We use cookies to improve your experience.
By your continued use of this site you accept such use.
For more details please see our privacy policy and cookies policy.

Script repository

Copy user properties and group membership

February 18, 2021 Views: 4767

The script can be used in business rules, custom commands and scheduled tasks to copy property values and group memberships from a user to another user. To copy properties from a user, specify that user in the target user account using a property specified by $source. Then, execute the script on the user account that will receive the copied properties and group memberships.

To add the script to a business rule, custom command or scheduled task, use the Run a program or PowerShell script action.

Parameters:

  • $source - Specifies the property that will be used to specify the source user. Use a property that supports the DN syntax, for example, assistant.
  • $propertiesToCopy - Specifies the properties of the source user that will be copied.
Edit Remove
PowerShell
$source = "assistant" # TODO: modify me
$propertiesToCopy = @("displayName", "physicalDeliveryOfficeName", "telephoneNumber", "mail", "employeeID", "employeeType") # TODO: modify me

# Bind to the source user
try
{
    $sourceUserDN = $Context.TargetObject.Get($source)
    $sourceUser = $Context.BindToObjectByDN($sourceUserDN)
}
catch
{
    $Context.LogMessage("The user to copy properties from is not specified", "Warning")
    return
}

# Update properties
foreach($propertyName in $propertiesToCopy)
{
    try
    {
        $propertyValue = $sourceUser.Get($propertyName)
    }
    catch
    {
        continue # The property is empty
    }
    
    $Context.TargetObject.Put($propertyName, $propertyValue)
}

# Save changes
$Context.TargetObject.SetInfo()

# Get group memberships
try
{
    $groupGuidsInBytes = $sourceUser.GetEx("adm-DirectMemberOfGuid")
}
catch
{
    $Context.LogMessage($sourceUser.Name + " is not a member of any groups", "Information")
    return
}

# Get the ID of the target user's primary group
$primaryGroupId = $Context.TargetObject.Get("primaryGroupID")

# Add target user to groups
$Context.LogMessage("Adding the user to groups:", "Information")
foreach ($groupGuidBytes in $groupGuidsInBytes)
{
    $groupGuid = New-Object "System.Guid" (,$groupGuidBytes)
    $groupGuid = $groupGuid.ToString("B")
    $group = $Context.BindToObject("Adaxes://<GUID=$groupGuid>")
    
    # Skip the group if it is the primary group for the user
    if ($group.Get("primaryGroupToken") -eq $primaryGroupId)
    {
        continue
    }
    
    try
    {
        $group.Add($Context.TargetObject.AdsPath)
    }
    catch
    {
        $Context.LogMessage($group.Get("name") + ": " + $_.Exception.Message, "Warning")
    }
}

Comments 0
avatar
sysadmin Sep 26, 2023
If you are just trying to create a custom command that copies group access, then the following works fine. You need to set it up with the parameter being a user in AD.

Get-ADUser -Identity "%param-Source-User%" -Properties memberof | Select-Object -ExpandProperty memberof | Add-ADGroupMember -Members "%username%"
Leave a comment
Loading...

Got questions?

Support Questions & Answers