Link to home
Create AccountLog in
Avatar of Mandy_
Mandy_

asked on

Powershell copy special group memberships from UserA to UserB

Hi folks,

this time i like to transfer special groupMemberships from User (Alias UserA)
to User (Alias UserB)

What i exactly want:
1.Copy all Groups beginning with T*
2.Copy all Distribution Groups
3.Enter Source and dest. Alias not from host - as in code below - i like to
open 2 Windows Popups or 1 windows popup to enter source and dest- ID.
I needed why i want to execute the *ps1 within excel

all other groups membership i dont want to copy.

The code below is a beginning.  Thank you so much for your help

Import-Module ActiveDirectory 
$SName = Read-Host "Please Enter the alias name of the source user " 
$DName = Read-Host "Please Enter the alias name of the Destination user " 
 
$C = Get-ADUser $SName |select memberof  
foreach($user in $C.memberof)  
{  
Add-GroupMember -Identity $user -Member $DName 
} 

Open in new window

Avatar of Patrick Bogers
Patrick Bogers
Flag of Netherlands image

As a startup this script does so for users to users, sure you can bend it to security groups.

# Script to copy group memberships from a source user to a target user.
 
Param ($Source, $Target)
 If ($Source -ne $Null -and $Target -eq $Null)
 {
     $Target = Read-Host "Enter logon name of target user"
 }
 If ($Source -eq $Null)
 {
     $Source = Read-Host "Enter logon name of source user"
     $Target = Read-Host "Enter logon name of target user"
 }
 
# Retrieve group memberships.
 $SourceUser = Get-ADUser $Source -Properties memberOf
 $TargetUser = Get-ADUser $Target -Properties memberOf
 
# Hash table of source user groups.
 $List = @{}
 
#Enumerate direct group memberships of source user.
 ForEach ($SourceDN In $SourceUser.memberOf)
 {
     # Add this group to hash table.
     $List.Add($SourceDN, $True)
     # Bind to group object.
     $SourceGroup = [ADSI]"LDAP://$SourceDN"
     # Check if target user is already a member of this group.
     If ($SourceGroup.IsMember("LDAP://" + $TargetUser.distinguishedName) -eq $False)
     {
         # Add the target user to this group.
         Add-ADGroupMember -Identity $SourceDN -Members $Target
     }
 }
 
# Enumerate direct group memberships of target user.
 ForEach ($TargetDN In $TargetUser.memberOf)
 {
     # Check if source user is a member of this group.
     If ($List.ContainsKey($TargetDN) -eq $False)
     {
         # Source user not a member of this group.
         # Remove target user from this group.
         Remove-ADGroupMember $TargetDN $Target
     }
 }
Avatar of Mandy_
Mandy_

ASKER

okay thats i've found also in internet but i'm still missing the windows popups to enter
source and dest. userid
No clue how to trigger pop-ups, is the powershell input not sufficient?
Avatar of Mandy_

ASKER

I call the shell from Excel and i think it would be better to open windows popup
Avatar of Mandy_

ASKER

Also i want to copy only groups begins with T* and all Distribution groups

How can i build the hash-table with T*
How can i specify all DL ?  My idea:  All DL's are in a special OU so i could
query if the DL are insite this OU called e.g. Mail.Distribution_groups
Popups are not the most easy thing to do with PS. See http://poshcode.org/608 for example code - you have to build .Net Form members.
Since you are calling the script from Excel, it should be much easier to pop something up in VBA, and then call the script with the resuilts.
Avatar of Mandy_

ASKER

thanks Qlemo- What you think should be a good way to copy only groups begins with T* and all Distribution groups from one to another userid? without popups
Getting the groups starting with T is easy:
$sourceGrp = $sourceUser | select -Expand MemberOf | select-String -pattern '^CN=T.*'
$targetGrp = $targetUser | select -Expand MemberOf | select-String -pattern '^CN=T.*'

Open in new window

and use those vars instead of $sourceUser.MemberOf and $targetUser.MemberOf.

Getting DLs of a specific user is more difficult. Add the following after $sourceGrp is set up:
$sourceGrp += @( $sourceUser.MemberOf | % { Get-ADGroup $_ | ? { $_.GroupCategory -eq 'Distribution' }} )

Open in new window

Avatar of Mandy_

ASKER

Select-Object : Property "MemberOf" cannot be found.

 + CategoryInfo          : InvalidArgument: (USERID:PSObject) [Select-Object], PSArgumentException
 + FullyQualifiedErrorId : ExpandPropertyNotFound,Microsoft.PowerShell.Commands.SelectObjectCommand
Which line throws that error?
just my 2 cents, but cant you get the source groups memberships like so:


$allgroups = Get-ADPrincipalGroupMembership $sourceuser| ? {($_.GroupCategory -eq "security") -and ($_.name -like "T*")}

$alldistrogroups = Get-ADPrincipalGroupMembership $sourceuser| ? {$_.GroupCategory -eq "Distribution"}
Avatar of Mandy_

ASKER

$sourceuser = "UserID1";$sourceGrp = $sourceUser | select -Expand MemberOf | select-String -pattern '^CN=T.*';$targetUser = "UserID2";$targetGrp = $targetUser | select -Expand MemberOf | select-String -pattern '^CN=T.*' 

Open in new window


i've a oneliner in excel (see above) that throws that error

How it should look the complete code (incl. copy)  in as few lines in excel?

Appreciate for your help
$sourceUser refers to the code as in http:#a39305137. The relevant part is:
$sourceUser = Get-ADUser "UserID1" -Properties MemberOf

Open in new window

etc. I thought that it is obvious, as you need all the other code anyway ...
Avatar of Mandy_

ASKER

sorry.. many thanks but could you explain or could you implement the code?
ASKER CERTIFIED SOLUTION
Avatar of Qlemo
Qlemo
Flag of Germany image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Avatar of Mandy_

ASKER

Thank you so much thats working like a charme