In Windows Active Directory you can easily copy an existing user and create a matching account for a new user. For whatever reason this cannot be done through the ADUC GUI (ADUC – Active Directory Users and Computers) when it comes to groups. I find this very annoying – especially if you have groups with dozens or even hundreds of users. I thought there must be a better way of doing this and indeed – PowerShell is your friend when it comes to such tasks.
So, I was asked to create a new group of users and it turned out to be a group with a few dozen of users. Fortunately I already had a similar group already and wanted to use it as the foundation for the new group. But as mentioned, there is no easy way to copy a user group in Active Directory.
I started doing some quick research and discovered the appropriate commands in PowerShell. In this case I am going to use PowerShell 3.0. So, if you are not on that version of PowerShell just, please update first as the commands might not be 100% compatible. Please be aware that installing PowerShell 3.0 requires a reboot of your workstation or laptop.
First I created a new Global Security Group … by hand. Yes, I know this can be scripted as well, but in this case the 3 or 4 extra clicks did not bother me and unless you have to create many different groups at the same time it is not really an issue.
Now that the new group was created all I needed were the 2 group names (original group and new group) and some PowerShell commands. It was my goal not to add too many extra steps. I did not want to export the group members from the original group and to import them into the new group. That just defeats the purpose in my opinion. It is 2013 after all scripting should be on a completely different level (and it is …). So, with the following command you can simply copy active directory group members between groups.
Get-ADGroupMember -Identity Original-Group-Name | Add-ADPrincipalGroupMembership -MemberOf New-Group-Name
This easy to use one-liner works just fine. Please note that I ran this from a PowerShell 3 command window in administrator mode. I often do this when it comes to critical tasks to simply avoid failure at first and then having to open another window with elevated privileges.
PowerShell scripts as well as VB scripts are great tools to automate many of your day to day tasks. Another approach for my task here would have been to export the user list from the original group, add the new users to the same list and import it all to the new group. There are many ways to skin the cat, but in this case this simple command (I do not really think I want to call it a script) did the trick for me. My main background is on the PowerCLI side of things – which pretty much is just PowerShell beefed up with some custom VMware commands. I have been using VMware virtualization in hosted environments quite a bit and when you manage dozens of hosts, several clusters, and thousands of virtual machines automation through scripting is critical to get the job done.
Leave a Reply