The Microsoft Exchange certificate is installed when you install an Exchange Server, and it's 5…
Copy members from one AD group to another
AD groups are great for managing users, computers, groups, and other AD objects. This time you created a new AD group in Active Directory, and you want to copy members from one AD group to the new group. How to copy members from security group to distribution groups or the other way around? This article will teach you how to copy members from one AD group to another with PowerShell.
Table of contents
Information
If you have a couple of members, you can search and select them in Active Directory Users and Computers (ADUC). But what if you have many members, let’s say a thousand. Or, what if you want to be precise with copying members.
By reading another group from a list and adding them to another group is not bulletproof. You can miss a member, and that’s not what you want. That’s when you want to use PowerShell.
In our example, we like to copy the users from the AD group SG_Azure_A to another AD group SG_Azure_B.
- Source: SG_Azure_A
- Target: SG_Azure_B
AD members that we can copy
To copy members from one AD group to another will work for all group scopes and group types:
- Group scope: Domain local / Global / Universal
- Group type: Security / Distribution
Copy members will work criss-cross between the AD groups. For example, you have members in a Global Security, and you want to copy members to another Universal Distribution group, it works excellent.
In our example, we will copy members from a Universal Security group to another Universal Security group.
Good to know is that it will copy the users, groups, and computers from the members group.
Copy members from one AD group to another with PowerShell
Run PowerShell as administrator. List the members in the source AD group. Make use of Get-AdGroupMember cmdlet.
PS C:\> Get-ADGroupMember -Identity "SG_Azure_A" | Select-Object Name | Sort-Object Name
Name
----
Ali Tajran
Amanda Morgan
Amelia Nash
Benetiz Anees
Boris Campbell
Christopher Payne
Grace Rees
Irene Springer
Jasmina Teneres
Jonathan Fisher
Kylie Davidson
Leonard Clark
Madeleine Fisher
Mary Walsh
Max Fraser
Melanie Scott
Nicholas Murray
Piers Bower
Richard Grant
Ruth Dickens
Sebastian Nolan
Zoë ReesNote: Suppose you get the PowerShell output error that the size limit for this request was exceeded. Read the solution in the article Get-ADGroupMember : The size limit for this request was exceeded.
Get the target group and use the ForEach-Object cmdlet to add the members to the source AD group.
PS C:\> Get-ADGroupMember -Identity "SG_Azure_A" | ForEach-Object {Add-ADGroupMember -Identity "SG_Azure_B" -Members $_.distinguishedName}Do you want to copy members from one distribution group to another AD group? You only need to change the source and target AD groups.
Verify target AD group members
With the previous cmdlet, we did copy members from one AD group to another. It’s good to list the target AD group and verify that the copy did go successfully.
PS C:\> Get-ADGroupMember -Identity "SG_Azure_B" | Select-Object Name | Sort-Object Name
Name
----
Ali Tajran
Amanda Morgan
Amelia Nash
Benetiz Anees
Boris Campbell
Christopher Payne
Grace Rees
Irene Springer
Jasmina Teneres
Jonathan Fisher
Kylie Davidson
Leonard Clark
Madeleine Fisher
Mary Walsh
Max Fraser
Melanie Scott
Nicholas Murray
Piers Bower
Richard Grant
Ruth Dickens
Sebastian Nolan
Zoë ReesVerify the target AD group in ADUC.
We did successfully copy AD members from one AD group to another AD group. In our example, we did copy the members from a Universal Security group to another Universal Security group that is empty.
Read more: Convert Global to Universal Security Group with PowerShell »
Conclusion
You learned how to copy members from one AD group to another with PowerShell. If you have a couple of members, you can use Active Directory Users and Computers and add members to the AD group. If you have many members and want to speed up your work, your best way is PowerShell.
Did you enjoy this article? You may also like List all users in a Security Group through PowerShell. Don’t forget to follow us and share this article.
What Others Are Reading
Worked like a charm, thanks a lot.
Could something similar to this be done to loop through multiple groups to get the members of those groups, and add those members to a single group.
Essentially, Microsoft PowerBI service doesn’t support nested groups, which would be the ideal solution as I could just all my groups to one parent group and then use that group to apply the overarching permission. As this does not work, I need to populate a security group with named people, all of which are already stipulated in other groups (all in the same OU).
As a one off, I could extract the members and add them via PowerShell, but this would need to be maintained, so a script that could keep this “master” group up to date would be ideal.
What about when group A is located in domain A and group B is located in domain B and members of group A can be located in either domain A or domain B?
I have the following situation:
Group A is in domain A.local
Group B is also in the domain A.local
But my users are distributed in different subdomains A.A.local, B.A.local, etc.
When I run the command it searches for users in A.local and not in the subdomains.
I have written an article about how to copy AD members between domains.
Much better is
That’s an excellent command to copy members from one AD group to another. But, you will get an error if there are more than 5000 results.
The below command is better to use:
Read more in the article: Get-ADGroupMember : The size limit for this request was exceeded.
Hi Ali
When i try and run the code with my group names i get an error:
PS C:\Windows\system32> PS C:\> Get-ADGroupMember -Identity “Staff” | ForEach-Object {Add-ADGroupMember -Identity “Duo Accounts” -Members $_
.distinguishedName}
Get-Process : A positional parameter cannot be found that accepts argument ‘Get-ADGroupMember’.
At line:1 char:1
+ PS C:\> Get-ADGroupMember -Identity “Staff” | ForEach-Object {Add-ADG …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Get-Process], ParameterBindingException
+ FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.PowerShell.Commands.GetProcessCommand
Hi Peter,
You should remove “PS C:\>” from the command.
In this case, it starts with the Get-ADGroupMember cmdlet.
How about showing how to do this when the group you are trying to copy exceeds the 5000 limit in AD.
This happens because ADWS (Active Directory Web Services) restricts this.
I explained the error and solution in the article: Get-ADGroupMember : The size limit for this request was exceeded.
Unfortunately, this results in many errors in PS. Looks like this might not work when you have hundreds of AD sites and such.
Open PS as admin
Please help me add members to my group
Thanks Ali. It was very useful command.
Hi Ali,
Just, I found something maybe it can help later to make people sure about the comparing the member lists.
Hi Muhammed,
That’s an excellent way to compare both the security group members. I created an article about how to compare AD group members.
Hi Ali,
Thanks, It works great! especially without any problem with the member nested groups.
Good job, thanks
It did the job, thanks. Very well written.
Very nice, thank you.
This was exactly what I was looking for! You walkthrough is very detailed and easy to follow. Thank you so much!
Thank you for this such well explained and written text.