PowerShell: Getting AD groups of one User and Add them to a List of Other Users

Prologue

Ace here again. Yep, me again. I’ve been on the sidelines lately with a big mail migration, then changed roles to the AD and Windows management side of things.

Part of what I do is perform necessary file maintenance (FSRM, DFS, fileserver migration, etc.), and of course, respond to tickets for requests or issues.

One request that came in was for 16 new users that are to have identical group memberships as a current user. I looked at the group membership of the user in question and saw he was part of 11 or 12 groups. Hmm, and he wants this done for 16 users? I could sit there and add group to each user one at a time. Nah, too much work.

So I thought to try to do it programmatically, because who knows when this will come up again.

Script

It’s pretty straight forward.

#===========================================================================================
# This was created for a ticket request to mimic one user, SomeSamAccountUsername, group membership to add to a list of user accounts.
# By Ace Fekay 7/15/2015
#
# First, get a memberOf for SomeSamAccountUsername and save it to a file called c:\PSScripts\SomeSamAccountUsername-grouplist.txt
#     Run Get-QADMemberOf SomeSamAccountUsername
#
#     Copy and paste the output from the screen to the file
#     In the file, keep the DN values and delete everything else.
#
# Second, get a list of the user accounts that you want adjusted from the ticket owner
#     Then save the list in another text file called c:\PSscripts\Usernames.txt
#     Prefix the user accounts with the domain name, such as philly\username
#
# Third, read the first user in the list, then add the groups to that user, then read the next user in the list, repeat.
#===========================================================================================

# The next line adds all of the Quest tools.

Add-PSSnapIn Quest *
Get-QADMemberOf SomeSamAccountUsername

#===========================================================================================
# Sample output from Get-QADMemberOf SomeSamAccountUsername:
#===========================================================================================
#
#Name                           Type            DN                                                                                                            
##
#Domain Users                   group           CN=Domain Users,OU=IT,DC=philly,DC=contoso,DC=com                                                       
#Deployment Technician          group           CN=Deployment Technician,OU=IT,DC=philly,DC=contoso,DC=com                                         
#Desktop-Technician             group           CN=Desktop-Technician,OU=IT,DC=philly,DC=contoso,DC=com                                                     
#AddComputerToDomain            group           CN=AddComputerToDomain,OU=IT,DC=philly,DC=contoso,DC=com                                               
#Vendor-A-contractors           group           CN=Vendor-A-contractors,OU=IT,DC=philly,DC=contoso,DC=com                                               
#General-Group                  group           CN=General-Group,OU=IT,DC=philly,DC=contoso,DC=com                                                            
#Wireless-Users                 group           CN=Wireless-Users,OU=IT,DC=philly,DC=contoso,DC=com                                                
#Group-B                        group           CN=Group-B,OU=IT,DC=philly,DC=contoso,DC=com                                                                
#IT-Staff                       group           CN=IT-Staff,OU=IT,DC=philly,DC=contoso,DC=com                                                      
#IT-Admins                      group           CN=IT-Admins,OU=IT,DC=philly,DC=contoso,DC=com                                                     
#IT-Technicians                 group           CN=IT-Technicianss,OU=IT,DC=philly,DC=contoso,DC=com                                                   
#Client-Support                 group           CN=Client-Support,OU=IT,DC=philly,DC=contoso,DC=com   

# #=================================================================================================
# Sample of what C:\PSScripts\groupmembership\SomeSamAccountUsername-grouplist.txt  will look like:
# #=================================================================================================
# CN=Domain Users,OU=IT,DC=philly,DC=contoso,DC=com                                                       
# CN=Deployment Technician,OU=IT,DC=philly,DC=contoso,DC=com                                         
# CN=Desktop-Technician,OU=IT,DC=philly,DC=contoso,DC=com                                                     
# CN=AddComputerToDomain,OU=IT,DC=philly,DC=contoso,DC=com                                               
# CN=Vendor-A-contractors,OU=IT,DC=philly,DC=contoso,DC=com                                               
# CN=General-Group,OU=IT,DC=philly,DC=contoso,DC=com                                                            
# CN=Wireless-Users,OU=IT,DC=philly,DC=contoso,DC=com                                                
# CN=Group-B,OU=IT,DC=philly,DC=contoso,DC=com                                                                
# CN=IT-Staff,OU=IT,DC=philly,DC=contoso,DC=com                                                      
# CN=IT-Admins,OU=IT,DC=philly,DC=contoso,DC=com                                                     
# CN=IT-Technicians,OU=IT,DC=philly,DC=contoso,DC=com                                                   
# CN=Client-Support,OU=IT,DC=philly,DC=contoso,DC=com  
#=================================================================================================

#===========================================================================================
# Sample of what C:\PSScripts\groupmembership\List-Of-Usernames.txt username list will look like:
#==========================================================================================
# philly\username1
# philly\username2
# philly\username3
# philly\username4
# philly\username5
# philly\username6
# philly\username7
# philly\username8
# philly\username9
# philly\username10
# philly\username11
# philly\username12
# philly\username13
# philly\username14
# philly\username15
# philly\username16
#==========================================================================================

$GroupList = get-content C:\PSScripts\groupmembership\SomeSamAccountUsername-grouplist.txt 
$UsernameList = get-content C:\PSScripts\groupmembership\List-Of-Usernames.txt

# Now pull in each user one a time:
Foreach ($Username in $UsernameList)
{
 
# Now pull in each group one at a time and add them to the user
   Foreach ($Group in $GroupList)
  
# Add the group to the user 
    {
    Add-QADGroupMember  -Identity $Group -Member $Username
   
# Write out on the screen what username is and what group they were added to:
    write-host $Username “has been added to ” $Group
   
# Repeat for next group until all groups are done.
   }
  
# Repeat for the next user
}
#===========================================================================================
# That’s it!
#===========================================================================================

 

 

Summary

I hope this helps!

Published 7/27/2015

Ace Fekay
MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP – Directory Services

clip_image00262 clip_image00462 clip_image00662 clip_image00862 clip_image01062 clip_image01262 clip_image01462

Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

This posting is provided AS-IS with no warranties or guarantees and confers no rights.