Windows OS Hub
  • Windows
    • Windows 11
    • Windows 10
    • Windows Server 2025
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
  • Microsoft
    • Active Directory (AD DS)
    • Group Policies (GPOs)
    • Exchange Server
    • Azure and Microsoft 365
    • Microsoft Office
  • Virtualization
    • VMware
    • Hyper-V
    • Proxmox
  • PowerShell
  • Linux
  • Home
  • About

Windows OS Hub

  • Windows
    • Windows 11
    • Windows 10
    • Windows Server 2025
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
  • Microsoft
    • Active Directory (AD DS)
    • Group Policies (GPOs)
    • Exchange Server
    • Azure and Microsoft 365
    • Microsoft Office
  • Virtualization
    • VMware
    • Hyper-V
    • Proxmox
  • PowerShell
  • Linux

 Windows OS Hub / Active Directory / Copy AD Group Membership to Another User in PowerShell

March 15, 2024

Copy AD Group Membership to Another User in PowerShell

When you create a new user in an Active Directory domain, sometimes you need to make them a member of a large number of groups. It is quite tiresome to add a user to groups manually through the ADUC console, so it is easier to copy the group membership from one user to another using a PowerShell script. It is also convenient when an employee leaves your company department and you have to assign a new employee to the same AD security groups.

Suppose, you need to copy the group membership from the user jsanti and add a new user account (a.adams) to the same groups.

How to copy AD user group membership to another user

To run the following PoSh scripts, the Active Directory for PowerShell module is used. You can install it as a part of RSAT.

Get the list of groups of the source user using Get-ADUser cmdlet:

$getusergroups = Get-ADUser –Identity jsanti -Properties memberof | Select-Object -ExpandProperty memberof

get all AD groups that a user is a member of via PowerShell

To add a new user to the same groups, it is enough to send the list of groups to Add-ADGroupMember cmdlet via a pipe:

$getusergroups | Add-ADGroupMember -Members a.adams -verbose

To add a user to a domain security groups, run the commands under a domain administrator account or a user account that is delegated privileges to add users to AD groups.

Then make sure that a new user has been successfully added to the same groups as the source user:

Get-ADUser -Identity a.adams -Properties memberof | Select-Object -ExpandProperty memberof

You can use the Get-ADPrincipalGroupMembership generic cmdlet to copy group membership of any AD object (user, computer or group).

$userSource= “jsanti"
$userTarget=”a.adams”
$sourceGroups = Get-ADPrincipalGroupMembership -Identity $userSource
Add-ADPrincipalGroupMembership -Identity $userTarget -MemberOf $sourceGroups

You can use a PowerShell script that automatically writes a text log file containing the information about adding a user to groups:

$logfile="c:\LOG\CopyAdGroup.log"
$userSource= “jsanti"
$userTarget=”a.adams”
$Time = Get-Date
Add-content $logfile -value $Time -Encoding UTF8
Add-content $logfile -value "_______________"
Add-content $logfile -value "Copying AD groups from $userSource to $userTarget" -Encoding UTF8
$sourceGroups = (Get-ADPrincipalGroupMembership -Identity $userSource).SamAccountName
foreach ($group in $sourceGroups)
{
Add-content $logfile -value "Adding $userTarget to $group" -Encoding UTF8
try
{
$log=Add-ADPrincipalGroupMembership -Identity $userTarget -MemberOf $group
Add-content $logfile -value $log -Encoding UTF8
}
catch
{
Add-content $logfile $($Error[0].Exception.Message) -Encoding UTF8
Continue
}
}
Add-content $logfile -value "_______________"

PowerShell script to copy Active Directory security groups to another user

You can track adding users to AD groups in the domain controller security logs.

Another popular task is to copy all users from one domain group to another. To do it, you can use this PowerShell command:

Get-ADGroupMember "LA-GPO-Admins" | ForEach-Object {Add-ADGroupMember "LA-Server-Admins" -Members $_ }

You can use other ways to automatically add a user to AD groups depending on their position or other user attribute specified in AD. The following article provides an example of creating Active Directory dynamic groups.

1 comment
6
Facebook Twitter Google + Pinterest
Active DirectoryPowerShell
previous post
How to Extend or Shrink Virtual Hard Disks on Hyper-V?
next post
Restore Deleted Objects (Users) in Active Directory

Related Reading

How to Refresh (Update) Group Policy Settings on...

August 13, 2024

Repairing the Domain Trust Relationship Between Workstation and...

May 16, 2024

Get-ADDomainController: Getting Domain Controllers Info via PowerShell

July 8, 2022

Backing Up Active Directory with Windows Server Backup

November 26, 2024

Unable to Access SYSVOL and NETLOGON folders from...

May 10, 2023

Checking Active Directory Domain Controller Health and Replication

May 15, 2025

Updating Group Policy Administrative Templates (ADMX)

January 24, 2025

Generating Strong Random Password with PowerShell

January 31, 2020

1 comment

Mike April 14, 2021 - 3:15 am

hi , How can you skip the Domain User group when using this script ? It errors with a warning mentioning it can’t add user to Domain user due to the fact the user is already a member .

Reply

Leave a Comment Cancel Reply

join us telegram channel https://t.me/woshub
Join WindowsHub Telegram channel to get the latest updates!

Recent Posts

  • Encrypt Any Client-Server App Traffic on Windows with Stunnel

    June 12, 2025
  • Failed to Open the Group Policy Object on a Computer

    June 2, 2025
  • Remote Desktop Printing with RD Easy Print Redirection

    June 2, 2025
  • Disable the Lock Screen Widgets in Windows 11

    May 26, 2025
  • Configuring Windows Protected Print Mode (WPP)

    May 19, 2025
  • Map a Network Drive over SSH (SSHFS) in Windows

    May 13, 2025
  • Configure NTP Time Source for Active Directory Domain

    May 6, 2025
  • Cannot Install Network Adapter Drivers on Windows Server

    April 29, 2025
  • Change BIOS from Legacy to UEFI without Reinstalling Windows

    April 21, 2025
  • How to Prefer IPv4 over IPv6 in Windows Networks

    April 9, 2025

Follow us

  • Facebook
  • Twitter
  • Telegram
Popular Posts
  • Get-ADUser: Find Active Directory User Info with PowerShell
  • Configuring Proxy Settings on Windows Using Group Policy Preferences
  • Using WMI Filters to Target Group Policies in Active Directory
  • Using Managed Service Accounts (MSA and gMSA) in Active Directory
  • How to Set a User Thumbnail Photo in Active Directory
  • Set Desktop Wallpaper and Logon Screen Background via Group Policy
  • Restoring Active Directory Domain Controller from a Backup
Footer Logo

@2014 - 2024 - Windows OS Hub. All about operating systems for sysadmins


Back To Top