We Keep Coding

Copy groups from one user to another in Active Directory

I'm trying to run this PowerShell script that I found but it's not working for me and I'm getting an error could someone else check it and tell me if there is an issue here?
$CopyFromUser = Get-ADUser userName -Server domainName -Properties MemberOf
$CopyToUser = Get-ADUser userName -Server domainName -Properties MemberOf
$CopyFromUser.MemberOf | Where{$CopyToUser.MemberOf -notcontains $_} | Add-ADGroupMember -Members $CopyToUser
pause
This is the error that I'm getting.
| A positional parameter cannot be found that accepts argument
| 'Microsoft.ActiveDirectory.Management.ADPropertyValueCollection'.

Add the group memberships one at a time, explicitly pass the target DN to the -Identity parameter:
$CopyFromUser = Get-ADUser userName -Server domainName -Properties MemberOf
$CopyToUser = Get-ADUser userName -Server domainName -Properties MemberOf
$CopyFromUser.MemberOf |Where-Object {$CopyToUser.MemberOf -notcontains $_} |ForEach-Object {
Add-ADGroupMember -Identity $_ -Members $CopyToUser
}

powershell script to add users to group if not a member of another group

I have an issue with the following script:
get-aduser -filter * -searchbase "dc=domain,dc=global" -ResultSetSize $null | where-object {((get-aduser $_.samaccountname -properties memberof).memberof -ne "Mimecast Remote Access Exceptions")} | ForEach {add-adgroupmember -identity "Mimecast Internal Access" -member $_.samaccountname}
It is still adding all users but not filtering out users who are members of the remote access exceptions group. Any idea what I am doing wrong?

First of all, you don't need to perform Get-ADUser twice.
Then, the MemberOf user property is a collection, not a single string, so you need to use -notcontains instead of -ne
Try:
# get the DistinguishedName property of the group
$groupDN = (Get-ADGroup -Identity "Mimecast Remote Access Exceptions").DistinguishedName
Get-ADUser -Filter * -SearchBase "dc=domain,dc=global" -Properties MemberOf |
Where-Object {$_.MemberOf -notcontains $groupDN} |
ForEach-Object { Add-ADGroupMember -Identity "Mimecast Internal Access" -Members $_ }

Building on #Theo's Answer
.memberOf will return distinguished name strings. -notcontains won't work unless you change the left hand side to the DN. That might look something like:
$DN = 'CN=Mimecast Remote Access Exceptions,OU=SomeOU,DC=domain,DC=global'
Get-ADUser -Filter * -SearchBase "dc=domain,dc=global" -Properties MemberOf |
Where-Object {$_.MemberOf -notcontains $DN } |
ForEach-Object { Add-ADGroupMember -Identity $DN -Members $_ }
Obviously correct $DN for your environment etc...

Powershell: How to get specific properties from users in a OU

I am trying to get some information for an audit. here's the code that i used but the output is empty except for the name. Can anyone point me in the right direction?
Thanks in advance!
$ou = Get-ADGroup -Identity Administrators -Properties member
$user = Get-ADGroupmember -Identity $ou
foreach ($user in $ou){
Get-ADGroupmember -Identity Administrators | Select-Object name, lastlogondate,passwordlastset
}

Try this
$members = Get-ADGroupMember -Identity Administrators -recursive | select samaccountname
foreach ($user in $members){
Get-ADUser -Identity $user.samaccountname -Properties name, lastlogondate,passwordlastset| Select-Object name, lastlogondate,passwordlastset
}

By default the properties lastlogondate and passwordlastset are not returned, you have to specify those (or all by using a *) using the -properties argument
Get-ADGroupmember -Identity Administrators -properties name,lastlogondate,passwordlastset | Select-Object name, lastlogondate,passwordlastset
or
Get-ADGroupmember -Identity Administrators -properties * | Select-Object name, lastlogondate,passwordlastset

Looking up a particular user in a particular group in AD using Powershell

I've been looking online for ways of doing this and I'm at a loss here. I'm looking for a way to look up a particular user within a particular group in AD through powershell. Here's what I've tried.
(Get-ADUser userName –Properties MemberOf).MemberOf
I get a bunch of groups
(Get-ADGroupMember "groupname").name
I get a bunch of usernames
I tried this command but it's taking forever to get results.
(Get-ADGroupMember 'groupname' | Get-ADUser -Property DisplayName | Where-Object { $_.Name -eq 'username'})
Is there a way where I can get a command that both fast and efficient. I'm also looking for their email address and surname and last name.
Thanks in advance

