Copying an ADUser

This topic contains 6 replies, has 3 voices, and was last updated by  Tony Antony 1 year, 5 months ago.

  • Author
  • #59137

    Tony Antony


    I have AD User person6 in AD. I'm trying to create a new AD User called person7 by copying person6

    $copy = Get-ADUser -Identity person6
    New-ADUser person7 -Instance $copy

    But, it's giving me an error

    New-ADUser : Unknown error (0x21c8)
    At \\hqfs1\users\tantony\PowerShell\HRSecurityForms\test.ps1:4 char:1
    + New-ADUser person7 -Instance $copy

    If this works, does it also copy the new user into the same AD OU as the instance user?

    Thank you,


  • #59140


    What if you collect all needed parameters and values and use splatting into New-ADUser? I think that would be better solution when copying and creating new AD account.


  • #59146

    Tony Antony

    I use splatting to create users in branches and it's working fine, but I'm working on the part where I create users in headquarters. I figured it might be easier to find a person with the same title as the new employee and copy them.

  • #59158

    Tony Antony

    I figured out to copy a user, and grab info such as the telephoneNumber, Managers etc. I think I had the instance backwards earlier.

    $u=Get-ADUser -Identity person6 -Properties HomeDirectory, Manager, ProfilePath, Description, Office, telephoneNumber
    New-ADUser -Instance $u -SamAccountName person7 –UserPrincipalName –Name 'Person 7' -AccountPassword (ConvertTo-SecureString -AsPlainText "p@ssw0rd" -Force)

    I want the new user to be in the same OU as the copying user. How would I do that? I tried this below and it didn't work. It doesn't move it to the correct DistinguishedName, it creates the new user in the default Users OU. Also, how would I copy the "Member of" to the new user also?

    $u=Get-ADUser -Identity person6 -Properties HomeDirectory, Manager, ProfilePath, Description, Office, telephoneNumber, DistinguishedName



  • #59160


    One way to add same groups can be following.

    $Groups = (Get-ADUser -Identity TestUser2 -Properties Memberof).MemberOF
    Add-ADPrincipalGroupMembership -Identity TestUser1 -MemberOf $Groups

    Or not so readable, I wouldn't use this on script.

    Add-ADPrincipalGroupMembership -Identity TestUser1 -MemberOf $((Get-ADUser -Identity TestUser2 -Properties Memberof).memberOF)

    The same OU, First what comes to mind is to split the DistinguishedName and recreate the Path with that but I do not this that would be the best idea.

    Edit. Found following link:

    Tried this and it was working, result was OU from AD user.

    Get-ADUser -Identity testuser3 -Properties distinguishedname,cn | 
        select @{n='Path';e={$_.distinguishedname -replace "CN=$($,",''}} |
            select -ExpandProperty Path

    Following seems like working.

    $From = 'person6'
    $To = 'person7'
    $u = Get-ADUser -Identity $from -Properties HomeDirectory, Manager, ProfilePath, Description, Office, telephoneNumber, memberof, distinguishedName, cn
    $Groups = ($u).memberof
    $Path = ($u | select @{n='Path';e={$_.distinguishedname -replace "CN=$($,",''}}).Path
    New-ADUser -Instance $u -Path $Path -SamAccountName $To –UserPrincipalName –Name 'Person 7' -AccountPassword (ConvertTo-SecureString -AsPlainText "p@ssw0rd" -Force)
    Add-ADPrincipalGroupMembership -Identity $To -MemberOf $Groups


  • #59161

    Jeffery Hayes

    I remember this was asked before last year and found the old Bookmark.

  • #59164

    Tony Antony

    Thanks all, I'll try that

You must be logged in to reply to this topic.