Solved

Groups powershell copy

Posted on 2014-11-24
17
161 Views
Last Modified: 2014-11-25
Hi guys,

We are using Quest active roles and I have quite a large task to do using PowerShell, basically we have several of these groups ending with -M and the we have those ending with -R:

DL-FSR-PRS-EaF-Management-M
DL-FSR-PRS-EAF-Management-R

DL-FSR-PRS-EaF-OperationalPlanning-M
DL-FSR-PRS-EAF-OperationalPlanning-R

DL-FSR-PRS-EaF-SCSSectionsHeads-M
DL-FSR-PRS-EaF-SCSSectionsHeads-R

I need to find all the groups contain the -M at the end and then copy all the members from these groups to the R group. and there are thousands of these groups. After the group memberships have been copied I need to delete the M group.

Please help! Where do I start?

Thank you in advance.
0
Comment
Question by:Kay
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 6
  • 2
  • +1
17 Comments
 

Author Comment

by:Kay
ID: 40462358
I've tried this so far and it doesn't work:

Get-QADGroup -OrganizationalUnit "OU=Departmental Share Security,OU=ResourceGroups,OU=Groups,DC=DM,DC=DS,DC=UAQ,DC=ac,DC=uk" "DL-FSR-*m*"

Please help!
0
 
LVL 19

Expert Comment

by:Miguel Angel Perez Muñoz
ID: 40462439
On powershell you can try:  
get-adgroup -filter {name -like '*M' -and distinguishedname -like '*OU=Departmental Share Security,OU=ResourceGroups,OU=Groups,DC=DM,DC=DS,DC=UAQ,DC=ac,DC=uk'} | select name
0
 

Author Comment

by:Kay
ID: 40462496
this don't work, now displays on the screen
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Author Comment

by:Kay
ID: 40462524
thank you Miguel I've sorted part of the problem:

Get-QADGroup -OrganizationalUnit "OU=Resource Groups,OU=Groups,DC=UAT,DC=DS,DC=QAD,DC=AC,DC=UK" "*M"

this gives me all the groups with M at the end, now I need all the members of that group copied to the R.

I know its something simple, but just can't figure it out!
0
 
LVL 29

Expert Comment

by:becraig
ID: 40462536
Get-QADGroup -OrganizationalUnit "OU=Resource Groups,OU=Groups,DC=UAT,DC=DS,DC=QAD,DC=AC,DC=UK" "*M" | % { Get-QADGroupMember -Identity $_}

Open in new window


Using your command to get the group names, just pipe it to a foreach and get the members.
0
 
LVL 40

Accepted Solution

by:
Subsun earned 500 total points
ID: 40462549
I presume in the group name only the -M at the end changes to -R

You can try with following script to start with.. Replace "OU=Groups,DC=Test,DC=Com" with your OU.  I also added -WhatIf for testing, you need to remove -WhatIf switch to actually delete the group object.

Get-QADGroup -SizeLimit 0 -SearchRoot "OU=Groups,DC=Test,DC=Com" |
 ?{$_.Name -match "-M$"} | %{
$S = $_
$D = $S.Name -replace "-M$","-R"
Write "Copying Member from $S to $D"
	Try{
		Get-QADGroupMember $S.Name | %{
		 Add-QADGroupMember $D -Member $_.DN -ErrorAction Stop | Out-Null
		}
	}Catch{
		"Error Copying Member from $($S.Name) to $D : $_.Exception"
	}
	$GroupA = Get-QADGroupMember $S.Name | Select -ExpandProperty Name
	$GroupB = Get-QADGroupMember $D | Select -ExpandProperty Name
	If (Compare $GroupA $GroupB){
		"$($S.Name) members copy failed"
		}Else{
		Remove-QADObject $S.DN -Confirm $false -WhatIf
		}
}

Open in new window

The code is untested, you can test it in you lab before run it in production..
0
 

Author Comment

by:Kay
ID: 40462596
Think best way might be to use this code from becraig

 Get-QADGroup -OrganizationalUnit "OU=Resource Groups,OU=Groups,DC=UAT,DC=DS,DC=QAD,DC=AC,DC=UK" "*M" | % { Get-QADGroupMember -Identity $_}

then export the group name and the identiy into a csv and then change the letter M to R in the csv and then import the users into the R group,

how can I do this?
0
 
LVL 40

Expert Comment

by:Subsun
ID: 40462650
If you're unsure about the group naming format then that would be better but you need to construct the input csv in that case. Code can be modified as per your requirement.
0
 
LVL 29

Expert Comment

by:becraig
ID: 40462658
Something like this should be get your export done.

