Wednesday, September 28, 2011

Replicate Security Group membership from One Domain to Another.

Using powershell, and making lot of string customisations to get the output as desired....
Not the best of scripting.. but does the job i want it to do, with a bit scratchy error reporting...


# connection variables for all AD

$SourceAD = Connect-QADService -Service SourceAD_DC.local -ca sourcedomain\admin -cp (convertTo-SecureString password123 -ASPlainText -force)
$DestAD = Connect-QADService -Service DestAD_DC.local -ca Destdomain\admin -cp (convertTo-SecureString password123 -ASPlainText -force)

#Gets group names from file C:\temp\GroupCopySource\GroupsA.txt (Source Domain1 Groups),
#which then gets all members in the group, string manipulation is done to get only username and groupname
#so that we can use them in Domain2 AD for comparing and adding group members


Get-Content C:\temp\GroupCopySource\GroupsA.txt | ForEach-Object -Process {$member=get-qadgroupmember $_ -connection $sourceAD | Select-Object -expandProperty SamAccountName;
$new = $_.split("\");
$groupfinal = "GSG-sourcedomain-$groupname";
$member > C:\temp\GroupCopyTask\$groupfinal.txt;
    ForEach ($b in $member) {trap [Exception] { Add-Content c:\temp\GroupCopyJob\errors.txt $error" groupname = "$groupfinal"`n"; $error.clear(); Continue} Add-QADGroupMember -identity $groupfinal -member ("destdomain\$b") -connection $DestAD;
    Add-content C:\temp\GroupCopyDest\$groupfinal"_copyresult.txt" $b}} > C:\Temp\GroupCopyJob\scriptoutput.txt

#clear all variables before being used.

Clear-Variable member
Clear-Variable groupfinal
Clear-Variable groupname
Clear-Variable new