locked
Copy Group Memberships from One User to Another in PowerShell RRS feed

  • Question

  • So I have a script that copies an old user properties ( $userInstance ) to a new user. 

     

    I've gotten everything to copy how I want it to except for Group Membership. For instance, if you right click and select properties of each user and select the "member of" tab, they are not in the same groups after copying. 

     

    Is there a way to get the groups $userInstance belongs to and put the new user in all the same groups? 

    Sunday, March 13, 2011 6:48 PM

Answers

  • This works:

    $user1 = [ADSI]"LDAP://CN=from,OU=Test,DC=Contoso,DC=com"
    $user2 = [ADSI]"LDAP://CN=to,OU=Test,DC=Contoso,DC=com"
    
    foreach ($group in $user1.memberof)
    {
    	$group = [ADSI]"LDAP://$group"
         $DN = $user2.distinguishedName
    	$group.Add("LDAP://$DN")
    }
    

    Richard Mueller - MVP Directory Services
    • Proposed as answer by Thiyagu14 Monday, March 14, 2011 12:03 PM
    • Marked as answer by IamMred Tuesday, March 15, 2011 8:11 PM
    Monday, March 14, 2011 1:04 AM

All replies

  • 1) [ADSI]

    $user1 = [ADSI]"LDAP://CN=from,OU=Test,DC=Contoso,DC=com"
    $user2 = [ADSI]"LDAP://CN=to,OU=Test,DC=Contoso,DC=com"
    
    foreach ($group in $user1.memberof)
    {
    	$group = [ADSI]"LDAP://$group"
    	$group.Add("LDAP://"+$user2.distinguishedName)
    }
    

    2) Quest AD

    http://social.technet.microsoft.com/Forums/en-US/ITCG/thread/88bb2aef-b54d-47b4-8096-2eaa59bac55c

    http://powershell.com/cs/media/p/4341.aspx

     

    Sunday, March 13, 2011 7:26 PM
  • PowerShell doesn't seem to like adding "LDAP://" and $user2.distinguishedName

     

    Exception calling "Add" with "1" argument(s): "Exception from HRESULT: 0x80005000"
    At C:\Users\Administrator\Documents\scripts\NewADUserIteration1.ps1:52 char:12
    +   $group.Add <<<< ("LDAP://"+$user2.distinguishedName)
      + CategoryInfo     : NotSpecified: (:) [], MethodInvocationException
      + FullyQualifiedErrorId : CatchFromBaseAdapterMethodInvokeTI
    
    Exception calling "Add" with "1" argument(s): "Exception from HRESULT: 0x80005000"
    At C:\Users\Administrator\Documents\scripts\NewADUserIteration1.ps1:52 char:12
    +   $group.Add <<<< ("LDAP://"+$user2.distinguishedName)
      + CategoryInfo     : NotSpecified: (:) [], MethodInvocationException
      + FullyQualifiedErrorId : CatchFromBaseAdapterMethodInvokeTI
    
    

    Sunday, March 13, 2011 10:53 PM
  • This works:

    $user1 = [ADSI]"LDAP://CN=from,OU=Test,DC=Contoso,DC=com"
    $user2 = [ADSI]"LDAP://CN=to,OU=Test,DC=Contoso,DC=com"
    
    foreach ($group in $user1.memberof)
    {
    	$group = [ADSI]"LDAP://$group"
         $DN = $user2.distinguishedName
    	$group.Add("LDAP://$DN")
    }
    

    Richard Mueller - MVP Directory Services
    • Proposed as answer by Thiyagu14 Monday, March 14, 2011 12:03 PM
    • Marked as answer by IamMred Tuesday, March 15, 2011 8:11 PM
    Monday, March 14, 2011 1:04 AM