Overview
Active Directory groups are sets of Active Directory (AD) objects that can be used to simplify IT administration and ensure accurate delegation of rights and dissemination of information. There are two types of AD groups:
- Security groups are used to assign permissions to shared resources. For example, you could create a security group for all employees in the marketing department and then grant that group permissions to access the company’s marketing share.
- Distribution groups are used to create email distribution lists. For example, you could create a distribution group for all employees in the sales department and then use that group to send mass email messages to the sales team.
Here, we will be focused on Security Groups and using PowerShell to copy members from an existing security group to a newly created group that currently contains no members.
Creating your new group
First, lets use PowerShell to create a new AD security group.
New-ADGroup -Name NewGroupName -GroupCategory Security -GroupScope Global -Path "OU=container,DC=domain,DC=com"New-ADGroup -Name: This is the name of the new security group
-GroupCategory: This is the type of category the group is going to be. It can either be Security or Distribution. In this case we are using Security
-GroupScope: Can use Domain Local, Global, or Universal. Here we will use Global
-Path: Here we set the path within ADUC where the group will reside. For organization, you will want to place this in an OU. The Domain is your Active Directory domain and the second DC is usually going to be com. Some administrators will use .local for their onprem domains so be aware of this when running this command.
Lets look at this command again using the BMA.Local test domain, creating a security group named InsideSales and placing it in an OU called BMA Security Groups:
New-ADGroup -Name InsideSales -Group Category Security -GroupScope Global -Path "OU=BMA Security Groups,DC=BMA,DC=local"
Copy members from one group to another
Now that we have our new target group created, we can copy members from the source group.
Before we do that, let’s list the members of the source group using the Get-ADGroupMember cmdlet. For our purposes, we will be copying members from the source group named OutsideSales to our newly created InsideSales group.
Get-ADGroupMember -Identity OutsideSales | Select-Object Name | Sort-Object Name
Use the following command to copy the members from one group to another:
PS C:\> Get-ADGroupMember -Identity "OutsideSales" | ForEach-Object {Add-ADGroupMember -Identity "InsideSales" -Members $_.distinguishedName}
Confirm the members were copied from the source group to the target group successfully:
Get-ADGroupMember -Identity InsideSales | Select-ObjectName | Sort-Object Name
And that’s it!
Please note that you may need to adjust the script to match your specific Active Directory environment, such as providing the correct domain name and organizational unit paths. Additionally, ensure that you have the necessary permissions to create groups and modify group membership in Active Directory.