Copy User Automatically from One AD Group to Another.

MCcorpNow 66 Reputation points
2021-12-23T20:01:47.837+00:00

When a user is added to one on-prem AD security group, make it so they are automatically added to another on-prem AD security group. Is this possible? I'm trying to make it so the Accounts team doesn't have to remember to add a user to 2 AD groups. I'm also trying to do this for new users onwards. Thanks!

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,403 questions
{count} votes

Accepted answer
  1. MotoX80 33,296 Reputation points
    2021-12-23T20:49:55.037+00:00

    Do you have auditing enabled in the domain? There should be an event in the security eventlog when a user gets added to a group. You should be able to attach a task to the event and write a script to add the user to whatever groups you want.

    https://adamtheautomator.com/audit-group-membership-changes-active-directory/

    https://www.bing.com/search?q=attach%20a%20task%20to%20a%20windows%20event%20powershell

    Sorry, I no longer have access to an AD environment to test with.


3 additional answers

Sort by: Most helpful
  1. Anonymous
    2021-12-23T20:11:41.383+00:00

    Maybe nesting the groups will solve it.

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    1 person found this answer helpful.

  2. Anonymous
    2021-12-23T20:36:08.54+00:00

    There's nothing native for this. The simplest solution may be to use PowerShell. Some ideas here.
    https://community.spiceworks.com/topic/2128061-powershell-adding-a-single-user-to-multiple-groups

    --please don't forget to upvote and Accept as answer if the reply is helpful--


  3. Limitless Technology 39,586 Reputation points
    2021-12-30T09:40:31.583+00:00

    Hello @MCcorpNow

    I can understand that you need to Add user to some AD Groups after they have been created. In case some one forgot to add.

    You can achieve this using two approaches.

    Method 1 :
    You can use below PowerShell which will get List off AD groups created before 1 or 2 days. and If found add them to groups.
    You can put this script in Task scheduler to run every day to be run Automatically.

    $DateCutOff=(Get-Date).AddDays(-1)  
    #^ This will take today’s date and effectively add -1 days to it.  
    Get-ADUser -Filter {whenCreated -gt $datecutoff} |Foreach{Add-ADGroupMember -Identity "GroupNAME" -Member $_}  
    

    Method 2:
    Create a default user template empty AD account with necessary group in the members tab .
    You copy this when creating a new user it should work.

    To copy an Active Directory domain user account, open the Active Directory Users and Computers MMC snap-in, right click the user object and select “Copy” from the context menu.

    Hope this answers your query :)

    ----------------------------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.