-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy-SHDUserGroupToUser.ps1
112 lines (105 loc) · 6.97 KB
/
Copy-SHDUserGroupToUser.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
Function Copy-SHDUserGroupToUser {
<#
.SYNOPSIS
Copys target users groups to a set of users.
.DESCRIPTION
This commandlet copy's a target users groups to another user or a set of users.
You can choose all group, security groups, distribution groups, domain, global and universal groups to copy.
You can chose to use your currently running credentials or a different set of credentials.
It doesn't matter how many target users you have, it will loop through each one granting the groups.
.PARAMETER SourceUser
A mandatory parameter that can be piped in that give the target username. This will be the user that you will grab all the group information from.
.PARAMETER Targetuser
A mandatory list of strings. Targetuser is the usernames of each target you wish to deploy the sourceuser's groups to.
.PARAMETER GroupCategory
A validated set between Security and Distribution groups. By using this, you are adding the sourceuser's security or distrubtion groups to the target user.
If you do not use this flag, you will add all the other groups accordingly to the targetuser.
.PARAMETER GroupScope
A validated set between Universal, global, or domainlocal groups. By using this you are adding the sourceuser's Universal, global or domainlocal groups to the target user.
If you do not use this flag, you will add all the other groups accordingly to the targetuser.
.PARAMETER Credential
Optional Credentials to run the command with
.PARAMETER RemoveGroups
A switch parameter that will remove the previous groups. if the Groupcategory or group scope is set, those groups accordingly will be removed.
.EXAMPLE
Copy-SHDUserGroupToUser -SourceUser Bob -TargetUser Frank,Tim,Yugi
In this example, all of bob's groups will be copied to Frank, Tim and Yugi. Frank, Tim and Yugi will also have whatever groups they had before hand.
.EXAMPLE
Copy-SHDUserGroupToUser -SourceUser Bob -TargetUser Frank,Tim,Yugi -GroupCategory Security
In this example all of bob's security groups will be copied to Frank, Tim, and Yugi. Frank, Tim and Yugi will also have whatever groups they had before hand.
.EXAMPLE
Copy-SHDUserGroupToUser -SourceUser Bob -TargetUser Frank, Tim -GroupScope DomainLocal
In this example, all of bob's domain local groups will be copied to frank and Tim. Frank and Tim will also have whatever groups they had before hand.
.EXAMPLE
Copy-SHDUserGroupToUser -SourceUser Bob -TargetUser Frank,Tim -GroupCategory Security -RemoveGroups
In this example, Frank and Tim's security groups will be removed. Bob's securtiy groups will then be added to Frank and Time. Distribution groups will not be touched.
.EXAMPLE
Copy-SHDUserGroupToUser -SourceUser Bob -TargetUser Frank,Tim -GroupScope Universal -GroupCategory Distribution -RemoveGroups -Credential (Get-Credential)
In this example, we will remove all of Frank and Tim's Universal Distribution groups and add bob's universal distrubtion groups.
The command will do this using credentials provided by the user.
.INPUTS
Username
.OUTPUTS
none
.NOTES
author: David Paul Bolding
date: 10/12/2020
.LINK
https://github.com/rndadhdman/PS_Super_Helpdesk
#>
[cmdletbinding()]
param (
[Parameter(
ValueFromPipeline = $True,
ValueFromPipelineByPropertyName = $True,
HelpMessage = "Enter a users Name",
Mandatory = $true)][String]$SourceUser,
[Parameter(HelpMessage = "Target User", Mandatory = $True)][string[]]$TargetUser,
[parameter(Helpmessage = "Group Category")][validateset("Security", "Distribution")]$GroupCategory,
[parameter(Helpmessage = "Group Scope")][validateset("Universal", "Global", "DomainLocal")]$GroupScope,
[Parameter(HelpMessage = "Allows for custom Credential.")][System.Management.Automation.PSCredential]$Credential,
[parameter(helpmessage = "Removes All Groups")][switch]$RemoveGroups
)
$Groups = (Get-ADUser -Identity $SourceUser -Properties memberof).memberof -Replace '^cn=([^,]+).+$', '$1' | Sort-Object | ForEach-Object { (Get-ADGroup -Filter "name -like '$_'") }
if ($PSBoundParameters.ContainsKey('GroupCategory')) { $Groups = $Groups | Where-Object { $_.GroupCategory -like "$GroupCategory" } }
if ($PSBoundParameters.ContainsKey('GroupScope')) { $Groups = $Groups | Where-Object { $_.GroupScope -like "$GroupScope" } }
foreach ($Target in $TargetUser) {
if ($RemoveGroups) {
$TGroups = (Get-ADUser -Identity $Target -Properties memberof).memberof -Replace '^cn=([^,]+).+$', '$1' | Sort-Object | ForEach-Object { (Get-ADGroup -Filter "name -like '$_'") }
if ($PSBoundParameters.ContainsKey('GroupCategory')) { $TGroups = $TGroups | Where-Object { $_.GroupCategory -like "$GroupCategory" } }
if ($PSBoundParameters.ContainsKey('GroupScope')) { $TGroups = $TGroups | Where-Object { $_.GroupScope -like "$GroupScope" } }
$TGroups | ForEach-Object {
try {
if ($PSBoundParameters.ContainsKey('Credential')) {
Write-Verbose "Remove $($_.Samaccountname) a $($_.GroupCategory.tostring()) a $($_.GroupScope.tostring()) to $Target"
Remove-ADGroupMember -Identity $_.samaccountname -Members $Target -Credential $Credential -Confirm:$false
}
else {
Write-Verbose "Remove $($_.Samaccountname) a $($_.GroupCategory.tostring()) a $($_.GroupScope.tostring()) to $Target"
Remove-ADGroupMember -Identity $_.samaccountname -Members $Target -Confirm:$false
}
}
catch {
Write-Verbose "Failed to Remove $($_.Samaccountname) to $Target"
Write-Warning "$($_.samaccountname) could not apply to $Target"
}
}
}
$Groups | ForEach-Object {
try {
if ($PSBoundParameters.ContainsKey('Credential')) {
Write-Verbose "Add $($_.Samaccountname) a $($_.GroupCategory.tostring()) a $($_.GroupScope.tostring()) to $Target"
Add-ADGroupMember -Identity $_.samaccountname -Members $Target -Credential $Credential
}
else {
Write-Verbose "Add $($_.Samaccountname) a $($_.GroupCategory.tostring()) a $($_.GroupScope.tostring()) to $Target"
Add-ADGroupMember -Identity $_.samaccountname -Members $Target
}
}
catch {
Write-Verbose "Failed to add $($_.Samaccountname) to $Target"
Write-Warning "$($_.samaccountname) could not apply to $Target"
}
}
}
}