Author Posts

December 1, 2016 at 3:31 pm


I have AD User person6 in AD. I'm trying to create a new AD User called person7 by copying person6

$copy = Get-ADUser -Identity person6
New-ADUser person7 -Instance $copy

But, it's giving me an error

New-ADUser : Unknown error (0x21c8)
At \\hqfs1\users\tantony\PowerShell\HRSecurityForms\test.ps1:4 char:1
+ New-ADUser person7 -Instance $copy

If this works, does it also copy the new user into the same AD OU as the instance user?

Thank you,


December 1, 2016 at 3:46 pm


What if you collect all needed parameters and values and use splatting into New-ADUser? I think that would be better solution when copying and creating new AD account.


December 1, 2016 at 3:56 pm

I use splatting to create users in branches and it's working fine, but I'm working on the part where I create users in headquarters. I figured it might be easier to find a person with the same title as the new employee and copy them.

December 1, 2016 at 5:05 pm

I figured out to copy a user, and grab info such as the telephoneNumber, Managers etc. I think I had the instance backwards earlier.

$u=Get-ADUser -Identity person6 -Properties HomeDirectory, Manager, ProfilePath, Description, Office, telephoneNumber

New-ADUser -Instance $u -SamAccountName person7 –UserPrincipalName –Name 'Person 7' -AccountPassword (ConvertTo-SecureString -AsPlainText "p@ssw0rd" -Force)

I want the new user to be in the same OU as the copying user. How would I do that? I tried this below and it didn't work. It doesn't move it to the correct DistinguishedName, it creates the new user in the default Users OU. Also, how would I copy the "Member of" to the new user also?

$u=Get-ADUser -Identity person6 -Properties HomeDirectory, Manager, ProfilePath, Description, Office, telephoneNumber, DistinguishedName



December 1, 2016 at 5:27 pm


One way to add same groups can be following.

$Groups = (Get-ADUser -Identity TestUser2 -Properties Memberof).MemberOF
Add-ADPrincipalGroupMembership -Identity TestUser1 -MemberOf $Groups

Or not so readable, I wouldn't use this on script.

Add-ADPrincipalGroupMembership -Identity TestUser1 -MemberOf $((Get-ADUser -Identity TestUser2 -Properties Memberof).memberOF)

The same OU, First what comes to mind is to split the DistinguishedName and recreate the Path with that but I do not this that would be the best idea.

Edit. Found following link:

Tried this and it was working, result was OU from AD user.

Get-ADUser -Identity testuser3 -Properties distinguishedname,cn | 
    select @{n='Path';e={$_.distinguishedname -replace "CN=$($,",''}} |
        select -ExpandProperty Path

Following seems like working.

$From = 'person6'
$To = 'person7'

$u = Get-ADUser -Identity $from -Properties HomeDirectory, Manager, ProfilePath, Description, Office, telephoneNumber, memberof, distinguishedName, cn
$Groups = ($u).memberof
$Path = ($u | select @{n='Path';e={$_.distinguishedname -replace "CN=$($,",''}}).Path

New-ADUser -Instance $u -Path $Path -SamAccountName $To –UserPrincipalName –Name 'Person 7' -AccountPassword (ConvertTo-SecureString -AsPlainText "p@ssw0rd" -Force)

Add-ADPrincipalGroupMembership -Identity $To -MemberOf $Groups


December 1, 2016 at 6:03 pm

I remember this was asked before last year and found the old Bookmark.

Copy AD user to new one.

December 1, 2016 at 6:11 pm

Thanks all, I'll try that