I've not tested but it was scraped from a previously working script.
$($groups = Get-QADGroup -OrganizationalUnit "OU=Resource Groups,OU=Groups,DC=UAT,DC=DS,DC=QAD,DC=AC,DC=UK" "*M" | select Name
ForEach ($group in $groups)
    {
    get-qadgroupmember -identity $group -SizeLimit 0 | select Name,Type,DN,FirstName,LastName,NTAccountName,DisplayName,@{N="Group";E={$group}}
    }) | Export-Csv c:\report.csv -NoTypeInformation

Open in new window


As an addendum I think Subsun's code would do exactly what you need with regard to moving and comparing if members already exist etc.
0
 
LVL 40

Expert Comment

by:Subsun
ID: 40462734
To export the group names to csv file..
Get-QADGroup -SearchRoot "OU=Resource Groups,OU=Groups,DC=UAT,DC=DS,DC=QAD,DC=AC,DC=UK" "*M" | Export-csv c:\group.csv -nti

Open in new window

If you can make the input csv file following format..
Source,Dest
Group-A-M,Group-A-R
Group-B-M,Group-B-R

Open in new window

Using above input file you can run the following script to copy the group membership and remove the groups..
Import-Csv c:\input.csv | %{
$S = Get-QADGroup $_.Source
$D = $_.Dest
Write "Copying Member from $($S.Name) to $D"
	Get-QADGroupMember $S.Name | %{
	 Try{
		Add-QADGroupMember $D -Member $_.DN -ErrorAction Stop | Out-Null
		}
	 Catch{
		"Error Copying Member from $($S.Name) to $D : $_.Exception"
	 }
	}
	$GroupA = Get-QADGroupMember $S.Name | Select -ExpandProperty Name
	$GroupB = Get-QADGroupMember $D | Select -ExpandProperty Name
	If (Compare $GroupA $GroupB){
		"$($S.Name) members copy failed"
	}Else{
		Remove-QADObject $S.DN -Confirm $false -WhatIf
	}
}

Open in new window

0
 

Author Comment

by:Kay
ID: 40464074
Subsun the script you posted earlier is fantastic!

I've tested on UAT and it works well, however I still want to understand the script as I am trying to advance my skill in powershell.

what does $ in the "-M$" mean?

thank you soo much !
0
 

Author Comment

by:Kay
ID: 40464156
Subsun did you write the script?
0
 
LVL 40

Expert Comment

by:Subsun
ID: 40464168
"-M$" is a regular expression which will match all strings end with -M

Subsun did you write the script?
Yes I do write scripts.. :-)
0
 

Author Comment

by:Kay
ID: 40464173
fantastic script! how to I advance to this level?

also what does this line of code mean?

-ErrorAction Stop | Out-Null

Try{
	Add-QADGroupMember $D -Member $_.DN -ErrorAction Stop | Out-Null

Open in new window

0
 
LVL 40

Expert Comment

by:Subsun
ID: 40464177
fantastic script! how to I advance to this level?
Just start writing scripts, is the important thing to do.. seek help when you get stuck (Try to find answer in Google first).. Read PowerShell Articles & Books.. Watch video Tutorials etc..

-ErrorAction Stop means to terminate the command if an error occurs.

Ref : http://blogs.technet.com/b/heyscriptingguy/archive/2010/03/09/hey-scripting-guy-march-9-2010.aspx

Out-Null command is used to suppress the output of the command. Else it will display some result to host screen (Basically deleting the output instead of  sending the output to pipeline).

Ref : http://technet.microsoft.com/en-us/library/hh849716.aspx
0
 

Author Comment

by:Kay
ID: 40464540
the code:

Remove-QADObject $S.DN -Confirm $false -WhatIf

Open in new window


wont remove anything right?
0
 
LVL 40

Expert Comment

by:Subsun
ID: 40464549
nope.. If you remove -WhatIf switch then only it perform the action..  -WhatIf will just simulate the action and output what it is going to perform.
0

Featured Post

Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question