Solved

Groups powershell copy

Posted on 2014-11-24
17
162 Views
Last Modified: 2014-11-25
Hi guys,

We are using Quest active roles and I have quite a large task to do using PowerShell, basically we have several of these groups ending with -M and the we have those ending with -R:

DL-FSR-PRS-EaF-Management-M
DL-FSR-PRS-EAF-Management-R

DL-FSR-PRS-EaF-OperationalPlanning-M
DL-FSR-PRS-EAF-OperationalPlanning-R

DL-FSR-PRS-EaF-SCSSectionsHeads-M
DL-FSR-PRS-EaF-SCSSectionsHeads-R

I need to find all the groups contain the -M at the end and then copy all the members from these groups to the R group. and there are thousands of these groups. After the group memberships have been copied I need to delete the M group.

Please help! Where do I start?

Thank you in advance.
0
Comment
Question by:Kay
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 6
  • 2
  • +1
17 Comments
 

Author Comment

by:Kay
ID: 40462358
I've tried this so far and it doesn't work:

Get-QADGroup -OrganizationalUnit "OU=Departmental Share Security,OU=ResourceGroups,OU=Groups,DC=DM,DC=DS,DC=UAQ,DC=ac,DC=uk" "DL-FSR-*m*"

Please help!
0
 
LVL 19

Expert Comment

by:Miguel Angel Perez Muñoz
ID: 40462439
On powershell you can try:  
get-adgroup -filter {name -like '*M' -and distinguishedname -like '*OU=Departmental Share Security,OU=ResourceGroups,OU=Groups,DC=DM,DC=DS,DC=UAQ,DC=ac,DC=uk'} | select name
0
 

Author Comment

by:Kay
ID: 40462496
this don't work, now displays on the screen
0
Are You Headed to Black Hat USA 2017?

Getting ready for Black Hat next week? Kick things off with the WatchGuard Badge Challenge and test your puzzle and cipher skills. Do you have what it takes to earn our limited edition Firebox Badge? Get started today - https://crimsonthorn.net

 

Author Comment

by:Kay
ID: 40462524
thank you Miguel I've sorted part of the problem:

Get-QADGroup -OrganizationalUnit "OU=Resource Groups,OU=Groups,DC=UAT,DC=DS,DC=QAD,DC=AC,DC=UK" "*M"

this gives me all the groups with M at the end, now I need all the members of that group copied to the R.

I know its something simple, but just can't figure it out!
0
 
LVL 29

Expert Comment

by:becraig
ID: 40462536
Get-QADGroup -OrganizationalUnit "OU=Resource Groups,OU=Groups,DC=UAT,DC=DS,DC=QAD,DC=AC,DC=UK" "*M" | % { Get-QADGroupMember -Identity $_}

Open in new window


Using your command to get the group names, just pipe it to a foreach and get the members.
0
 
LVL 40

Accepted Solution

by:
Subsun earned 500 total points
ID: 40462549
I presume in the group name only the -M at the end changes to -R

You can try with following script to start with.. Replace "OU=Groups,DC=Test,DC=Com" with your OU.  I also added -WhatIf for testing, you need to remove -WhatIf switch to actually delete the group object.

Get-QADGroup -SizeLimit 0 -SearchRoot "OU=Groups,DC=Test,DC=Com" |
 ?{$_.Name -match "-M$"} | %{
$S = $_
$D = $S.Name -replace "-M$","-R"
Write "Copying Member from $S to $D"
	Try{
		Get-QADGroupMember $S.Name | %{
		 Add-QADGroupMember $D -Member $_.DN -ErrorAction Stop | Out-Null
		}
	}Catch{
		"Error Copying Member from $($S.Name) to $D : $_.Exception"
	}
	$GroupA = Get-QADGroupMember $S.Name | Select -ExpandProperty Name
	$GroupB = Get-QADGroupMember $D | Select -ExpandProperty Name
	If (Compare $GroupA $GroupB){
		"$($S.Name) members copy failed"
		}Else{
		Remove-QADObject $S.DN -Confirm $false -WhatIf
		}
}

Open in new window

The code is untested, you can test it in you lab before run it in production..
0
 

Author Comment

by:Kay
ID: 40462596
Think best way might be to use this code from becraig

 Get-QADGroup -OrganizationalUnit "OU=Resource Groups,OU=Groups,DC=UAT,DC=DS,DC=QAD,DC=AC,DC=UK" "*M" | % { Get-QADGroupMember -Identity $_}

then export the group name and the identiy into a csv and then change the letter M to R in the csv and then import the users into the R group,

how can I do this?
0
 
LVL 40

Expert Comment

by:Subsun
ID: 40462650
If you're unsure about the group naming format then that would be better but you need to construct the input csv in that case. Code can be modified as per your requirement.
0
 
LVL 29

Expert Comment

by:becraig
ID: 40462658
Something like this should be get your export done.

