Skip navigation
Menu
End-User Platforms>Windows 7/8

JSI Tip 7560. How to I copy domain group membership from one user to another?

Using the Active Directory command-line tools, I have scripted CopyDomGroups.bat to 'copy' domain group membership from a source account to a destination account.

The syntax for using CopyDomGroups.bat is:

CopyDomGroups From Add_or_Replace \[To\]

where:

From is the the source account, using the NetBIOS (SamId) account name in the current domain.

Add_or_Replace is an A to add the accounts from the source user (From) to the destination user (To), and a R replaces the destination user's (To) group membership with the source user's (From) group membership.

To is the destination account, using the NetBIOS (SamId) account name in the current domain. If omitted, the current user (%UserName%) is used.

NOTE: All domain group scopes and group types (security or distribution) are 'copied'.

CopyDomGroups.bat contains:

@echo off
if \{%2\}
\{\} @echo Syntax: Call CopyDomGroups From Add_or_Replace \[To\]&goto :EOF
setlocal
set from=%1
set ar=%2
set to=%username%
if not \{%3\}
\{\} set to=%3
if /i "%ar%" EQU "a" goto arok
if /i "%ar%" NEQ "r" @echo Syntax: Call CopyDomGroups From MergeReplace \[To\]&goto finish
:arok
for /f "Tokens=*" %%u in ('dsquery user -samid %from%') do set fdn=%%u
if not defined fdn @echo CopyDomGroups %from% not found.&goto finish
for /f "Tokens=*" %%u in ('dsquery user -samid %to%') do set tdn=%%u
if not defined tdn @echo CopyDomGroups %to% not found.&goto finish
if /i "%ar%" EQU "a" goto add
@echo.>%TEMP%\CopyDomGroups.tmp
for /f "Tokens=*" %%a in ('dsget user %fdn% -memberof') do @echo %%a>>%TEMP%\CopyDomGroups.tmp
for /f "Tokens=*" %%b in ('dsget user %tdn% -memberof ^|findstr /i /l /v /g:%TEMP%\CopyDomGroups.tmp') do set DN=%%b&call :rparse
:add
@echo.>%TEMP%\CopyDomGroups.tmp
for /f "Tokens=*" %%a in ('dsget user %tdn% -memberof') do @echo %%a>>%TEMP%\CopyDomGroups.tmp
for /f "Tokens=*" %%b in ('dsget user %fdn% -memberof ^|findstr /i /l /v /g:%TEMP%\CopyDomGroups.tmp') do set DN=%%b&call :aparse
:finish
if exist %TEMP%\CopyDomGroups.tmp del /a %TEMP%\CopyDomGroups.tmp
endlocal
goto :EOF
:rparse
dsmod group %DN% -rmmbr %tdn% >nul
goto :EOF
:aparse
dsmod group %DN% -addmbr %tdn% >nul



Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
PowerShell screenshot shows Where-Object cmdlet
How to Use the PowerShell Where-Object Cmdlet
Aug 04, 2022
shield_icon_laptop.jpg
What To Do When Windows Defender Is Not Working
Mar 15, 2022
Computer Screen Showing Password Dialog Box
Microsoft Edge Downloads Updated for Azure AD Sign-In & Sync
Aug 22, 2019
mktg-wp-nolabel5
How to Approach the Windows 7 to 10 Migration
Aug 01, 2019