Copy Active Directory group membership from user to user

by on Sep.11, 2013, under Active Directory, DuPSUG, PowerShell

This is something that has been done before, quite a lot actually.
What I wanted to do was write a script to copy the group membership of user 1 to user 2.
But… I also wanted the option to remove the group membership from the source user.
I also want the helpdesk to be able to do this, so some feedback from the script is required.

Think about the usecase for such a script/function, for example in migrations.
You could put in a little line to also disable the source account 🙂

Anyhow, here you go… a function that does what I described:

function Copy-GroupMemberShip {
    param (
    $SourceUser = Get-ADUser $Source -Properties memberOf
    $TargetUser = Get-ADUser $Target -Properties memberOf
    $List = @{}
    $OutputAdded = @()
    foreach ($SourceDN In $SourceUser.memberOf) {
        $List.Add($SourceDN, $True)
        $SourceGroup = [ADSI]"LDAP://$SourceDN"
        if ($SourceGroup.IsMember("LDAP://" + $TargetUser.distinguishedName) -eq $False) {
            Add-ADGroupMember -Identity $SourceDN -Members $Target
            $OutputAdded += $SourceDN
    Write-Output "Copied the following groups from user $Source to user $Target:"
    if ($CleanTarget -eq $true) {
        $OutputRemoved = @()
        foreach ($TargetDN In $TargetUser.memberOf) {
            if ($List.ContainsKey($TargetDN) -eq $False) {
                Remove-ADGroupMember $TargetDN $Target
                $OutputRemoved += $TargetDN
        Write-Output "Removed the following groups from user $Target:"