I've not tested but it was scraped from a previously working script.
$($groups = Get-QADGroup -OrganizationalUnit "OU=Resource Groups,OU=Groups,DC=UAT,DC=DS,DC=QAD,DC=AC,DC=UK" "*M" | select Name
ForEach ($group in $groups)
    {
    get-qadgroupmember -identity $group -SizeLimit 0 | select Name,Type,DN,FirstName,LastName,NTAccountName,DisplayName,@{N="Group";E={$group}}
    }) | Export-Csv c:\report.csv -NoTypeInformation

Open in new window


As an addendum I think Subsun's code would do exactly what you need with regard to moving and comparing if members already exist etc.
0
 
LVL 40

Expert Comment

by:Subsun
ID: 40462734
To export the group names to csv file..
Get-QADGroup -SearchRoot "OU=Resource Groups,OU=Groups,DC=UAT,DC=DS,DC=QAD,DC=AC,DC=UK" "*M" | Export-csv c:\group.csv -nti

Open in new window

If you can make the input csv file following format..
Source,Dest
Group-A-M,Group-A-R
Group-B-M,Group-B-R

Open in new window

Using above input file you can run the following script to copy the group membership and remove the groups..
Import-Csv c:\input.csv | %{
$S = Get-QADGroup $_.Source
$D = $_.Dest
Write "Copying Member from $($S.Name) to $D"
	Get-QADGroupMember $S.Name | %{
	 Try{
		Add-QADGroupMember $D -Member $_.DN -ErrorAction Stop | Out-Null
		}
	 Catch{
		"Error Copying Member from $($S.Name) to $D : $_.Exception"
	 }
	}
	$GroupA = Get-QADGroupMember $S.Name | Select -ExpandProperty Name
	$GroupB = Get-QADGroupMember $D | Select -ExpandProperty Name
	If (Compare $GroupA $GroupB){
		"$($S.Name) members copy failed"
	}Else{
		Remove-QADObject $S.DN -Confirm $false -WhatIf
	}
}

Open in new window

0
 

Author Comment

by:Kay
ID: 40464074
Subsun the script you posted earlier is fantastic!

I've tested on UAT and it works well, however I still want to understand the script as I am trying to advance my skill in powershell.

what does $ in the "-M$" mean?

thank you soo much !
0
 

Author Comment

by:Kay
ID: 40464156
Subsun did you write the script?
0
 
LVL 40

Expert Comment

by:Subsun
ID: 40464168
"-M$" is a regular expression which will match all strings end with -M

Subsun did you write the script?
Yes I do write scripts.. :-)
0
 

Author Comment

by:Kay
ID: 40464173
fantastic script! how to I advance to this level?

also what does this line of code mean?

-ErrorAction Stop | Out-Null

Try{
	Add-QADGroupMember $D -Member $_.DN -ErrorAction Stop | Out-Null

Open in new window

0
 
LVL 40

Expert Comment

by:Subsun
ID: 40464177
fantastic script! how to I advance to this level?
Just start writing scripts, is the important thing to do.. seek help when you get stuck (Try to find answer in Google first).. Read PowerShell Articles & Books.. Watch video Tutorials etc..

-ErrorAction Stop means to terminate the command if an error occurs.

Ref : http://blogs.technet.com/b/heyscriptingguy/archive/2010/03/09/hey-scripting-guy-march-9-2010.aspx

Out-Null command is used to suppress the output of the command. Else it will display some result to host screen (Basically deleting the output instead of  sending the output to pipeline).

Ref : http://technet.microsoft.com/en-us/library/hh849716.aspx
0
 

Author Comment

by:Kay
ID: 40464540
the code:

Remove-QADObject $S.DN -Confirm $false -WhatIf

Open in new window


wont remove anything right?
0
 
LVL 40

Expert Comment

by:Subsun
ID: 40464549
nope.. If you remove -WhatIf switch then only it perform the action..  -WhatIf will just simulate the action and output what it is going to perform.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question