Copying security groups of old user to a new user

by acidbiscuit at 2013-02-06 16:41:10


Is there a power shell command that I can use to copy all security group information from one user to another.
It is a complete hassle adding it up one by one especially if there is a lot groups I need to copy.
I am new and we are using citrix desktop to run AD. What are the needed software and pre-requisites
before I can do this … I found something but is unsure whether this would work . Please advise. Thanks.

# Script to copy group memberships from a source user to a target user.

Param ($Source, $Target)
If ($Source -ne $Null -and $Target -eq $Null)
$Target = Read-Host "Enter logon name of target user"
If ($Source -eq $Null)
$Source = Read-Host "Enter logon name of source user"
$Target = Read-Host "Enter logon name of target user"

# Retrieve group memberships.
$SourceUser = Get-ADUser $Source -Properties memberOf
$TargetUser = Get-ADUser $Target -Properties memberOf

# Hash table of source user groups.
$List = @{}

#Enumerate direct group memberships of source user.
ForEach ($SourceDN In $SourceUser.memberOf)
# Add this group to hash table.
$List.Add($SourceDN, $True)
# Bind to group object.
$SourceGroup = [ADSI]"LDAP://$SourceDN"
# Check if target user is already a member of this group.
If ($SourceGroup.IsMember("LDAP://" + $TargetUser.distinguishedName) -eq $False)
# Add the target user to this group.
Add-ADGroupMember -Identity $SourceDN -Members $Target

# Enumerate direct group memberships of target user.
ForEach ($TargetDN In $TargetUser.memberOf)
# Check if source user is a member of this group.
If ($List.ContainsKey($TargetDN) -eq $False)
# Source user not a member of this group.
# Remove target user from this group.
Remove-ADGroupMember $TargetDN $Target
by DonJ at 2013-02-07 09:38:06
There’s no single command, no. At a glance, it looks like the script you posted would do the job. That script depends on the Microsoft ActiveDirectory module, which is in the Win7 and Win8 RSAT downloads, and which require at least one DC either running 2008R2 or 2012, or one DC running the free Web Gateway add-in from MS.