Solved

Groups powershell copy

Posted on 2014-11-24
17
154 Views
Last Modified: 2014-11-25
Hi guys,

We are using Quest active roles and I have quite a large task to do using PowerShell, basically we have several of these groups ending with -M and the we have those ending with -R:

DL-FSR-PRS-EaF-Management-M
DL-FSR-PRS-EAF-Management-R

DL-FSR-PRS-EaF-OperationalPlanning-M
DL-FSR-PRS-EAF-OperationalPlanning-R

DL-FSR-PRS-EaF-SCSSectionsHeads-M
DL-FSR-PRS-EaF-SCSSectionsHeads-R

I need to find all the groups contain the -M at the end and then copy all the members from these groups to the R group. and there are thousands of these groups. After the group memberships have been copied I need to delete the M group.

Please help! Where do I start?

Thank you in advance.
0
Comment
Question by:Kay
  • 8
  • 6
  • 2
  • +1
17 Comments
 

Author Comment

by:Kay
Comment Utility
I've tried this so far and it doesn't work:

Get-QADGroup -OrganizationalUnit "OU=Departmental Share Security,OU=ResourceGroups,OU=Groups,DC=DM,DC=DS,DC=UAQ,DC=ac,DC=uk" "DL-FSR-*m*"

Please help!
0
 
LVL 19

Expert Comment

by:Miguel Angel Perez Muñoz
Comment Utility
On powershell you can try:  
get-adgroup -filter {name -like '*M' -and distinguishedname -like '*OU=Departmental Share Security,OU=ResourceGroups,OU=Groups,DC=DM,DC=DS,DC=UAQ,DC=ac,DC=uk'} | select name
0
 

Author Comment

by:Kay
Comment Utility
this don't work, now displays on the screen
0
 

Author Comment

by:Kay
Comment Utility
thank you Miguel I've sorted part of the problem:

Get-QADGroup -OrganizationalUnit "OU=Resource Groups,OU=Groups,DC=UAT,DC=DS,DC=QAD,DC=AC,DC=UK" "*M"

this gives me all the groups with M at the end, now I need all the members of that group copied to the R.

I know its something simple, but just can't figure it out!
0
 
LVL 28

Expert Comment

by:becraig
Comment Utility
Get-QADGroup -OrganizationalUnit "OU=Resource Groups,OU=Groups,DC=UAT,DC=DS,DC=QAD,DC=AC,DC=UK" "*M" | % { Get-QADGroupMember -Identity $_}

Open in new window


Using your command to get the group names, just pipe it to a foreach and get the members.
0
 
LVL 40

Accepted Solution

by:
Subsun earned 500 total points
Comment Utility
I presume in the group name only the -M at the end changes to -R

You can try with following script to start with.. Replace "OU=Groups,DC=Test,DC=Com" with your OU.  I also added -WhatIf for testing, you need to remove -WhatIf switch to actually delete the group object.

Get-QADGroup -SizeLimit 0 -SearchRoot "OU=Groups,DC=Test,DC=Com" |
 ?{$_.Name -match "-M$"} | %{
$S = $_
$D = $S.Name -replace "-M$","-R"
Write "Copying Member from $S to $D"
	Try{
		Get-QADGroupMember $S.Name | %{
		 Add-QADGroupMember $D -Member $_.DN -ErrorAction Stop | Out-Null
		}
	}Catch{
		"Error Copying Member from $($S.Name) to $D : $_.Exception"
	}
	$GroupA = Get-QADGroupMember $S.Name | Select -ExpandProperty Name
	$GroupB = Get-QADGroupMember $D | Select -ExpandProperty Name
	If (Compare $GroupA $GroupB){
		"$($S.Name) members copy failed"
		}Else{
		Remove-QADObject $S.DN -Confirm $false -WhatIf
		}
}

Open in new window

The code is untested, you can test it in you lab before run it in production..
0
 

Author Comment

by:Kay
Comment Utility
Think best way might be to use this code from becraig

 Get-QADGroup -OrganizationalUnit "OU=Resource Groups,OU=Groups,DC=UAT,DC=DS,DC=QAD,DC=AC,DC=UK" "*M" | % { Get-QADGroupMember -Identity $_}

then export the group name and the identiy into a csv and then change the letter M to R in the csv and then import the users into the R group,

how can I do this?
0
 
LVL 40

Expert Comment

by:Subsun
Comment Utility
If you're unsure about the group naming format then that would be better but you need to construct the input csv in that case. Code can be modified as per your requirement.
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 28

Expert Comment

by:becraig
Comment Utility
Something like this should be get your export done.

