Adaxes

Copy groups from existing user to new user excluding all distribution groups

0 votes

I've looked at https://www.adaxes.com/script-repository/copy-group-membership-from-specified-user-s590.htm. is there away to change from group names to a group type? Like exclude all distribution groups?

by (480 points)
0

Hello Derek,

Sorry for the confusion, but we are not sure which of the three scripts from the article you mean.

Do we understand correctly that you need the script to just skip distribution groups? Please, describe the desired behavior in all the possible details.

by (272k points)
0

yes we have a lot of distibution groups and i do not want to have to list them all. i was wondering if i could just exclude the group type distribution.

the one with the following code:

$groupNamesToSkip = @("Group1", "Group2", "Group3*") # TODO: modify me

function SkipGroup($patterns, $sAMAccountName) { foreach ($pattern in $patterns) { if ($sAMAccountName -like $pattern) { return $True } }

by (480 points)
0

Hello Derek,

There are two scripts in the article containing exactly the code you provided. Please, specify which of the two (i.e. Using a custom command parameter and Only copy Azure AD groups) you need updated.

by (272k points)
0

Using a custom command parameter

by (480 points)

1 Answer

0 votes
by (272k points)

Hello Derek,

Thank you for specifying. You can copy the updated script below.

$sourceUserDNParamName = "param-User" # TODO: modify me
$replaceGroups = $False # TODO: modify me
$groupNamesToSkip = @("Group1", "Group2", "Group3*") # TODO: modify me

function SkipGroup($patterns, $sAMAccountName)
{
    foreach ($pattern in $patterns)
    {
        if ($sAMAccountName -like $pattern)
        {
            return $True
        }
    }

    return $False
}

# Bind to the source user
$sourceUserDN = $Context.GetParameterValue($sourceUserDNParamName)
$sourceUser = $Context.BindToObjectByDN($sourceUserDN)

# Get groups to add
$groupGuidsToAdd = New-Object "System.Collections.Generic.HashSet[System.Guid]"
$sourceUser.GetEx("adm-DirectMemberOfGuid") | %%{[void]$groupGuidsToAdd.Add([Guid]$_)}

# Get current groups
$currentGroupGuids = New-Object "System.Collections.Generic.HashSet[System.Guid]"
$Context.TargetObject.GetEx("adm-DirectMemberOfGuid") | %%{[void]$currentGroupGuids.Add([Guid]$_)}

# Update groups
foreach ($guidBytes in $groupGuidsToAdd)
{
    $guid = [Guid]$guidBytes
    if ($currentGroupGuids.Remove($guid))
    {
        continue
    }

    # Skip special groups
    $group = $Context.BindToObjectEx("Adaxes://<GUID=$guid>", $True)
    $sAMAccountName = $group.Get("sAMAccountName")
    if (($NULL -ne $groupNamesToSkip) -and 
    (SkipGroup $groupNamesToSkip $sAMAccountName))
    {
        continue
    }

    # Skip distribution groups
    [Softerra.Adaxes.Interop.Adsi.ADS_GROUP_TYPE_ENUM]$flag = "ADS_GROUP_TYPE_SECURITY_ENABLED"
    $comparison = $group.Get("groupType") -band $flag

    if ($comparison -eq 0)
    {
        continue
    }

    $group.Add($Context.TargetObject.AdsPath)
}

if ($replaceGroups)
{
    # Get the primary group ID
    $primaryGroupId = $Context.TargetObject.Get("primaryGroupID")

    foreach ($guidBytes in $currentGroupGuids)
    {
        $guid = [Guid]$guidBytes
        $group = $Context.BindToObjectEx("Adaxes://<GUID=$guid>", $True)

        # Skip the group if it is the user's Primary Group
        if ($group.Get("primaryGroupToken") -eq $primaryGroupId)
        {
            continue
        }

        $group.Remove($Context.TargetObject.AdsPath)
    }
}
0

Excellent. Thank You!

by (480 points)

Related questions

0 votes
1 answer
Copy group membership from already existing user except for a couple of groups

Is it possible using PowerShell to copy group memberships from an already existing user without copying 2 specific groups named for example test and test 1 ? We are currently ... groups are not included. I can share the PowerShell script if needed. KR, Cas

asked Oct 30, 2023 by Cas (150 points)
0 votes
1 answer
Copy all groups of a user, create a new group add the groups copied in this group

How can I create a script that does these things For internal audit. objective Even removing all groups of a disconnected user, we will still know which groups the ... in the created group (audit)-sAMAccountName-access add the (user)-sAMAccountName in members

asked Jul 2, 2022 by alancardoso (40 points)
0 votes
1 answer
Is there a way to copy group membership of selected user and make a new user a member of those same groups?

Our Help Desk currently 'mirrors' the group membership of a new user based on another existing user in our AD. I'd like to be able to automate this so that the initiator ... and 'paste' it on the new user being created. Any help on this would be appreciated!

asked Apr 21, 2020 by RayBilyk (230 points)
0 votes
1 answer
copy groups from one user to another

goal is to copy groups from one user to another during the crete user process. I created a variable on the create user form to input the UPN of the ... primaryGroupToken") -eq $primaryGroupId) { continue } $group.Remove($Context.TargetObject.AdsPath) } }

asked Nov 30, 2021 by Derek.Axe (480 points)
0 votes
1 answer
Copy of groups membership from one user to another

Hi, Group memberships are kept when using "User Copy" function. Is it possible to do the same thing between two existing users ? (custom commands or else) Thanks for your response, Yoann

asked Oct 4, 2012 by yoann.hamon (180 points)
3,351 questions
3,052 answers
7,791 comments
545,091 users