AD.Account.CopyGroups

Copies group membership from one account to another

Mode 1 (Exact): Copy the exact source account group membership, including primary group, to the target account. The target account is removed from all groups that the source account is not member of.

Mode 2 (Listed): Copy source account group membership to the target, but only for groups listed. The target account is not removed from any groups and the target primary group is not affected. You provide a list of groups that the target account can be added to, the target account is then added to the groups in the list that the source account is member of.

Category
Active Directory

Script section
All

AD.Account.CopyGroups Mode, SrcAccountADPath, TrgtAccountADPath, [ListOfGroupAdPaths]

Mode

Mode, see above. Options: Exact | Listed

SrcAccountADPath

Full AD path to source account

TrgtAccountADPath

Full AD path to target account

ListOfGroupAdPaths

List of AD paths for groups, Format: full AD path to group + "§" after each entry.

Notice: Only used in listed mode, leave empty in exact mode.

Examples
1) In domain d31.acme.com: copy group membership from account "user2" in "users" container to account "pxb3" in "myou" OU. After the command is executed "pxb3" will be member of exactly the same groups as "user2".

AD.Account.CopyGroups exact, dc=com/dc=acme/dc=d31/cn=users/cn=user2, dc=com/dc=acme/dc=d31/ou=myou/cn=pxb3,

2) If "user2" is member of "groupa" then add "pxb3" to "groupa" and if "user2" is member of "groupb" then add "pxb3" to "groupb". After the command is executed "pxb3" will be member of "groupa" only if "user2" is member of "groupa" and member of "groupb" only if "user2" is member of "groupb". "pxb3" will still also be member of any groups that the account was member of before the command.

AD.Account.CopyGroups listed, dc=com/dc=acme/dc=d31/cn=users/cn=user2, dc=com/dc=acme/dc=d31/ou=myou/cn=pxb3, dc=com/dc=acme/dc=d31/ou=students/cn=groupa§dc=com/dc=acme/dc=d31/cn=users/cn=groupb§