Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Groups powershell copy

Posted on 2014-11-24
17
Medium Priority
?
163 Views
Last Modified: 2014-11-25
Hi guys,

We are using Quest active roles and I have quite a large task to do using PowerShell, basically we have several of these groups ending with -M and the we have those ending with -R:

DL-FSR-PRS-EaF-Management-M
DL-FSR-PRS-EAF-Management-R

DL-FSR-PRS-EaF-OperationalPlanning-M
DL-FSR-PRS-EAF-OperationalPlanning-R

DL-FSR-PRS-EaF-SCSSectionsHeads-M
DL-FSR-PRS-EaF-SCSSectionsHeads-R

I need to find all the groups contain the -M at the end and then copy all the members from these groups to the R group. and there are thousands of these groups. After the group memberships have been copied I need to delete the M group.

Please help! Where do I start?

Thank you in advance.
0
Comment
Question by:Kay
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 6
  • 2
  • +1
17 Comments
 

Author Comment

by:Kay
ID: 40462358
I've tried this so far and it doesn't work:

Get-QADGroup -OrganizationalUnit "OU=Departmental Share Security,OU=ResourceGroups,OU=Groups,DC=DM,DC=DS,DC=UAQ,DC=ac,DC=uk" "DL-FSR-*m*"

Please help!
0
 
LVL 19

Expert Comment

by:Miguel Angel Perez Muñoz
ID: 40462439
On powershell you can try:  
get-adgroup -filter {name -like '*M' -and distinguishedname -like '*OU=Departmental Share Security,OU=ResourceGroups,OU=Groups,DC=DM,DC=DS,DC=UAQ,DC=ac,DC=uk'} | select name
0
 

Author Comment

by:Kay
ID: 40462496
this don't work, now displays on the screen
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:Kay
ID: 40462524
thank you Miguel I've sorted part of the problem:

Get-QADGroup -OrganizationalUnit "OU=Resource Groups,OU=Groups,DC=UAT,DC=DS,DC=QAD,DC=AC,DC=UK" "*M"

this gives me all the groups with M at the end, now I need all the members of that group copied to the R.

I know its something simple, but just can't figure it out!
0
 
LVL 29

Expert Comment

by:becraig
ID: 40462536
Get-QADGroup -OrganizationalUnit "OU=Resource Groups,OU=Groups,DC=UAT,DC=DS,DC=QAD,DC=AC,DC=UK" "*M" | % { Get-QADGroupMember -Identity $_}

Open in new window


Using your command to get the group names, just pipe it to a foreach and get the members.
0
 
LVL 40

Accepted Solution

by:
Subsun earned 2000 total points
ID: 40462549
I presume in the group name only the -M at the end changes to -R

You can try with following script to start with.. Replace "OU=Groups,DC=Test,DC=Com" with your OU.  I also added -WhatIf for testing, you need to remove -WhatIf switch to actually delete the group object.

Get-QADGroup -SizeLimit 0 -SearchRoot "OU=Groups,DC=Test,DC=Com" |
 ?{$_.Name -match "-M$"} | %{
$S = $_
$D = $S.Name -replace "-M$","-R"
Write "Copying Member from $S to $D"
	Try{
		Get-QADGroupMember $S.Name | %{
		 Add-QADGroupMember $D -Member $_.DN -ErrorAction Stop | Out-Null
		}
	}Catch{
		"Error Copying Member from $($S.Name) to $D : $_.Exception"
	}
	$GroupA = Get-QADGroupMember $S.Name | Select -ExpandProperty Name
	$GroupB = Get-QADGroupMember $D | Select -ExpandProperty Name
	If (Compare $GroupA $GroupB){
		"$($S.Name) members copy failed"
		}Else{
		Remove-QADObject $S.DN -Confirm $false -WhatIf
		}
}

Open in new window

The code is untested, you can test it in you lab before run it in production..
0
 

Author Comment

by:Kay
ID: 40462596
Think best way might be to use this code from becraig

 Get-QADGroup -OrganizationalUnit "OU=Resource Groups,OU=Groups,DC=UAT,DC=DS,DC=QAD,DC=AC,DC=UK" "*M" | % { Get-QADGroupMember -Identity $_}

then export the group name and the identiy into a csv and then change the letter M to R in the csv and then import the users into the R group,

how can I do this?
0
 
LVL 40

Expert Comment

by:Subsun
ID: 40462650
If you're unsure about the group naming format then that would be better but you need to construct the input csv in that case. Code can be modified as per your requirement.
0
 
LVL 29

Expert Comment

by:becraig
ID: 40462658
Something like this should be get your export done.

