none
How to use powershell command to add a new test account to the same groups as another user account RRS feed

  • Question

  • There is a problematic user account in AD who belongs to many groups. Now I have created a new test account. I need to add this test account to the same groups as this problematic user's. But there are two many groups for this problmatic. It is difficulty to add the test account to all groups manually. So, I need assistance to use powershell command to achieve this goal. Thanks.


    I seek opportunity

    Monday, March 30, 2015 1:40 AM

Answers

  • Thanks for your reply. I will try this script on my test environment.

    Also, I find the following command to achieve the goal on the DC using “Active Directory Module for Windows Powershell” (Run as Administrator):

    Get-ADPrincipalGroupMembership -Identity 10user1 | % {Add-ADPrincipalGroupMembership -Identity 10user2 -MemberOf $_}

    The example demonstrates how to copy the group membership of the user1 to the user2.

    Anyway, thanks for your help.


    I seek opportunity

    • Marked as answer by alice_xzh Tuesday, March 31, 2015 10:32 AM
    Tuesday, March 31, 2015 10:32 AM
  • Hi alice,

    Here is the code to retrive the groups, the user belong to. This is a basic script.

    $user  = "samaccountname of that problematic user"
    $strFilter = "(&(objectCategory=User)(ObjectCategory=person)(samAccountName=$user))"
     
            $objDomain = New-Object System.DirectoryServices.DirectoryEntry 
            $objSearcher = New-Object System.DirectoryServices.DirectorySearcher
            $objSearcher.SearchRoot = $objDomain
            $objSearcher.SearchScope = "Subtree" 
            $objSearcher.PageSize = 1000 
    
            $objSearcher.Filter = $strFilter
    
            $colResults = $objSearcher.FindOne()
    
    
            if($colResults -eq $null)
            {
            $test = "No AD found"
            $test1 = " No AD found"
    
            }
            else
            {
            $test =foreach ($objResult in $colResults)
    
                {$objItem = $objResult.Properties; $objItem.name}
    
            $test1 =foreach ($objResult in $colResults)
    
                {$objItem = $objResult.Properties; $objItem.memberof ;
    }
    
    $test
    $test1

    $test1 will give the groups the member belong to...............

    if you can use Import-Module ActiveDirectory, the scripting length will reduce.

    (GET-ADUSER –Identity username –Properties MemberOf | Select-Object MemberOf).MemberOf

    to add the user to multiple groups, you can refer to this linkAdd a User to Multiple Groups


    Naveen Basati

    • Marked as answer by alice_xzh Tuesday, March 31, 2015 10:32 AM
    Monday, March 30, 2015 7:01 AM

All replies

  • Very simple,  Retrieve all of the groups the user belongs to and add the new user to each group.  Why is this a problem?

    ¯\_(ツ)_/¯

    Monday, March 30, 2015 2:02 AM
  • Hello, thanks for your reply. So, is there the script/commands to achieve this? I need the related script.

    I seek opportunity

    Monday, March 30, 2015 2:10 AM
  • Hi alice,

    Here is the code to retrive the groups, the user belong to. This is a basic script.

    $user  = "samaccountname of that problematic user"
    $strFilter = "(&(objectCategory=User)(ObjectCategory=person)(samAccountName=$user))"
     
            $objDomain = New-Object System.DirectoryServices.DirectoryEntry 
            $objSearcher = New-Object System.DirectoryServices.DirectorySearcher
            $objSearcher.SearchRoot = $objDomain
            $objSearcher.SearchScope = "Subtree" 
            $objSearcher.PageSize = 1000 
    
            $objSearcher.Filter = $strFilter
    
            $colResults = $objSearcher.FindOne()
    
    
            if($colResults -eq $null)
            {
            $test = "No AD found"
            $test1 = " No AD found"
    
            }
            else
            {
            $test =foreach ($objResult in $colResults)
    
                {$objItem = $objResult.Properties; $objItem.name}
    
            $test1 =foreach ($objResult in $colResults)
    
                {$objItem = $objResult.Properties; $objItem.memberof ;
    }
    
    $test
    $test1

    $test1 will give the groups the member belong to...............

    if you can use Import-Module ActiveDirectory, the scripting length will reduce.

    (GET-ADUSER –Identity username –Properties MemberOf | Select-Object MemberOf).MemberOf

    to add the user to multiple groups, you can refer to this linkAdd a User to Multiple Groups


    Naveen Basati

    • Marked as answer by alice_xzh Tuesday, March 31, 2015 10:32 AM
    Monday, March 30, 2015 7:01 AM
  • Thanks for your reply. I will try this script on my test environment.

    Also, I find the following command to achieve the goal on the DC using “Active Directory Module for Windows Powershell” (Run as Administrator):

    Get-ADPrincipalGroupMembership -Identity 10user1 | % {Add-ADPrincipalGroupMembership -Identity 10user2 -MemberOf $_}

    The example demonstrates how to copy the group membership of the user1 to the user2.

    Anyway, thanks for your help.


    I seek opportunity

    • Marked as answer by alice_xzh Tuesday, March 31, 2015 10:32 AM
    Tuesday, March 31, 2015 10:32 AM