Documentation
Powered by

# AD-CopyGroups.ps1

# Purpose

Interactively copies group memberships and key attributes from one Active Directory user (source) to another (target), with options to reset password, clear existing memberships, and move the target user to the correct OU. Ensures baseline group membership and removes non-standard groups as required.

# Function

  1. Prompts for the source user (by login, UPN, email, or display name) and validates existence in AD.
  2. Prompts for the target user and validates existence in AD.
  3. Presents a menu:
    • Copy roles (with option to clear existing roles)
    • Re-enable account and copy roles (for departed users, including OU move, password reset, and group cleanup)
    • Exit
  4. Optionally enables the target account, moves it to the correct OU, and prompts for missing attributes (EmployeeID, Manager, Title, Department).
  5. Optionally resets the password and forces change at next login.
  6. Optionally removes all existing group memberships from the target account (except Domain Users).
  7. Copies all group memberships from the source to the target account.
  8. Ensures the target is a member of required base groups (e.g., All Staff) and removes from non-standard signature groups.
  9. Displays completion message and exits.

# Usage 

./AD-CopyGroups.ps1

The script is fully interactive and does not require command-line parameters.

# Inputs

  • User input: Source and target user names (login, UPN, email, or display name)
  • Menu selections for actions (copy roles, re-enable, exit)
  • Prompts for missing attributes (EmployeeID, Manager, Title, Department)
  • Prompts for password reset and group membership removal (yes/no)

# Variables

  • $userNameFrom, $userNameTo: Usernames for source and target
  • $SamAccountNameFrom, $SamAccountNameTo: Resolved sAMAccountNames
  • $orgUnitLocationFrom, $orgUnitLocationTo: Distinguished names (OU paths)
  • $scriptComplete: Script completion state
  • $targetOU: Target OU for active users

# Command Line Flags

None. All input is provided interactively.

# Outputs

  • Writes status and results to the console (group membership changes, OU moves, attribute updates)
  • Displays completion and error messages
  • Logs group additions/removals and attribute changes

# Notes

  • Requires the Active Directory module (Get-ADUser, Add-ADGroupMember, etc.)
  • Requires Exchange Online connectivity for mailbox actions
  • Handles input sanitisation for AD queries
  • Ensures robust error handling and user prompts for all critical actions