Script repository

Copy user properties and group membership

Updated on: Jan 18, 2026, Views: 7406

Group membership, User accounts

The script copies property values and group membership from one user to another. To execute the script, create a business rule, custom command or scheduled task configured for the User object type.

Parameters

  • $source - the name of the property to get the distinguished name (DN) of the source user from.
  • $propertiesToCopy - the names of the properties to copy.
$source = "assistant" # TODO: modify me
$propertiesToCopy = @("displayName", "physicalDeliveryOfficeName", "telephoneNumber", "mail", "employeeID", "employeeType") # TODO: modify me

# Bind to the source user.
try
{
    $sourceUserDN = $Context.TargetObject.Get($source)
    $sourceUser = $Context.BindToObjectByDN($sourceUserDN)
}
catch
{
    $Context.LogMessage("The user to copy properties from is not specified", "Warning")
    return
}

# Update properties
foreach($propertyName in $propertiesToCopy)
{
    try
    {
        $propertyValue = $sourceUser.Get($propertyName)
    }
    catch
    {
        continue
    }
    
    $Context.TargetObject.Put($propertyName, $propertyValue)
}

# Save changes
$Context.TargetObject.SetInfo()

# Get group memberships
try
{
    $groupGuidsInBytes = $sourceUser.GetEx("adm-DirectMemberOfGuid")
}
catch
{
    $Context.LogMessage($sourceUser.Name + " is not a member of any groups", "Information")
    return
}

# Get the ID of the target user's primary group.
$primaryGroupId = $Context.TargetObject.Get("primaryGroupID")

# Add target user to groups.
$Context.LogMessage("Adding the user to groups:", "Information")
foreach ($groupGuidBytes in $groupGuidsInBytes)
{
    $groupGuid = New-Object "System.Guid" (,$groupGuidBytes)
    $groupGuid = $groupGuid.ToString("B")
    $group = $Context.BindToObject("Adaxes://<GUID=$groupGuid>")
    
    # Skip the group if it is the primary group for the user.
    if ($group.Get("primaryGroupToken") -eq $primaryGroupId)
    {
        continue
    }
    
    try
    {
        $group.Add($Context.TargetObject.AdsPath)
    }
    catch
    {
        $Context.LogMessage($group.Get("name") + ": " + $_.Exception.Message, "Warning")
    }
}

Comments 1

You must be signed in to comment.

  • sysadmin

    sysadmin

    If you are just trying to create a custom command that copies group access, then the following works fine. You need to set it up with the parameter being a user in AD.

    Get-ADUser -Identity "%param-Source-User%" -Properties memberof | Select-Object -ExpandProperty memberof | Add-ADGroupMember -Members "%username%"

Got questions?

Support Questions & Answers

We use cookies to improve your experience.
By your continued use of this site you accept such use.
For more details please see our privacy policy and cookies policy.