Had the guy on my service desk that handles all of the user creation come to me recently with this request. Well when I say recently it was like a month or two ago, but you know how things go. Anyhow I threw this script together rather quickly to copy the group membership of one AD user to another. The basic breakdown is I ask for admin creds, prompt for what customer we’re dealing with so I know what DC to point to, specify the source user you want to copy, specify the target user you want to copy to, and finally confirm you’re sure that’s what you wanna do. Simple!
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 |
<# .SYNOPSIS This script will copy the AD group membership of one user to another. .DESCRIPTION This uses the ActiveDirectory module, which is included in RSAT. .NOTES Author: Scott Shelton #> Import-Module ActiveDirectory #Customer array $arrCustomers = @("Customer 1", "DC_FQDN_1"), ("Customer 2", "DC_FQDN_2"), ("Customer 3", "DC_FQDN_3"), ("Customer 4", "DC_FQDN_4") #Get admin credentials Write-Host "Please Input Admin Credentials (Domain\Username)..." -ForegroundColor Cyan $objCredential = Get-Credential #List customers $intX = 1 foreach($tmpCustomer in $arrCustomers) { Write-Host $intX "=" $tmpCustomer[0] $intX++ } #Select customer $strCustomerSelection = Read-Host "Select Customer" $intCustomerSelection = $strCustomerSelection -as [int] $intCustomerSelection-- #Selected customer variables $strCustomerDC = $arrCustomers[$intCustomerSelection][1] $strSelectedCustomer = $arrCustomers[$intCustomerSelection][0] #Specify usernames $objSourceUser = Read-Host "Enter the username of the source user" $objTargetUser = Read-Host "Enter the username of the target user" #Write to screen and give option to stop Write-Host "You have chosen to copy the group membership of $objSourceUser to $objTargetUser on $strSelectedCustomer's domain." -ForegroundColor Yellow Write-Host "Press Ctrl+C to cancel." -ForegroundColor Red PAUSE #Get group membership $objSourceUserAD = Get-ADUser $objSourceUser -Server $strCustomerDC -Properties memberof -Credential $objCredential $objTargetUserAD = Get-ADUser $objTargetUser -Server $strCustomerDC -Properties memberof -Credential $objCredential #Copy groups $objSourceUserAD.memberof | Where{$objTargetUserAD.memberof -notcontains $_} | Add-ADGroupMember -Server $strCustomerDC -Members $objTargetUserAD -Credential $objCredential Write-Host "Copy complete!" -ForegroundColor Green PAUSE |