<div>
Copy-ADGroupMember.ps1; -WhatIf is supported. 
Will by default only copy; use -Mirror to remove members from destination that aren't in the source anymore. 
Use -Confirm:$False to suppress the confirmation prompt (or change ConfirmImpact to 'None' if you never want to be asked) 

<pre><code class="code-10 nolinks" id="code-20-41847986-1">[CmdletBinding(SupportsShouldProcess=$True, ConfirmImpact='High')]
Param(
	[PSObject]$Identity,
	[PSObject]$Destination,
	[Switch]$Mirror
)
$SourceMembers = Get-ADGroupMember -Identity $Identity | Select-Object -ExpandProperty distinguishedName
$TargetMembers = Get-ADGroupMember -Identity $Destination | Select-Object -ExpandProperty distinguishedName
$DifferenceMembers = Compare-Object -ReferenceObject $SourceMembers -DifferenceObject $TargetMembers
$ProcessMembers = $DifferenceMembers | Where-Object {$_.SideIndicator -eq '&lt;='} | Select-Object -ExpandProperty InputObject
If ($PSCmdlet.ShouldProcess($Destination, &quot;Add objects:`r`n`t$($ProcessMembers -join &quot;`r`n`t&quot;)`r`n&quot;)) {
	Add-ADGroupMember -Identity $Destination -Members $ProcessMembers
}
If ($Mirror) {
	$ProcessMembers = $DifferenceMembers | Where-Object {$_.SideIndicator -eq '=&gt;'} | Select-Object -ExpandProperty InputObject
	If ($PSCmdlet.ShouldProcess($Destination, &quot;Remove objects:`r`n`t$($ProcessMembers -join &quot;`r`n`t&quot;)`r`n&quot;)) {
		Remove-ADGroupMember -Identity $Destination -Members $ProcessMembers
	}
}
</code></pre>
</div>

<div>
Thank you, where would I specify the source and destination group? Am I just replacing [PSObject] in lines 3 and 4?
</div>

<div>
No. It's a complete script accepting arguments. 
.\Copy-ADGroupMember.ps1 -Identity SourceADGroup -Destination DestADGroup -Mirror -WhatIf 
 
If you really want to hard code that, make a function out of it and call the function: 

<pre><code class="code-10 nolinks" id="code-20-41849507-1">Function Copy-ADGroupMember {
[CmdletBinding(SupportsShouldProcess=$True, ConfirmImpact='High')]
Param(
	[Parameter(ValueFromPipeline=$True, Position=0)]
	[PSObject]$Identity,
	[PSObject]$Destination,
	[Switch]$Mirror
)
	$SourceMembers = Get-ADGroupMember -Identity $Identity | Select-Object -ExpandProperty distinguishedName
	$TargetMembers = Get-ADGroupMember -Identity $Destination | Select-Object -ExpandProperty distinguishedName
	$DifferenceMembers = Compare-Object -ReferenceObject $SourceMembers -DifferenceObject $TargetMembers
	$ProcessMembers = $DifferenceMembers | Where-Object {$_.SideIndicator -eq '&lt;='} | Select-Object -ExpandProperty InputObject
	If ($PSCmdlet.ShouldProcess($Destination, &quot;Add objects:`r`n`t$($ProcessMembers -join &quot;`r`n`t&quot;)`r`n&quot;)) {
		Add-ADGroupMember -Identity $Destination -Members $ProcessMembers
	}
	If ($Mirror) {
		$ProcessMembers = $DifferenceMembers | Where-Object {$_.SideIndicator -eq '=&gt;'} | Select-Object -ExpandProperty InputObject
		If ($PSCmdlet.ShouldProcess($Destination, &quot;Remove objects:`r`n`t$($ProcessMembers -join &quot;`r`n`t&quot;)`r`n&quot;)) {
			Remove-ADGroupMember -Identity $Destination -Members $ProcessMembers
		}
	}
}

.\Copy-ADGroupMember.ps1 -Identity SourceADGroup -Destination DestADGroup -Mirror -WhatIf
</code></pre>
</div>

<div>
Thank you. The script seems to work, but throws errors. &nbsp;Can these be suppressed? 
 
PS C:\scripts&gt; .\Copy-ADGroupMember.ps1 -Identity SourceADGroup -Destination DestDL -Mirror -Confirm:$False 
Remove-ADGroupMember : Cannot validate argument on parameter 'Members'. The argument is null or empty. Provide an 
argument that is not null or empty, and then try the command again. 
At C:\scripts\Copy-ADGroupMember.ps1:17 char:56 
+ ... &nbsp;Remove-ADGroupMember -Identity $Destination -Members $ProcessMembers 
+ &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ~~~~~~~~~~~~~~~ 
&nbsp; &nbsp; + CategoryInfo &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;: InvalidData: (:) [Remove-ADGroupMember], ParameterBindingValidationException 
&nbsp; &nbsp; + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.RemoveADG 
&nbsp; &nbsp;roupMember 
 
