User Account Group Membership Copy

This is the quick snippet to be executed in the context of a Domain Administrator:

# copyGroupMemberships.ps1
# version 0.0.2
# This updated version would distinguish between groups and users and proceed accordingly

$fromIdentity='TESTPRINCIPLE'
$toIdentity="TESTPRINCIPLE2"

function copyGroupMemberships($fromIdentity,$toIdentity){
  function copyUserToUserGroupMemberships($fromIdentity,$toIdentity){
    $ErrorActionPreference='stop'
    try{
      Import-module activedirectory
      $groupNames=(Get-ADPrincipalGroupMembership $fromIdentity).Name     
      $groupNames|%{try{Add-ADGroupMember -Identity "$_" -Members $toIdentity -ea SilentlyContinue}catch{}}
      $currentMemberships=(Get-ADPrincipalGroupMembership $toIdentity).Name
      write-host "User '$env:USERDOMAIN\$toIdentity' now has these memberships:`r`n---------------------------------`r`n$($currentMemberships|out-string)"
      return $true
    }catch{
      write-warning $_
      return $false
    }
  }
  function copyGroupToGroup($fromGroup,$toGroup){
    try{
      $members=Get-ADGroupMember $fromGroup
      Add-ADGroupMember -identity $toGroup -Members $members
      return $true
    }catch{
      write-warning $_
      return $false
    }
  }
  function copyUserToGroup($fromUser,$toGroup){
    try{
      $groupNames=(Get-ADPrincipalGroupMembership $fromUser).Name 
      Add-ADGroupMember -identity $toGroup -Members $groupNames
      return $true
    }catch{
      write-warning $_
      return $false
    }    
  }
  function copyGroupToUser($fromGroup,$toUser){
    try{
      $members=Get-ADGroupMember $fromGroup
      $groupNames|%{try{Add-ADGroupMember -Identity "$_" -Members $toUser -ea SilentlyContinue}catch{}}
      return $true
    }catch{
      write-warning $_
      return $false
    }   
  }
  $isFromIdentityUserObject=try{$null=Get-ADPrincipalGroupMembership $fromIdentity;$true}catch{$false}
  $isToIdentityUserObject=try{$null=Get-ADPrincipalGroupMembership $toIdentity;$true}catch{$false}
  $isFromIdentityGroupObject=try{$null=Get-ADPrincipalGroupMembership $fromIdentity;$true}catch{$false}
  $isToIdentityGroupObject=try{$null=Get-ADPrincipalGroupMembership $toIdentity;$true}catch{$false}
  if($isFromIdentityUserObject -and $isToIdentityUserObject){
    copyUserToUserGroupMemberships $fromIdentity $toIdentity
  }elseif($isFromIdentityGroupObject -and $isToIdentityGroupObject){
    copyGroupToGroup $fromIdentity $toIdentity
  }elseif($isFromIdentityUserObject -and $isToIdentityGroupObject){
    copyUserToGroup $fromIdentity $toIdentity
  }elseif($isFromIdentityGroupObject -and $isToIdentityUserObject){
    copyGroupToUser $fromGroup $toUser
  }else{
    write-warning "Unable to process memberships of $fromIdentity to $toIdentity"
  }
}
# copyGroupMemberships.ps1
# version 0.0.1

$fromIdentity='jesters'
$toIdentity="destinationUsername"
function copyGroupMemberships($fromIdentity,$toIdentity){
   $erroractionpreference='stop'
   try{
    Import-module activedirectory
    $groupNames=(Get-ADPrincipalGroupMembership $fromIdentity).Name
    $groupNames|%{Add-ADGroupMember -Identity "$_" -Members $toIdentity -ea SilentlyContinue}
    $currentMemberships=(Get-ADPrincipalGroupMembership $toIdentity).Name
    write-host "$toIdentity now has these memberships:`r`n---------------------------------`r`n$($currentMemberships|out-string)"
    return $true
   }catch{
    write-warning $_
    return $false
   }
}

copyGroupMemberships $fromIdentity $toIdentity
# membershipcopy.bat

@echo off
cls
rem set /p AdminID=Please Input Admin UserID:
rem set / AdminPassword=Please Input Admin Password:

Set /p CopyFrom=Copy From:
Set /p CopyTo=Copy To:

FOR /f "Tokens=*" %%a in ('dsquery user -samid %CopyTo%') DO Set CopyTo=%%a

IF NOT DEFINED CopyTo (
ECHO Could not find %CopyTo% in AD
GOTO :EOF
)

FOR /f "Tokens=*" %%a in ('dsquery user -samid %CopyFrom%') DO Set CopyFrom=%%a
IF NOT DEFINED CopyFrom (
ECHO Could not find %CopyFrom% in AD
GOTO :EOF
)

ECHO Copying groups from user %CopyFrom% to user %CopyTo%...
ping 127.0.0.1 -n 2 > nul
ECHO ===============================================================================
ECHO Copying groups from user %CopyFrom% to user %CopyTo%...

FOR /f "Tokens=*" %%a in ('dsget user %CopyFrom% -memberof') do (
dsmod GROUP %%a -addmbr %CopyTo% | find /i "dsmod succeeded:"
)
ECHO ===============================================================================
ping 127.0.0.1 -n 2 > nul
echo press any key to continue...
pause > nul
cls
exit
# groupCopy.ps1

import-module activedirectory
Do
{
$fromGroup = Read-Host -Prompt 'Copy From Group:'
$toGroup = Read-Host -Prompt 'Copy To Group:'
Add-ADGroupMember -Identity $toGroup -Members (Get-ADGroupMember -Identity $fromGroup -Recursive)
$flag = Read-Host -Promp 'Press Any Key = exit; C = Continue Copying...'
} while ($flag -match '[Cc]')

Leave a Reply

Your email address will not be published. Required fields are marked *