6.16. Transferring a User’s Group Membership to Another User

Problem

You want to transfer the group membership for one user to another.

Solution

Using a graphical user interface

  1. Open the Active Directory Users and Computers snap-in.

  2. In the left pane, right-click on the domain and select Find.

  3. Select the appropriate domain beside In.

  4. Beside Name, type the name of the user you want to transfer groups from and click Find Now.

  5. In the Search Results, double-click on the user.

  6. Click the Member Of tab.

  7. For each group you want to add another user in, do the following:

    1. Double-click on the group.

    2. Click the Members tab.

    3. Click the Add button.

    4. Find the user you want to add in the object picker and click OK.

    5. Click OK.

Using a command-line interface

The following command line will add <NewUserDN> to all of the groups that <CurrentUserDN> is a member of:

> for /F "usebackq delims=""" %i in (`dsget user "<CurrentUserDN>" -memberof`) do[RETURN] 
dsmod group %i -addmbr "<NewUserDN>"

If you want to get fancy and remove <CurrentUserDN> from each of the groups in the same operation, simply add an -rmmbr option on the end:

> for /F "usebackq delims=""" %i in (`dsget user "<CurrentUserDN>" -memberof`) do[RETURN] 
dsmod group %i -addmbr "<NewUserDN>" -rmmbr "<CurrentUserDN>"

Using VBScript

' This code adds the "new" user to the groups the "current" 
' user is a member of
' ------ SCRIPT CONFIGURATION ------
strCurrentUserDN = "<CurrentUserDN>"  ' e.g. cn=jsmith,ou=Sales,dc=rallencorp,dc=com
strNewUserDN     = "<NewUserDN>" ' e.g. ...

Get Active Directory Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial