Copy AD Members/Users from one Group to another using Powershell

Powershell-AD-Grp-Copy
The following script will Add the users from Group_A to Group_B only when the user doesn’t exist on Group_B and Group_C
[code language=”powershell” gutter=”true” highlight=”4,7″ light=”true” title=”PowerShell Code”]
Import-Module ActiveDirectory
$Group_BUsers = Get-ADGroup Group_B -properties members | Select-Object members | % { $_.Members}
$Group_CUsers = Get-ADGroup Group_C -properties members | Select-Object members | % { $_.Members}
Get-ADGroup Group_A -properties members | Select-Object members | % { $_.Members} | % {
if(!($Group_BUsers -contains $_) -and !($Group_CUsers -contains $_))
{
Add-ADGroupMember -Identity Group_B -Member $_
$_
}
}
[/code]

Result

Powershell-AD-Grp-Copy-GroupB

Join the Conversation

8 Comments

  1. Hello Siva, this worked perfectly in my lab, thank you! How would you handle if GroupA has nested groups and the users of those nested groups need to be added to GroupB, but not nested?
    Regards,
    Brian

    1. Hello Siva,
      In your example above, you have members of groupA being added to groupsB/C if they don’t already exist. What if in GroupA there were two nested groups, GroupD & GroupE, that both had users that did not currently exist in GroupB/C. How would you recursively get those users out of the nested groups and add them to group B?
      Regards,
      Brian

      1. Hi Brian,
        The following is how i would do it
        extract users from Group_D and Group_E from Group_A
        Get-ADGroup Group_A | Get-ADGroupMember | where {$_.objectclass -eq "group"} | Get-ADGroup -Properties members | Select-Object members | % {$_.members}
        Complete script
        [code language=”powershell” gutter=”true” highlight=”4,7″ light=”true” title=”PowerShell Code”]
        Import-Module ActiveDirectory
        $Group_BUsers = Get-ADGroup Group_B -properties members | Select-Object members | % { $_.Members}
        $Group_CUsers = Get-ADGroup Group_C -properties members | Select-Object members | % { $_.Members}
        Get-ADGroup Group_A | Get-ADGroupMember | where {$_.objectclass -eq "group"} | Get-ADGroup -Properties members | Select-Object members | % {$_.members} | % {
        if(!($Group_BUsers -contains $_) -and !($Group_CUsers -contains $_))
        {
        Add-ADGroupMember -Identity Group_B -Member $_
        $_
        }
        }
        [/code]
        Please let me know if this answers your question.

  2. Hello Siva,
    That is exactly what I was trying to figure out how to do! Thank you very much for taking the time to assist, I truly appreciate it!
    Regards,
    Brian

  3. Hello Siva,
    I appreciate the response, I was able to use what you provided to achieve the desired result. I modified it a bit so that it would add any users in the parent group, but not add the nested groups, then go through and add the members of the nested groups. I am now trying to determine how to put in an if statement so that if a member currently exists in the target group it will skip over them and go on to the next one. Here is what I currently have.
    Param
    (
    # AD Group Name or Partial Name
    [Parameter(Mandatory=$true,
    Position=1,
    HelpMessage=”All or part of the AD group that will be updated with the members of the source group.”)]
    [string]$TargetGroup,
    # AD Group Name or Partial Name
    [Parameter(Mandatory=$true,
    Position=1,
    HelpMessage=”All or part of the AD group will be referenced to populate the target group.”)]
    [string]$SourceGroup
    )
    $erroractionpreference = “Stop”
    # Directing powershell to try the command so that I can capture any issues in a log file indicated below.
    try {
    Import-Module ActiveDirectory
    $GroupName = Get-ADGroup $TargetGroup -properties members | Select-Object members | foreach { $_.Members}
    Get-ADGroupMember -Identity $SourceGroup | where {$_.objectclass -ne “group”} | foreach {
    if(!($GroupName -contains $_))
    {
    Add-ADGroupMember -Identity $TargetGroup -Member $_
    $_
    }
    }
    Get-ADGroup $SourceGroup | Get-ADGroupMember | where {$_.objectclass -eq “group”} | Get-ADGroup -Properties members | Select-Object members | foreach {$_.members} | foreach {
    if(!($GroupNames -contains $_))
    {
    Add-ADGroupMember -Identity $TargetGroup -Member $_
    $_
    }
    }
    } catch {
    $_ | Out-File D:\ps\problemupdatinggroupsreport.txt -Append -Width 1000
    }
    Regards,
    Brian

Leave a comment

Leave a Reply to Brian Cancel reply

Your email address will not be published. Required fields are marked *

WordPress Appliance - Powered by TurnKey Linux