Copy AD Members/Users from one Group to another using Powershell

Powershell-AD-Grp-Copy

The following script will Add the users from Group_A to Group_B only when the user doesn’t exist on Group_B and Group_C


Import-Module ActiveDirectory
$Group_BUsers = Get-ADGroup Group_B -properties members | Select-Object members | % { $_.Members}
$Group_CUsers = Get-ADGroup Group_C -properties members | Select-Object members | % { $_.Members}
Get-ADGroup Group_A -properties members | Select-Object members | % { $_.Members} | % {
    if(!($Group_BUsers -contains $_) -and !($Group_CUsers -contains $_))
    {
        Add-ADGroupMember -Identity Group_B -Member $_
        $_ 
    }
    }

Result

Powershell-AD-Grp-Copy-GroupB

8 thoughts on “Copy AD Members/Users from one Group to another using Powershell

  1. Hello Siva, this worked perfectly in my lab, thank you! How would you handle if GroupA has nested groups and the users of those nested groups need to be added to GroupB, but not nested?

    Regards,
    Brian

    1. Hello Siva,

      In your example above, you have members of groupA being added to groupsB/C if they don’t already exist. What if in GroupA there were two nested groups, GroupD & GroupE, that both had users that did not currently exist in GroupB/C. How would you recursively get those users out of the nested groups and add them to group B?

      Regards,
      Brian

      1. Hi Brian,

        The following is how i would do it

        extract users from Group_D and Group_E from Group_A

        Get-ADGroup Group_A | Get-ADGroupMember | where {$_.objectclass -eq "group"} | Get-ADGroup -Properties members | Select-Object members | % {$_.members}

        Complete script

        
        Import-Module ActiveDirectory
        $Group_BUsers = Get-ADGroup Group_B -properties members | Select-Object members | % { $_.Members}
        $Group_CUsers = Get-ADGroup Group_C -properties members | Select-Object members | % { $_.Members}
        Get-ADGroup Group_A | Get-ADGroupMember | where {$_.objectclass -eq "group"} | Get-ADGroup -Properties members | Select-Object members | % {$_.members} | % {
            if(!($Group_BUsers -contains $_) -and !($Group_CUsers -contains $_))
            {
                Add-ADGroupMember -Identity Group_B -Member $_
                $_ 
            }
            }
        
        

        Please let me know if this answers your question.

  2. Hello Siva,

    That is exactly what I was trying to figure out how to do! Thank you very much for taking the time to assist, I truly appreciate it!

    Regards,
    Brian

  3. Hello Siva,

    I appreciate the response, I was able to use what you provided to achieve the desired result. I modified it a bit so that it would add any users in the parent group, but not add the nested groups, then go through and add the members of the nested groups. I am now trying to determine how to put in an if statement so that if a member currently exists in the target group it will skip over them and go on to the next one. Here is what I currently have.

    Param
    (
    # AD Group Name or Partial Name
    [Parameter(Mandatory=$true,
    Position=1,
    HelpMessage=”All or part of the AD group that will be updated with the members of the source group.”)]
    [string]$TargetGroup,

    # AD Group Name or Partial Name
    [Parameter(Mandatory=$true,
    Position=1,
    HelpMessage=”All or part of the AD group will be referenced to populate the target group.”)]
    [string]$SourceGroup
    )

    $erroractionpreference = “Stop”
    # Directing powershell to try the command so that I can capture any issues in a log file indicated below.
    try {
    Import-Module ActiveDirectory
    $GroupName = Get-ADGroup $TargetGroup -properties members | Select-Object members | foreach { $_.Members}
    Get-ADGroupMember -Identity $SourceGroup | where {$_.objectclass -ne “group”} | foreach {
    if(!($GroupName -contains $_))
    {
    Add-ADGroupMember -Identity $TargetGroup -Member $_
    $_
    }
    }
    Get-ADGroup $SourceGroup | Get-ADGroupMember | where {$_.objectclass -eq “group”} | Get-ADGroup -Properties members | Select-Object members | foreach {$_.members} | foreach {
    if(!($GroupNames -contains $_))
    {
    Add-ADGroupMember -Identity $TargetGroup -Member $_
    $_
    }
    }
    } catch {
    $_ | Out-File D:\ps\problemupdatinggroupsreport.txt -Append -Width 1000
    }

    Regards,
    Brian

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s