PS C:\scripts&gt; .\Copy-ADGroupMember.ps1 -Identity SourceADGroup -Destination DestDL -Mirror -Confirm:$False 
Add-ADGroupMember : Cannot validate argument on parameter 'Members'. The argument is null or empty. Provide an 
argument that is not null or empty, and then try the command again. 
At C:\scripts\Copy-ADGroupMember.ps1:12 char:52 
+ &nbsp; &nbsp; Add-ADGroupMember -Identity $Destination -Members $ProcessMembers 
+ &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ~~~~~~~~~~~~~~~ 
&nbsp; &nbsp; + CategoryInfo &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;: InvalidData: (:) [Add-ADGroupMember], ParameterBindingValidationException 
&nbsp; &nbsp; + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.AddADGrou 
&nbsp; &nbsp;pMember 
 
PS C:\scripts&gt;
</div>

<div>
<pre><code class="code-10 nolinks" id="code-20-41858876-1">[CmdletBinding(SupportsShouldProcess=$True, ConfirmImpact='High')]
Param(
	[PSObject]$Identity,
	[PSObject]$Destination,
	[Switch]$Mirror
)
$SourceMembers = Get-ADGroupMember -Identity $Identity | Select-Object -ExpandProperty distinguishedName
$TargetMembers = Get-ADGroupMember -Identity $Destination | Select-Object -ExpandProperty distinguishedName
$DifferenceMembers = Compare-Object -ReferenceObject $SourceMembers -DifferenceObject $TargetMembers
$ProcessMembers = $DifferenceMembers | Where-Object {$_.SideIndicator -eq '&lt;='} | Select-Object -ExpandProperty InputObject
If ($ProcessMembers -and $PSCmdlet.ShouldProcess($Destination, &quot;Add objects:`r`n`t$($ProcessMembers -join &quot;`r`n`t&quot;)`r`n&quot;)) {
	Add-ADGroupMember -Identity $Destination -Members $ProcessMembers
}
If ($Mirror) {
	$ProcessMembers = $DifferenceMembers | Where-Object {$_.SideIndicator -eq '=&gt;'} | Select-Object -ExpandProperty InputObject
	If ($ProcessMembers -and $PSCmdlet.ShouldProcess($Destination, &quot;Remove objects:`r`n`t$($ProcessMembers -join &quot;`r`n`t&quot;)`r`n&quot;)) {
		Remove-ADGroupMember -Identity $Destination -Members $ProcessMembers
	}
}
</code></pre>
</div>

<div>
Thanks, that resolved those errors. &nbsp;However I just tested the script, and find that when the destination group has no members yet, it fails to populate with members in the source group. &nbsp;It works when the destination group contains at least one member. &nbsp;here is the error I get: 
 

<pre><code class="code-1 nolinks" id="code-20-41864371-1">PS C:\scripts&gt; .\Copy-ADGroupMember.ps1 -Identity SourceADGroup -Destination DestDL -Mirror -Confirm:$False
Compare-Object : Cannot bind argument to parameter 'DifferenceObject' because it is null.
At C:\scripts\Copy-ADGroupMember.ps1:13 char:87
+ ... ject -ReferenceObject $SourceMembers -DifferenceObject $TargetMembers
+ ~~~~~~~~~~~~~~
 + CategoryInfo : InvalidData: (:) [Compare-Object], ParameterBindingValidationException
 + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.CompareObje
 ctCommand
</code></pre>
 
 
Please note that the line 13 referenced in the error is 
<pre><code class="code-1 nolinks" id="code-20-41864371-2">$DifferenceMembers = Compare-Object -ReferenceObject $SourceMembers -DifferenceObject $TargetMembers
</code></pre>
(I added 4 commented lines to the top of your script when I ran, so for your original script line error would likely be line 9) Hope this didn't confuse you!
</div>

<div>
Works beautifully, thank you!
</div>

<div>
<div class="content wysiwyg-content">
I need to synchronize group membership for several AD security groups. &nbsp;I was able to put together a script that will add any new group members from the source security group to the destination security group, however, I also need to be able to have the script remove members from the destination security group, when they are removed from the source. &nbsp;How can I modify this script to achieve this? 
 

<pre><code class="code-1 nolinks" id="code-10-28976940-1">$source = Get-ADGroupMember -Identity SourceADGroup
foreach ($user in $source) { 
 Add-ADGroupMember -Identity DestADGroup -Members $user.distinguishedname 
}
</code></pre>
 
Thank you in advance.
</div>
</div>

I need to synchronize group membership for several AD security groups.  I was able to put together a script that will add any new group members from the source security group to the destination security group, however, I also need to be able to have the script remove members from the destination security group, when they are removed from the source.  How can I modify this script to achieve this?

(CODE)

Thank you in advance.

Synchronize/Mirror AD Security Group Membership Script

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Active Directory

Windows PowerShell is a task automation and configuration management framework from Microsoft, consisting of a command-line shell and associated scripting language built on the .NET Framework. PowerShell provides full access to the Component Object Model (COM) and Windows Management Instrumentation (WMI), enabling administrators to perform administrative tasks on both local and remote Windows systems as well as WS-Management and Common Information Model (CIM) enabling management of remote Linux systems and network devices.