Copy permission script

Welcome Forums General PowerShell Q&A Copy permission script

Viewing 1 reply thread
  • Author
    • #208827
      Topics: 2
      Replies: 0
      Points: 24
      Rank: Member

      Hi, everyone,
      I created a script to copy AD permissions from one user to another or existing user.
      For some reason the script didn’t work well I inserted the variable of the user name from which I want to copy but it can’t find me.
      It is important to note that in AD I have USERS, a sub-OU of users like OU of Public, Private


         # import the Active Directory module in order to be able to use get-ADuser and Add-AdGroupMembe cmdlet
      import-Module ActiveDirectory
      # enter login name of the first user
      $copy = Read-host "Enter username to copy from: "
      # enter login name of the second user
      $paste  = Read-host "Enter username to copy to: "
      # copy-paste process. Get-ADuser membership     | then selecting membership                       | and add it to the second user
      get-ADuser -identity $copy -properties memberof | select-object memberof -expandproperty memberof | Add-AdGroupMember -Members $paste

      This is an error message I receive:

      Add-AdGroupMember : Insufficient access rights to perform the operation
      At line:11 char:101
      + ... memberof -expandproperty memberof | Add-AdGroupMember -Members $paste
      +                                         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
          + CategoryInfo          : NotSpecified: (CN=CPT,DC=gov,DC=il:ADGroup) [Add-ADGroupMember], ADException
          + FullyQualifiedErrorId : ActiveDirectoryServer:8344,Microsoft.ActiveDirectory.Management.Commands.AddADGroupMember

    • #208905
      Senior Moderator
      Topics: 3
      Replies: 123
      Points: 653
      Helping Hand
      Rank: Major Contributor

      For the purpose of troubleshooting, you should verify that this part works by itself:

      get-ADuser -identity $copy -properties memberof

      That is, comment out the rest of the line after that and verify that Get-ADUser is actually finding the user based on the input you collect in $copy.

      For the error you’re getting, it seems pretty straightforward – you do not have permission to add AD group members. Try running it as administrator.

Viewing 1 reply thread
  • You must be logged in to reply to this topic.