Copy User Groups

by John C. Wray III Tuesday, April 12, 2016 1:11 PM

I created this script because I was tired of the tickets that wanted this user to have the same permissions as this other user. You'd want to run this as a domain admin, on a server with the Active Directory powershell module installed.  The first part of the script makes sure it was run elevated, the next resizes the window. It asks for a source user first and last name, verifies that is the correct user. It does the same for the destination user. It then asks if you want to copy or replace. Copy adds any missing groups, replace removes all groups from the destination and then copies from the source. You can kiss my hiney on the write-host usage, I like the colored output. :)

Import-Module ActiveDirectory
# Get the ID and security principal of the current user account
$myWindowsID=[System.Security.Principal.WindowsIdentity]::GetCurrent()
$myWindowsPrincipal=new-object System.Security.Principal.WindowsPrincipal($myWindowsID)

# Get the security principal for the Administrator role
$adminRole=[System.Security.Principal.WindowsBuiltInRole]::Administrator

# Check to see if we are currently running "as Administrator"
if ($myWindowsPrincipal.IsInRole($adminRole))
{
# We are running "as Administrator" - so change the title and background color to indicate this
$Host.UI.RawUI.WindowTitle = $myInvocation.MyCommand.Definition + "(Elevated)"
$Host.UI.RawUI.BackgroundColor = "DarkBlue"
clear-host
}
else
{
# We are not running "as Administrator" - so relaunch as administrator

# Create a new process object that starts PowerShell
$newProcess = new-object System.Diagnostics.ProcessStartInfo "PowerShell";

# Specify the current script path and name as a parameter
$newProcess.Arguments = $myInvocation.MyCommand.Definition;

# Indicate that the process should be elevated
$newProcess.Verb = "runas";

# Start the new process
[System.Diagnostics.Process]::Start($newProcess);

# Exit from the current, unelevated, process
exit
}
#Get Current Buffer Size and Window Size
$bufferSize = $Host.UI.RawUI.BufferSize
$WindowSize = $host.UI.RawUI.WindowSize

$NewWindowWidth = 120
$NewWindowHeight = 50

#Buffer size cannot be smaller than Window size
If ($bufferSize.Width -lt $NewWindowWidth)
{
$bufferSize.Width = $NewWindowWidth
}
if ($bufferSize.Height -lt $NewWindowHeight)
{
$bufferSize.Height = $NewWindowHeight
}
$WindowSize.Width = $NewWindowWidth
$WindowSize.Height = $NewWindowHeight

$host.UI.RawUI.BufferSize = $buffersize
$host.UI.RawUI.WindowSize = $WindowSize


cls

#Find the sAMAccountname for the source user
write-host "================================================================================"
$tempFirstName = Read-Host "Enter the first name of the source user"
$tempFirstName += "*"
$tempLastName = Read-Host "Enter the last name of the source user"
$tempLastName += "*"
Try {
$tempUsers = Get-ADUser -filter {(GivenName -like $tempFirstName) -and (Surname -like $tempLastName)} -properties *
}
Catch {
write-host "Error in user query!" -foregroundcolor "red"
write-host "Tried to query using Get-ADUSer -filter {(GivenName -like " $tempFirstName " -and (Surname -like " $tempLastName ")} -properties *" -foregroundcolor "red" -backgroundcolor "white"
$error.clear()
Write-Host "Press any key to continue ..."
$x = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
exit
}
$tempAnswer = ""
foreach ($tempUser in $tempUsers)
{
$tempUserSamAccountName = $tempUser.sAmAccountName
$tempUserdisplayName = $tempUser.displayName
if (!$tempAnswer)
{
$tempAnswer = read-host "Is $tempUserdisplayName with a username of $tempUserSamAccountName the correct source user? (y/n)"
if ($tempAnswer.ToUpper() -eq "Y")
{
$sourceSamAccount = $tempUserSamAccountName
}
Else
{
$tempAnswer = ""
}
}
}
if (!$sourceSamAccount)
{
write-host "Never found a source user, exiting the script!"
Write-Host "Press any key to continue ..."
$x = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
exit
}
write-host "================================================================================"
write-host
write-host
write-host "================================================================================"
#Find the sAMAccountname for the destination user
$tempFirstName = Read-Host "Enter the first name of the destination user"
$tempFirstName += "*"
$tempLastName = Read-Host "Enter the last name of the destination user"
$tempLastName += "*"
Try {
$tempUsers = Get-ADUser -filter {(GivenName -like $tempFirstName) -and (Surname -like $tempLastName)} -properties *
}
Catch {
write-host "Error in user query!" -foregroundcolor "red"
write-host "Tried to query using Get-ADUSer -filter {(GivenName -like " $tempFirstName " -and (Surname -like " $tempLastName ")} -properties *" -foregroundcolor "red" -backgroundcolor "white"
$error.clear()
Write-Host "Press any key to continue ..."
$x = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
exit
}
$tempAnswer = ""
foreach ($tempUser in $tempUsers)
{
$tempUserSamAccountName = $tempUser.sAmAccountName
$tempUserdisplayName = $tempUser.displayName
if (!$tempAnswer)
{
$tempAnswer = read-host "Is $tempUserdisplayName with a username of $tempUserSamAccountName the correct destination user? (y/n)"
if ($tempAnswer.ToUpper() -eq "Y")
{
$destSamAccount = $tempUserSamAccountName
}
Else
{
$tempAnswer = ""
}
}
}
if (!$destSamAccount)
{
write-host "Never found a destination user, exiting the script!"
Write-Host "Press any key to continue ..."
$x = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
exit
}
write-host "================================================================================"

$tempCopyReplace = read-host "Enter defaults to copy/adding groups. Enter (r) to replace groups"
if ($tempCopyReplace.toUpper() -eq "R")
{
#Remove all existing groups from destination user
$tempuser = Get-ADUser -id $destSamAccount -properties *
$tempGroups = $tempUser.memberof
foreach($tempGroup in $tempGroups)
{
remove-adgroupmember -id $tempGroup -member $destSamAccount -confirm:$false
}

}

write-host
write-host
write-host "================================================================="
write-host "Green = Added, Red = already a member or not added by the script."
write-host "================================================================="
write-host
$tempSourceUser = Get-ADUser -id $sourceSamAccount -properties *
$tempSourceGroups = $tempSourceUser.memberof
foreach($tempSourceGroup in $tempSourceGroups){
$tempGroupName = get-ADGroup -id $tempSourceGroup -properties Name

try {
Add-ADGroupMember -Identity $tempSourceGroup -member $destSamAccount -ErrorAction stop
write-host $tempGroupName -foregroundcolor "green"
}
catch {
write-host $tempGroupName -foregroundcolor "red"
$error.clear()
}
}
write-host "Finished adding to groups."
Write-Host "Press any key to continue ..."

$x = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")

 

 

Tags:

Microsoft | Powershell

Comments are closed