I recently moved into a new role and needed to to be added to a number of AD groups. An often-used method for this is to model a new employee’s permissions after someone already in the same role. For one or two groups it is relatively simple to just do this manually, but as you can imagine it quickly gets tedious when several are involved. For this reason, I whipped up the following PowerShell snippet to ease the pain.
This works by:
- Pulling the list of AD groups that user1 is a member of.
- Selecting only the memberof property and expanding it to make sure the list isn’t truncated.
- Looping through each of the groups to:
- Extract only the group name from the Distinguished Name (which is the format it comes in from the previous command).
- Use the extracted group name with Add-ADGroupMember to add our new user to that group.
get-aduser user1 -Properties memberof | select -ExpandProperty memberof | ForEach-Object -Process {$groupName = ($_ -split ',*..=')[1]; Add-ADGroupMember -Identity $groupName -Members user2}
Leave a Reply