SIDDAWAY: AD ADmin MOL New-ADUser (template)

on page 21 of AD Admin in a Month of Lunches Mr. Siddaway suggest code that uses an AD User as a template for creation of another new AD user:

$secpass = Read-Host "Password" -AsSecureString
$user = Get-ADUser -Identity Fcsr -Properties memberOf
New-ADUser -Name "FirstLevel2 CSR" -SamAccountName 'Fcsr2' `
 -UserPrincipalName "" -AccountPassword $secpass -Path "OU=Users,OU=Contractors,DC=MY,DC=foo,DC=com" `
 -Enabled:$true -Instance $user

…why would the administrator bother to retrieve the memberOf property of the template user if in the next paragraph Siddaway reminds the reader that “This technique doesn’t copy group memberships or other multi valued attributes, which is put into the -Instance parameter”?

If you’re going to quote me please quote in full.

In the Tip on page 21 I state

This technique doesn't copy group memberships or other multivalue attributes. I reccommend using ADUC for copying accounts

The technique was included for completeness and as the Tip shows I recommended that the PowerShell approach, IN THIS INSTANCE, wasn’t the best option to adopt

Another approach may be to use a separate command to pull the group memberships of the template user account then pipe it to add-AdGroupMember.

Get-ADPrincipalGroupMembership Fcsr | Where-Object -Property Name -NotMatch ("Domain Users") `
	      |Select -ExpandProperty SamAccountName|ForEach-Object { Add-ADGroupMember -Identity $PSItem -Members Fcsr2}

I see ok thanks for explaining Mr. Siddaway.

I think based on what I had read earlier in your book led me to believe that this (-Properties memberOf) might have been a typo.

pg 08 “There are no trick questions”
pg 18 Which of the three methods to use? 1) What tools I have in my environment 2) What I feel comfortable using
pg 19 Your recommendations for creating a single user 1) “Powershell by preference and is a viable option. Compared to the GUI Tools, it’s a little more difficult to use when you’re creating users from a template account…”

…I read that last point as “a little more difficult” but not impossible.

So this seems a bit of a red herring then, as I couldn’t reconcile why it (-Properties memberOf) was there in the first place… for completeness as you put it.

At any rate, the exercise got me to try it on my own to see the (lack of) intended results and was most instructive!

It might have been useful to put in a caveat somewhere like "NOTE: Not all examples of Powershell code will actually work to create all intended results but are included for the sake of completeness". (My particular environment is not "really weird" fyi). Maybe you did, but I can't find it.

Anyway, thanks for taking my feedback, I love the book.


Thanks Juan, I will try this approach


Also remember that the book is a tutorial. The code as it stands shows that the attribute isn’t populated which if if you remember the Tip is part of the point of the section…