Solved

Groups powershell copy

Posted on 2014-11-24
17
158 Views
Last Modified: 2014-11-25
Hi guys,

We are using Quest active roles and I have quite a large task to do using PowerShell, basically we have several of these groups ending with -M and the we have those ending with -R:

DL-FSR-PRS-EaF-Management-M
DL-FSR-PRS-EAF-Management-R

DL-FSR-PRS-EaF-OperationalPlanning-M
DL-FSR-PRS-EAF-OperationalPlanning-R

DL-FSR-PRS-EaF-SCSSectionsHeads-M
DL-FSR-PRS-EaF-SCSSectionsHeads-R

I need to find all the groups contain the -M at the end and then copy all the members from these groups to the R group. and there are thousands of these groups. After the group memberships have been copied I need to delete the M group.

Please help! Where do I start?

Thank you in advance.
0
Comment
Question by:Kay
  • 8
  • 6
  • 2
  • +1
17 Comments
 

Author Comment

by:Kay
ID: 40462358
I've tried this so far and it doesn't work:

Get-QADGroup -OrganizationalUnit "OU=Departmental Share Security,OU=ResourceGroups,OU=Groups,DC=DM,DC=DS,DC=UAQ,DC=ac,DC=uk" "DL-FSR-*m*"

Please help!
0
 
LVL 19

Expert Comment

by:Miguel Angel Perez Muñoz
ID: 40462439
On powershell you can try:  
get-adgroup -filter {name -like '*M' -and distinguishedname -like '*OU=Departmental Share Security,OU=ResourceGroups,OU=Groups,DC=DM,DC=DS,DC=UAQ,DC=ac,DC=uk'} | select name
0
 

Author Comment

by:Kay
ID: 40462496
this don't work, now displays on the screen
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:Kay
ID: 40462524
thank you Miguel I've sorted part of the problem:

Get-QADGroup -OrganizationalUnit "OU=Resource Groups,OU=Groups,DC=UAT,DC=DS,DC=QAD,DC=AC,DC=UK" "*M"

this gives me all the groups with M at the end, now I need all the members of that group copied to the R.

I know its something simple, but just can't figure it out!
0
 
LVL 29

Expert Comment

by:becraig
ID: 40462536
Get-QADGroup -OrganizationalUnit "OU=Resource Groups,OU=Groups,DC=UAT,DC=DS,DC=QAD,DC=AC,DC=UK" "*M" | % { Get-QADGroupMember -Identity $_}

Open in new window


Using your command to get the group names, just pipe it to a foreach and get the members.
0
 
LVL 40

Accepted Solution

by:
Subsun earned 500 total points
ID: 40462549
I presume in the group name only the -M at the end changes to -R

You can try with following script to start with.. Replace "OU=Groups,DC=Test,DC=Com" with your OU.  I also added -WhatIf for testing, you need to remove -WhatIf switch to actually delete the group object.

Get-QADGroup -SizeLimit 0 -SearchRoot "OU=Groups,DC=Test,DC=Com" |
 ?{$_.Name -match "-M$"} | %{
$S = $_
$D = $S.Name -replace "-M$","-R"
Write "Copying Member from $S to $D"
	Try{
		Get-QADGroupMember $S.Name | %{
		 Add-QADGroupMember $D -Member $_.DN -ErrorAction Stop | Out-Null
		}
	}Catch{
		"Error Copying Member from $($S.Name) to $D : $_.Exception"
	}
	$GroupA = Get-QADGroupMember $S.Name | Select -ExpandProperty Name
	$GroupB = Get-QADGroupMember $D | Select -ExpandProperty Name
	If (Compare $GroupA $GroupB){
		"$($S.Name) members copy failed"
		}Else{
		Remove-QADObject $S.DN -Confirm $false -WhatIf
		}
}

Open in new window

The code is untested, you can test it in you lab before run it in production..
0
 

Author Comment

by:Kay
ID: 40462596
Think best way might be to use this code from becraig

 Get-QADGroup -OrganizationalUnit "OU=Resource Groups,OU=Groups,DC=UAT,DC=DS,DC=QAD,DC=AC,DC=UK" "*M" | % { Get-QADGroupMember -Identity $_}

then export the group name and the identiy into a csv and then change the letter M to R in the csv and then import the users into the R group,

how can I do this?
0
 
LVL 40

Expert Comment

by:Subsun
ID: 40462650
If you're unsure about the group naming format then that would be better but you need to construct the input csv in that case. Code can be modified as per your requirement.
0
 
LVL 29

Expert Comment

by:becraig
ID: 40462658
Something like this should be get your export done.