I've not tested but it was scraped from a previously working script.
$($groups = Get-QADGroup -OrganizationalUnit "OU=Resource Groups,OU=Groups,DC=UAT,DC=DS,DC=QAD,DC=AC,DC=UK" "*M" | select Name
ForEach ($group in $groups)
    {
    get-qadgroupmember -identity $group -SizeLimit 0 | select Name,Type,DN,FirstName,LastName,NTAccountName,DisplayName,@{N="Group";E={$group}}
    }) | Export-Csv c:\report.csv -NoTypeInformation

Open in new window


As an addendum I think Subsun's code would do exactly what you need with regard to moving and comparing if members already exist etc.
0
 
LVL 40

Expert Comment

by:Subsun
Comment Utility
To export the group names to csv file..
Get-QADGroup -SearchRoot "OU=Resource Groups,OU=Groups,DC=UAT,DC=DS,DC=QAD,DC=AC,DC=UK" "*M" | Export-csv c:\group.csv -nti

Open in new window

If you can make the input csv file following format..
Source,Dest
Group-A-M,Group-A-R
Group-B-M,Group-B-R

Open in new window

Using above input file you can run the following script to copy the group membership and remove the groups..
Import-Csv c:\input.csv | %{
$S = Get-QADGroup $_.Source
$D = $_.Dest
Write "Copying Member from $($S.Name) to $D"
	Get-QADGroupMember $S.Name | %{
	 Try{
		Add-QADGroupMember $D -Member $_.DN -ErrorAction Stop | Out-Null
		}
	 Catch{
		"Error Copying Member from $($S.Name) to $D : $_.Exception"
	 }
	}
	$GroupA = Get-QADGroupMember $S.Name | Select -ExpandProperty Name
	$GroupB = Get-QADGroupMember $D | Select -ExpandProperty Name
	If (Compare $GroupA $GroupB){
		"$($S.Name) members copy failed"
	}Else{
		Remove-QADObject $S.DN -Confirm $false -WhatIf
	}
}

Open in new window

0
 

Author Comment

by:Kay
Comment Utility
Subsun the script you posted earlier is fantastic!

I've tested on UAT and it works well, however I still want to understand the script as I am trying to advance my skill in powershell.

what does $ in the "-M$" mean?

thank you soo much !
0
 

Author Comment

by:Kay
Comment Utility
Subsun did you write the script?
0
 
LVL 40

Expert Comment

by:Subsun
Comment Utility
"-M$" is a regular expression which will match all strings end with -M

Subsun did you write the script?
Yes I do write scripts.. :-)
0
 

Author Comment

by:Kay
Comment Utility
fantastic script! how to I advance to this level?

also what does this line of code mean?

-ErrorAction Stop | Out-Null

Try{
	Add-QADGroupMember $D -Member $_.DN -ErrorAction Stop | Out-Null

Open in new window

0
 
LVL 40

Expert Comment

by:Subsun
Comment Utility
fantastic script! how to I advance to this level?
Just start writing scripts, is the important thing to do.. seek help when you get stuck (Try to find answer in Google first).. Read PowerShell Articles & Books.. Watch video Tutorials etc..

-ErrorAction Stop means to terminate the command if an error occurs.

Ref : http://blogs.technet.com/b/heyscriptingguy/archive/2010/03/09/hey-scripting-guy-march-9-2010.aspx

Out-Null command is used to suppress the output of the command. Else it will display some result to host screen (Basically deleting the output instead of  sending the output to pipeline).

Ref : http://technet.microsoft.com/en-us/library/hh849716.aspx
0
 

Author Comment

by:Kay
Comment Utility
the code:

Remove-QADObject $S.DN -Confirm $false -WhatIf

Open in new window


wont remove anything right?
0
 
LVL 40

Expert Comment

by:Subsun
Comment Utility
nope.. If you remove -WhatIf switch then only it perform the action..  -WhatIf will just simulate the action and output what it is going to perform.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

"Migrate" an SMTP relay receive connector to a new server using info from an old server.
This article explains how to prepare an HTML email signature template file containing dynamic placeholders for users' Azure AD data. Furthermore, it explains how to use this file to remotely set up a department-wide email signature policy in Office …
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now