As commented, it is best not use the Name property, but if you have it use the SamAccountName or DistinguishedName of the user you seek to rule out ambiguous names.
$user = Get-ADGroupMember -Identity 'GroupName' |
Where-Object { $_.objectClass -eq 'user' -and $_.SamAccountName -eq 'userSamAccountName' } |
Get-ADUser -Properties DisplayName, EmailAddress, GivenName, Surname # add more properties if you need them
# display the user object on screen
$user
Or do this way:
$user = $null
$member = Get-ADGroupMember -Identity 'TheGroupName' |
Where-Object { $_.objectClass -eq 'user' -and $_.SamAccountName -eq 'TheuserSamAccountName' }
if ($member) {
# add more properties if you need them
$user = Get-ADUser -Identity $member.DistinguishedName -Properties DisplayName, EmailAddress, GivenName, Surname
}
else {
Write-Host "User 'TheuserSamAccountName' is not a member of group 'TheGroupName'"
}
# display the user object on screen
$user
The resulting $user object will also contain these properties:
DistinguishedName, Enabled, Name, ObjectClass, ObjectGUID, SamAccountName, SID, UserPrincipalName
If you don't need all of these properties simply filter them out using
$user | Select-Object DisplayName, EmailAddress, GivenName, Surname

Copy group membership from one user to another in AD

Im tyring to build a script which will copy group memberships from one user to another in AD. Im trying to use powershell to automate this task. However im stuck while creating a check for the user. In other words when i copy group membership from one user to another i want to be able to run a check to see if the user is already a member of the group before adding them, bu doing this i can avoid errors which such as " this user is already a member of the group and cannot be added again" Any help or advice would be appreciated. Im using the following to script at the moment.
$copy = Read-host "Enter user to copy from"
$Sam = Read-host " Enter user to copy to"
Function Copymembership {
$members = Get-ADUser -Identity $copyp -Properties memberof
foreach ($groups in $members.memberof){
if ($members -notcontains $groups.sAMAccountname)
{Add-ADGroupMember -Identity $groups -Member $sam -ErrorAction SilentlyContinue
Write-Output $groups}
}
}
copymembership

Use Get-ADUser for both users. Then use the -notcontains operator to filter groups.
$CopyFromUser = Get-ADUser JSmith -prop MemberOf
$CopyToUser = Get-ADUser MAdams -prop MemberOf
$CopyFromUser.MemberOf | Where{$CopyToUser.MemberOf -notcontains $_} | Add-ADGroupMember -Member $CopyToUser

One line to get what the user member of.
Get-ADUser -Identity alan0 -Properties memberof | Select-Object -ExpandProperty memberof
One line to copy the membership from one user to another.
Get-ADUser -Identity <UserID> -Properties memberof | Select-Object -ExpandProperty memberof | Add-ADGroupMember -Members <New UserID>

Your code is too complicated for this idea. Not sure if it can be done without the import-Module AciveDirectory cmdlet.
It is much easer to do that when you import the ActiveDirectory tool and use the built-in cmdlet. Check my code:
# import the Active Directory module in order to be able to use get-ADuser and Add-AdGroupMembe cmdlet
import-Module ActiveDirectory
# enter login name of the first user
$copy = Read-host "Enter username to copy from: "
# enter login name of the second user
$paste = Read-host "Enter username to copy to: "
# copy-paste process. Get-ADuser membership | then selecting membership | and add it to the second user
get-ADuser -identity $copy -properties memberof | select-object memberof -expandproperty memberof | Add-AdGroupMember -Members $paste

Something like this should tell you if a group contains a specific member:
If ((Get-ADGroup "Domain Admins" -Properties Members).Members -Contains (Get-ADUser "AdminBob").DistinguishedName) {write-host "Yes"}
There might be something simpler but this was the first thing that came to mind.

param
(
[Parameter(Mandatory=$true)][string]$CopyFromUser,
[Parameter(Mandatory=$true)][string]$CopyToUser
)
$FromUserGroups = (Get-ADUser $CopyFromUser -Properties MemberOf).MemberOf
$CopyToUser = Get-ADUser $CopyToUser -Properties MemberOf
$FromUserGroups | Add-ADGroupMember -Members $CopyToUser

In case you want to have manual control on what groups are added, then this is perfect example for Out-GridView. Procedure is the same as explained by TheMadTechnician above, just before passing it to Add-ADGroupMember, you insert Out-GridView. You can even include group descriptions or other parameters.
$CopyFromUser = Get-ADUser JSmith -prop MemberOf
$CopyToUser = Get-ADUser MAdams -prop MemberOf
$MissingGroups = Compare-Object $CopyFromUser $CopyToUser -Property MemberOf | ? SideIndicator -eq '<='
$GroupsObj = $MissingGroups.MemberOf | Get-ADGroup –prop Description | Select Name,Description
$GroupsObj | Out-GridView -PassThru | Add-ADGroupMember -Member $CopyToUser

am trying build script to Copy group membership from one user to another in AD
i have one domain and 3 different subdomains, can you please check if there is anything in the script must be changed, because it doesn't work thanks
$From = Read-Host -Prompt "From User"
$to = Read-Host -Prompt "To User"
$CopyFromUser = Get-ADUser -Server "de.isringhausen.net" -Identity $From -Properties MemberOf
$Group = $CopyFromUser.MemberOf
$confirmation = Read-Host "Do you want to Copy Group Membership from $From to $to ? Press 'y' to Proceed or any key to Cancel"
if ($confirmation -eq 'y') {
$Group | Add-ADGroupMember -Members $to
clear
echo "($From) User's Group Memership has been Copied to User ($to)"
Pause
}
else {
Write-Host 'Task Cancelled'
}