Mandy_
asked on
Powershell copy special group memberships from UserA to UserB
Hi folks,
this time i like to transfer special groupMemberships from User (Alias UserA)
to User (Alias UserB)
What i exactly want:
1.Copy all Groups beginning with T*
2.Copy all Distribution Groups
3.Enter Source and dest. Alias not from host - as in code below - i like to
open 2 Windows Popups or 1 windows popup to enter source and dest- ID.
I needed why i want to execute the *ps1 within excel
all other groups membership i dont want to copy.
The code below is a beginning. Thank you so much for your help
this time i like to transfer special groupMemberships from User (Alias UserA)
to User (Alias UserB)
What i exactly want:
1.Copy all Groups beginning with T*
2.Copy all Distribution Groups
3.Enter Source and dest. Alias not from host - as in code below - i like to
open 2 Windows Popups or 1 windows popup to enter source and dest- ID.
I needed why i want to execute the *ps1 within excel
all other groups membership i dont want to copy.
The code below is a beginning. Thank you so much for your help
Import-Module ActiveDirectory
$SName = Read-Host "Please Enter the alias name of the source user "
$DName = Read-Host "Please Enter the alias name of the Destination user "
$C = Get-ADUser $SName |select memberof
foreach($user in $C.memberof)
{
Add-GroupMember -Identity $user -Member $DName
}
ASKER
okay thats i've found also in internet but i'm still missing the windows popups to enter
source and dest. userid
source and dest. userid
No clue how to trigger pop-ups, is the powershell input not sufficient?
ASKER
I call the shell from Excel and i think it would be better to open windows popup
ASKER
Also i want to copy only groups begins with T* and all Distribution groups
How can i build the hash-table with T*
How can i specify all DL ? My idea: All DL's are in a special OU so i could
query if the DL are insite this OU called e.g. Mail.Distribution_groups
How can i build the hash-table with T*
How can i specify all DL ? My idea: All DL's are in a special OU so i could
query if the DL are insite this OU called e.g. Mail.Distribution_groups
Popups are not the most easy thing to do with PS. See http://poshcode.org/608 for example code - you have to build .Net Form members.
Since you are calling the script from Excel, it should be much easier to pop something up in VBA, and then call the script with the resuilts.
Since you are calling the script from Excel, it should be much easier to pop something up in VBA, and then call the script with the resuilts.
ASKER
thanks Qlemo- What you think should be a good way to copy only groups begins with T* and all Distribution groups from one to another userid? without popups
Getting the groups starting with T is easy:
Getting DLs of a specific user is more difficult. Add the following after $sourceGrp is set up:
$sourceGrp = $sourceUser | select -Expand MemberOf | select-String -pattern '^CN=T.*'
$targetGrp = $targetUser | select -Expand MemberOf | select-String -pattern '^CN=T.*'
and use those vars instead of $sourceUser.MemberOf and $targetUser.MemberOf.Getting DLs of a specific user is more difficult. Add the following after $sourceGrp is set up:
$sourceGrp += @( $sourceUser.MemberOf | % { Get-ADGroup $_ | ? { $_.GroupCategory -eq 'Distribution' }} )
ASKER
Select-Object : Property "MemberOf" cannot be found.
+ CategoryInfo : InvalidArgument: (USERID:PSObject) [Select-Object], PSArgumentException
+ FullyQualifiedErrorId : ExpandPropertyNotFound,Mic rosoft.Pow erShell.Co mmands.Sel ectObjectC ommand
+ CategoryInfo : InvalidArgument: (USERID:PSObject) [Select-Object], PSArgumentException
+ FullyQualifiedErrorId : ExpandPropertyNotFound,Mic
Which line throws that error?
just my 2 cents, but cant you get the source groups memberships like so:
$allgroups = Get-ADPrincipalGroupMember ship $sourceuser| ? {($_.GroupCategory -eq "security") -and ($_.name -like "T*")}
$alldistrogroups = Get-ADPrincipalGroupMember ship $sourceuser| ? {$_.GroupCategory -eq "Distribution"}
$allgroups = Get-ADPrincipalGroupMember
$alldistrogroups = Get-ADPrincipalGroupMember
ASKER
$sourceuser = "UserID1";$sourceGrp = $sourceUser | select -Expand MemberOf | select-String -pattern '^CN=T.*';$targetUser = "UserID2";$targetGrp = $targetUser | select -Expand MemberOf | select-String -pattern '^CN=T.*'
i've a oneliner in excel (see above) that throws that error
How it should look the complete code (incl. copy) in as few lines in excel?
Appreciate for your help
$sourceUser refers to the code as in http:#a39305137. The relevant part is:
$sourceUser = Get-ADUser "UserID1" -Properties MemberOf
etc. I thought that it is obvious, as you need all the other code anyway ...
ASKER
sorry.. many thanks but could you explain or could you implement the code?
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
Thank you so much thats working like a charme
# Script to copy group memberships from a source user to a target user.
Param ($Source, $Target)
If ($Source -ne $Null -and $Target -eq $Null)
{
$Target = Read-Host "Enter logon name of target user"
}
If ($Source -eq $Null)
{
$Source = Read-Host "Enter logon name of source user"
$Target = Read-Host "Enter logon name of target user"
}
# Retrieve group memberships.
$SourceUser = Get-ADUser $Source -Properties memberOf
$TargetUser = Get-ADUser $Target -Properties memberOf
# Hash table of source user groups.
$List = @{}
#Enumerate direct group memberships of source user.
ForEach ($SourceDN In $SourceUser.memberOf)
{
# Add this group to hash table.
$List.Add($SourceDN, $True)
# Bind to group object.
$SourceGroup = [ADSI]"LDAP://$SourceDN"
# Check if target user is already a member of this group.
If ($SourceGroup.IsMember("LD
{
# Add the target user to this group.
Add-ADGroupMember -Identity $SourceDN -Members $Target
}
}
# Enumerate direct group memberships of target user.
ForEach ($TargetDN In $TargetUser.memberOf)
{
# Check if source user is a member of this group.
If ($List.ContainsKey($Target
{
# Source user not a member of this group.
# Remove target user from this group.
Remove-ADGroupMember $TargetDN $Target
}
}