Add an Active Directory User to the Same Groups as Another User with PowerShell
A request has been received to grant additional permissions to an existing user in your
organizations Active Directory environment. The username of this existing user is frank0
. In
additional to his current responsibilities, Frank will be taking on the responsibilities of Alan who
goes by the username of alan0
.
Note: The examples shown in this blog article are being performed on a Windows 8.1 machine that has the Remote Server Administration Tools installed. The Active Directory module is not explicitly imported in these examples since Windows 8.1 runs PowerShell version 4 and the module auto-loading feature which was first introduced in PowerShell version 3 takes care of importing the module.
First, take a look at what Active Directory groups alan0
is a member of. These are the groups that
frank0
needs to be made a member of:
1Get-ADUser -Identity alan0 -Properties memberof |
2Select-Object -ExpandProperty memberof
The dotted notation style of accessing the MemberOf property could also be used:
1(Get-ADUser -Identity alan0 -Properties memberof).memberof
Frank is currently a member of the "Information Technology" group:
1(Get-ADUser -Identity frank0 -Properties memberof).memberof
A simple one-liner can be used to add Frank as a member of each of Alan's groups:
1Get-ADUser -Identity alan0 -Properties memberof |
2Select-Object -ExpandProperty memberof |
3Add-ADGroupMember -Members frank0
Nothing is returned by default if the command completes successfully:
Use the PassThru
parameter with the previous command to receive feedback about what groups Frank
is being added as a member of:
1Get-ADUser -Identity alan0 -Properties memberof |
2Select-Object -ExpandProperty memberof |
3Add-ADGroupMember -Members frank0 -PassThru |
4Select-Object -Property SamAccountName
In addition to the "Information Technology" group, Frank is now a member of all the groups that Alan is a member of:
1(Get-ADUser -Identity frank0 -Properties memberof).memberof
Want to add multiple users to the same groups that Alan is a member of? No problem:
1Get-ADUser -Identity alan0 -Properties memberof |
2Select-Object -ExpandProperty memberof |
3Add-ADGroupMember -Members frank0, gary0, jack0, john0, michael0, paul0
µ