Copy Group Membership from User to User

In “Copy Group Memberships theEasy Way” (August 2006, InstantDoc ID 50424), I provided a batch-file script—CopyGroup.bat—whichcopies Active Directory (AD) groupmemberships from one group toanother in Exchange Server 2003 andExchange 2000 Server. I've written afollow-up script—CopyUsersGroups.bat in Listing 1—that you can use toeasily copy group membership fromone user to another. (Note that somecode in the listing wraps to multiplelines because of space constraints.)This solution will save you a lot of timewhen you need to give a new user thesame group membership as anotherexisting user in the company. You canuse CopyUsersGroups.bat to copy anaccount, including the group memberships when an account is created—a capability that's especiallyuseful when you need to copy thegroup memberships after the accounthas been created.

Like CopyGroup.bat, CopyUsersGroups.bat uses the Dsquery, Dsget,and Dsmod utilities to find and copygroup memberships. Windows Server2003 includes these three tools. Alternatively, you can install them from theWindows Server 2003 AdministrationTools Pack (adminpak.msi).

In addition to CopyUsersGroups.bat, the solution requires an .ini file—utils.ini in Figure 1—which you needto customize. In utils.ini, substitute the path to your Dsquery, Dsget, andDsmod utilities for sourcedir and thename of your own domain controller(DC) for DomainControllerName.CopyUsersGroups.bat and utils.inimust be in the same folder (e.g.,C:admin). Modify your PATH variableto include this folder.

To display the command's Helpscreen, in a command-shell window, enter the script name without anyparameters. To run the script, enterthe command as follows:

CopyUsersGroups.bat  FromUser ToUser 

(Be sure to type the actual commandon one line.) Replace the FromUserand ToUser parameters with theappropriate AD sAMAccountName attributes, which are displayedwhen you invoke the script without parameters.

—Frank Houbak Kristiansen