrincipalGroupMembership -Identity $userSource).SamAccountName
foreach ($group in $sourceGroups)
{
Add-content $logfile -value "Adding $userTarget to $group" -Encoding UTF8
try
{
$log=Add-ADPrincipalGroupMembership -Identity $userTarget -MemberOf $group
Add-content $logfile -value $log -Encoding UTF8
}
catch
{
Add-content $logfile $($Error[0].Exception.Message) -Encoding UTF8
Continue
}
}
Add-content $logfile -value "_______________"

PowerShell script to copy Active Directory security groups to another user

You can track adding users to AD groups in the domain controller security logs.

Another popular task is to copy all users from one domain group to another. To do it, you can use this PowerShell command:

Get-ADGroupMember "LA-GPO-Admins" | ForEach-Object {Add-ADGroupMember "LA-Server-Admins" -Members $_ }

You can use other ways to automatically add a user to AD groups depending on their position or other user attribute specified in AD. The following article provides an example of creating Active Directory dynamic groups.

1 comment
2
Facebook Twitter Google + Pinterest
previous post
How to Extend or Shrink Virtual Hard Disks on Hyper-V?
next post
Auditing Weak Passwords in Active Directory

Related Reading

Using PowerShell Behind a Proxy Server

July 1, 2022

Checking Windows Activation Status on Active Directory Computers

June 27, 2022

Configuring Multiple VLAN Interfaces on Windows

June 24, 2022

How to Disable or Enable USB Drives in...

June 24, 2022

Adding Domain Users to the Local Administrators Group...

June 23, 2022

1 comment

Mike April 14, 2021 - 3:15 am

hi , How can you skip the Domain User group when using this script ? It errors with a warning mentioning it can’t add user to Domain user due to the fact the user is already a member .

Reply

Leave a Comment Cancel Reply

Categories

  • Active Directory
  • Group Policies
  • Exchange Server
  • Microsoft 365
  • Azure
  • Windows 11
  • Windows 10
  • Windows 7
  • Windows Server 2019
  • Windows Server 2016
  • Windows Server 2012 R2
  • PowerShell
  • VMWare
  • Hyper-V
  • MS Office

Recent Posts

  • Using PowerShell Behind a Proxy Server

    July 1, 2022
  • How to Access VMFS Datastore from Linux, Windows, or ESXi?

    July 1, 2022
  • How to Deploy Windows 10 (11) with PXE Network Boot?

    June 27, 2022
  • Checking Windows Activation Status on Active Directory Computers

    June 27, 2022
  • Configuring Multiple VLAN Interfaces on Windows

    June 24, 2022
  • How to Disable or Enable USB Drives in Windows using Group Policy?

    June 24, 2022
  • Adding Domain Users to the Local Administrators Group in Windows

    June 23, 2022
  • Viewing a Remote User’s Desktop Session with Shadow Mode in Windows

    June 23, 2022
  • How to Create a Wi-Fi Hotspot on your Windows PC?

    June 23, 2022
  • Configuring SSH Public Key Authentication on Windows

    June 15, 2022

Follow us

woshub.com

ad

  • Facebook
  • Twitter
  • RSS
Popular Posts
  • How to Configure Google Chrome Using Group Policy ADMX Templates?
  • Get-ADUser: Find Active Directory User Info with PowerShell
  • Allow RDP Access to Domain Controller for Non-admin Users
  • How to Find the Source of Account Lockouts in Active Directory domain?
  • Get-ADComputer: Find Computer Details in Active Directory with PowerShell
  • Configuring Proxy Settings on Windows Using Group Policy Preferences
  • Deploy PowerShell Active Directory Module without Installing RSAT
Footer Logo

@2014 - 2018 - Windows OS Hub. All about operating systems for sysadmins


Back To Top