I've not tested but it was scraped from a previously working script.
$($groups = Get-QADGroup -OrganizationalUnit "OU=Resource Groups,OU=Groups,DC=UAT,DC=DS,DC=QAD,DC=AC,DC=UK" "*M" | select Name
ForEach ($group in $groups)
    {
    get-qadgroupmember -identity $group -SizeLimit 0 | select Name,Type,DN,FirstName,LastName,NTAccountName,DisplayName,@{N="Group";E={$group}}
    }) | Export-Csv c:\report.csv -NoTypeInformation

Open in new window


As an addendum I think Subsun's code would do exactly what you need with regard to moving and comparing if members already exist etc.
0
 
LVL 40

Expert Comment

by:Subsun
ID: 40462734
To export the group names to csv file..
Get-QADGroup -SearchRoot "OU=Resource Groups,OU=Groups,DC=UAT,DC=DS,DC=QAD,DC=AC,DC=UK" "*M" | Export-csv c:\group.csv -nti

Open in new window

If you can make the input csv file following format..
Source,Dest
Group-A-M,Group-A-R
Group-B-M,Group-B-R

Open in new window

Using above input file you can run the following script to copy the group membership and remove the groups..
Import-Csv c:\input.csv | %{
$S = Get-QADGroup $_.Source
$D = $_.Dest
Write "Copying Member from $($S.Name) to $D"
	Get-QADGroupMember $S.Name | %{
	 Try{
		Add-QADGroupMember $D -Member $_.DN -ErrorAction Stop | Out-Null
		}
	 Catch{
		"Error Copying Member from $($S.Name) to $D : $_.Exception"
	 }
	}
	$GroupA = Get-QADGroupMember $S.Name | Select -ExpandProperty Name
	$GroupB = Get-QADGroupMember $D | Select -ExpandProperty Name
	If (Compare $GroupA $GroupB){
		"$($S.Name) members copy failed"
	}Else{
		Remove-QADObject $S.DN -Confirm $false -WhatIf
	}
}

Open in new window

0
 

Author Comment

by:Kay
ID: 40464074
Subsun the script you posted earlier is fantastic!

I've tested on UAT and it works well, however I still want to understand the script as I am trying to advance my skill in powershell.

what does $ in the "-M$" mean?

thank you soo much !
0
 

Author Comment

by:Kay
ID: 40464156
Subsun did you write the script?
0
 
LVL 40

Expert Comment

by:Subsun
ID: 40464168
"-M$" is a regular expression which will match all strings end with -M

Subsun did you write the script?
Yes I do write scripts.. :-)
0
 

Author Comment

by:Kay
ID: 40464173
fantastic script! how to I advance to this level?

also what does this line of code mean?

-ErrorAction Stop | Out-Null

Try{
	Add-QADGroupMember $D -Member $_.DN -ErrorAction Stop | Out-Null

Open in new window

0
 
LVL 40

Expert Comment

by:Subsun
ID: 40464177
fantastic script! how to I advance to this level?
Just start writing scripts, is the important thing to do.. seek help when you get stuck (Try to find answer in Google first).. Read PowerShell Articles & Books.. Watch video Tutorials etc..

-ErrorAction Stop means to terminate the command if an error occurs.

Ref : http://blogs.technet.com/b/heyscriptingguy/archive/2010/03/09/hey-scripting-guy-march-9-2010.aspx

Out-Null command is used to suppress the output of the command. Else it will display some result to host screen (Basically deleting the output instead of  sending the output to pipeline).

Ref : http://technet.microsoft.com/en-us/library/hh849716.aspx
0
 

Author Comment

by:Kay
ID: 40464540
the code:

Remove-QADObject $S.DN -Confirm $false -WhatIf

Open in new window


wont remove anything right?
0
 
LVL 40

Expert Comment

by:Subsun
ID: 40464549
nope.. If you remove -WhatIf switch then only it perform the action..  -WhatIf will just simulate the action and output what it is going to perform.
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question