none
script for adding new domain user to old domain groups

    Question

  • Hi there

    We are in the process of an interforest migration and have hit an issue wrt to sid history on groups. I am looking for a script or process to follow to enumerate group membership in old domain, amend output file and add new domain users as members to old domain group.

    Or could we simply add new domain group as a member to old domain group?

    Remember these are 2 different AD forests with 2-way forest trust with sid history filtering disabled.

    Thanks

    Stephane Favre

    Monday, February 25, 2013 11:35 AM

Answers

  • Hi,

    You may try to customize the script below to achieve your goal:

    Add Specific Users to a Group

    http://gallery.technet.microsoft.com/scriptcenter/28293c93-ca13-4fac-bf9b-2b67127fe9b2

    If you encounter any difficulties when customizing the scripts, you may submit a new question in The Official Scripting Guys Forum! which is a best resource for scripting related issues.

    The Official Scripting Guys Forum!

    http://social.technet.microsoft.com/Forums/en/ITCG/threads

    Regards,

    Arthur Li

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.


    Arthur Li

    TechNet Community Support

    Tuesday, February 26, 2013 2:31 AM

All replies

  • If there is a forest trust in place, which I assume there is, when you migrate your users I don't see why you couldn't just add the new users to the old group.  Unless I am misunderstanding something.  The new users will be granted access to the old groups granted permissions.

    -- 
    Paul Bergson
    MVP - Directory Services
    MCITP: Enterprise Administrator
    MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    2008, Vista, 2003, 2000 (Early Achiever), NT4
    http://www.pbbergs.com    Twitter @pbbergs
    http://blogs.dirteam.com/blogs/paulbergson

    Please no e-mails, any questions should be posted in the NewsGroup. This posting is provided "AS IS" with no warranties, and confers no rights.

    Monday, February 25, 2013 12:54 PM
  • the issue was that we discovered a bunch of groups that SID history from a previous migration. To negate the risk of removing this SID history and breaking anything, we were thinking of addind the NEWDOMAIN users to the OLDDOMAIN group?

    Stephane Favre

    Monday, February 25, 2013 1:25 PM
  • Hi,

    You may try to customize the script below to achieve your goal:

    Add Specific Users to a Group

    http://gallery.technet.microsoft.com/scriptcenter/28293c93-ca13-4fac-bf9b-2b67127fe9b2

    If you encounter any difficulties when customizing the scripts, you may submit a new question in The Official Scripting Guys Forum! which is a best resource for scripting related issues.

    The Official Scripting Guys Forum!

    http://social.technet.microsoft.com/Forums/en/ITCG/threads

    Regards,

    Arthur Li

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.


    Arthur Li

    TechNet Community Support

    Tuesday, February 26, 2013 2:31 AM
  • Hi,

     

    I would like to confirm what is the current situation? If there is anything that I can do for you, please do not hesitate to let me know, and I will be happy to help.

    Regards,

    Arthur Li

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.


    Arthur Li

    TechNet Community Support

    Friday, March 01, 2013 7:18 AM