We may need to copy the members of one group into a second
In these examples I’m copying the membership of a Universal group into a Domain Local group. That’s just because I have those groups available. You can copy between any two groups but remember that global groups can only contain members from within the domain – in my test environment I only have a single domain so the restriction doesn’t apply.
$ou = "OU=BlogTests,DC=Manticore,DC=org" "`nMicrosoft" $gsource = "GroupUnvlSecA" $gtarget = "GroupDmlSecA" Get-ADGroupMember -Identity $gsource | foreach { Add-ADGroupMember -Identity $gtarget -Members $($_.DistinguishedName) } "`nAD provider" $gsource = "GroupUnvlSecB" $gtarget = "GroupDmlSecB" $ou = "OU=TestGroups,DC=Manticore,DC=org" $m = Get-ItemProperty -Path ad:\"cn=$gsource,$ou" -Name member $members = @($m.member) Set-ItemProperty -Path ad:\"cn=$gtarget,$ou" -Name member -Value $members "`nQuest" $gsource = "GroupUnvlSecC" $gtarget = "GroupDmlSecC" Get-QADGroupMember -Identity $gsource | Add-QADGroupMember -Identity $gtarget "`nScript" $gsource = "GroupUnvlSecD" $gtarget = "GroupDmlSecD" $source = [adsi]"LDAP://cn=$gsource,$ou" $target = [adsi]"LDAP://cn=$gtarget,$ou" $source.member | foreach { $target.Add("LDAP://$($_)") }
The two cmdlet based solutions involve getting the membership of the source group and piping it into a cmdlet that can add those members to a new group.
The provider simply gets the member property of the source group, converts it to an array and uses that to set the target group membership
The script iterates through the members of the source group and uses the Add() method to add them to the new group
Richard Siddaway's Blog 