I've not tested but it was scraped from a previously working script.
$($groups = Get-QADGroup -OrganizationalUnit "OU=Resource Groups,OU=Groups,DC=UAT,DC=DS,DC=QAD,DC=AC,DC=UK" "*M" | select Name
ForEach ($group in $groups)
    {
    get-qadgroupmember -identity $group -SizeLimit 0 | select Name,Type,DN,FirstName,LastName,NTAccountName,DisplayName,@{N="Group";E={$group}}
    }) | Export-Csv c:\report.csv -NoTypeInformation

Open in new window


As an addendum I think Subsun's code would do exactly what you need with regard to moving and comparing if members already exist etc.
0
 
LVL 40

Expert Comment

by:Subsun
ID: 40462734
To export the group names to csv file..
Get-QADGroup -SearchRoot "OU=Resource Groups,OU=Groups,DC=UAT,DC=DS,DC=QAD,DC=AC,DC=UK" "*M" | Export-csv c:\group.csv -nti

Open in new window

If you can make the input csv file following format..
Source,Dest
Group-A-M,Group-A-R
Group-B-M,Group-B-R

Open in new window

Using above input file you can run the following script to copy the group membership and remove the groups..
Import-Csv c:\input.csv | %{
$S = Get-QADGroup $_.Source
$D = $_.Dest
Write "Copying Member from $($S.Name) to $D"
	Get-QADGroupMember $S.Name | %{
	 Try{
		Add-QADGroupMember $D -Member $_.DN -ErrorAction Stop | Out-Null
		}
	 Catch{
		"Error Copying Member from $($S.Name) to $D : $_.Exception"
	 }
	}
	$GroupA = Get-QADGroupMember $S.Name | Select -ExpandProperty Name
	$GroupB = Get-QADGroupMember $D | Select -ExpandProperty Name
	If (Compare $GroupA $GroupB){
		"$($S.Name) members copy failed"
	}Else{
		Remove-QADObject $S.DN -Confirm $false -WhatIf
	}
}

Open in new window

0
 

Author Comment

by:Kay
ID: 40464074
Subsun the script you posted earlier is fantastic!

I've tested on UAT and it works well, however I still want to understand the script as I am trying to advance my skill in powershell.

what does $ in the "-M$" mean?

thank you soo much !
0
 

Author Comment

by:Kay
ID: 40464156
Subsun did you write the script?
0
 
LVL 40

Expert Comment

by:Subsun
ID: 40464168
"-M$" is a regular expression which will match all strings end with -M

Subsun did you write the script?
Yes I do write scripts.. :-)
0
 

Author Comment

by:Kay
ID: 40464173
fantastic script! how to I advance to this level?

also what does this line of code mean?

-ErrorAction Stop | Out-Null

Try{
	Add-QADGroupMember $D -Member $_.DN -ErrorAction Stop | Out-Null

Open in new window

0
 
LVL 40

Expert Comment

by:Subsun
ID: 40464177
fantastic script! how to I advance to this level?
Just start writing scripts, is the important thing to do.. seek help when you get stuck (Try to find answer in Google first).. Read PowerShell Articles & Books.. Watch video Tutorials etc..

-ErrorAction Stop means to terminate the command if an error occurs.

Ref : http://blogs.technet.com/b/heyscriptingguy/archive/2010/03/09/hey-scripting-guy-march-9-2010.aspx

Out-Null command is used to suppress the output of the command. Else it will display some result to host screen (Basically deleting the output instead of  sending the output to pipeline).

Ref : http://technet.microsoft.com/en-us/library/hh849716.aspx
0
 

Author Comment

by:Kay
ID: 40464540
the code:

Remove-QADObject $S.DN -Confirm $false -WhatIf

Open in new window


wont remove anything right?
0
 
LVL 40

Expert Comment

by:Subsun
ID: 40464549
nope.. If you remove -WhatIf switch then only it perform the action..  -WhatIf will just simulate the action and output what it is going to perform.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Suggested Courses

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question