Compare-ADuserAddGroup/Compare-ADuserAddGroup.ps1

<#   
.SYNOPSIS
Script that compares group membership of source users and destination user and adds destination user to source user group 
    
.DESCRIPTION
This script compares the group membership of $sourceacc and $destacc, based on the membership of the source account the destination account is also to these groups. Script outputs actions taken to the prompt. The script can also be run without any parameters then the script will prompt for both usernames.
 
.PARAMETER Sourceacc
User of which group membership is read

.PARAMETER DestAcc
User that becomes member of all the groups that Sourceacc is member of

.PARAMETER MatchGroup
Supports regular expressions, uses the -match operator to make a select a subset of source user groups to copy to the destination user
    
.PARAMETER Noconfirm
No user input is required and the script runs automatically

.NOTES
Name: Compare-ADuserAddGroup.ps1
Author: Jaap Brasser
Version: 1.2.0
DateCreated: 2012-03-14
DateUpdated: 2016-01-12

.EXAMPLE
.\Compare-ADuserAddGroup.ps1 testuserabc123 testuserabc456

Description 
-----------     
This command will add testuserabc456 to all groups that testuserabc123 is a memberof with the exception of all groups testuserabc456 is already a member of.

.EXAMPLE   
.\Compare-ADuserAddGroup.ps1 -SourceAcc testuserabc123 -DestAcc testuserabc456 -MatchGroup 'FS_'

Description 
-----------     
This command will add testuserabc456 to the groups that contain the FS_ string that testuserabc123 is a memberof with the exception of all groups testuserabc456 is already a member of.
#>
param(
    [Parameter(Mandatory=$true)]
    [string] $SourceAcc,
    [Parameter(Mandatory=$true)]
    [string] $DestAcc,
    [string] $MatchGroup,
    [switch] $NoConfirm
)

# Retrieves the group membership for both accounts
$SourceMember = Get-AdUser -Filter {samaccountname -eq $SourceAcc} -Property memberof | Select-Object memberof
$DestMember   = Get-AdUser -Filter {samaccountname -eq $DestAcc  } -Property memberof | Select-Object memberof

# Checks if accounts have group membership, if no group membership is found for either account script will exit
if ($SourceMember -eq $null) {'Source user not found';return}
if ($DestMember -eq $null)   {'Destination user not found';return}

# Uses -match to select a subset of groups to copy to the new user
if ($MatchGroup) {
    $SourceMember = $SourceMember | Where-Object {$_.memberof -match $MatchGroup}
}

# Checks for differences, if no differences are found script will prompt and exit
if (-not (Compare-Object $DestMember.memberof $SourceMember.memberof | Where-Object {$_.sideindicator -eq '=>'})) {write-host "No difference between $SourceAcc & $DestAcc groupmembership found. $DestAcc will not be added to any additional groups.";return}

# Routine that changes group membership and displays output to prompt
compare-object $DestMember.memberof $SourceMember.memberof | where-object {$_.sideindicator -eq '=>'} |
Select-Object -expand inputobject | foreach {write-host "$DestAcc will be added to:"([regex]::split($_,'^CN=|,OU=.+$'))[1]}

# If no confirmation parameter is set no confirmation is required, otherwise script will prompt for confirmation
if ($NoConfirm)	{
    compare-object $DestMember.memberof $SourceMember.memberof | where-object {$_.sideindicator -eq '=>'} | 
    Select-Object -expand inputobject | foreach {add-adgroupmember "$_" $DestAcc}
}

else {
    do{
        $UserInput = Read-Host "Are you sure you wish to add $DestAcc to these groups?`n[Y]es, [N]o or e[X]it"
        if (('Y','yes','n','no','X','exit') -notcontains $UserInput) {
            $UserInput = $null
            Write-Warning 'Please input correct value'
        }
        if (('X','exit','N','no') -contains $UserInput) {
            Write-Host 'No changes made, exiting...'
            exit
        }     
        if (('Y','yes') -contains $UserInput) {
            compare-object $DestMember.memberof $SourceMember.memberof | where-object {$_.sideindicator -eq '=>'} | 
            Select-Object -expand inputobject | foreach {add-adgroupmember "$_" $DestAcc}
        }
    }
    until ($UserInput -ne $null)
}
Added all scripts from the TechNet Scripting Gallery to this repository 2016-07-21 13:35:17 +02:00			`<#`
			`.SYNOPSIS`
			`Script that compares group membership of source users and destination user and adds destination user to source user group`

			`.DESCRIPTION`
			`This script compares the group membership of $sourceacc and $destacc, based on the membership of the source account the destination account is also to these groups. Script outputs actions taken to the prompt. The script can also be run without any parameters then the script will prompt for both usernames.`

			`.PARAMETER Sourceacc`
			`User of which group membership is read`

			`.PARAMETER DestAcc`
			`User that becomes member of all the groups that Sourceacc is member of`

			`.PARAMETER MatchGroup`
			`Supports regular expressions, uses the -match operator to make a select a subset of source user groups to copy to the destination user`

			`.PARAMETER Noconfirm`
			`No user input is required and the script runs automatically`

			`.NOTES`
			`Name: Compare-ADuserAddGroup.ps1`
			`Author: Jaap Brasser`
			`Version: 1.2.0`
			`DateCreated: 2012-03-14`
			`DateUpdated: 2016-01-12`

			`.EXAMPLE`
			`.\Compare-ADuserAddGroup.ps1 testuserabc123 testuserabc456`

			`Description`
			`-----------`
			`This command will add testuserabc456 to all groups that testuserabc123 is a memberof with the exception of all groups testuserabc456 is already a member of.`

			`.EXAMPLE`
			`.\Compare-ADuserAddGroup.ps1 -SourceAcc testuserabc123 -DestAcc testuserabc456 -MatchGroup 'FS_'`

			`Description`
			`-----------`
			`This command will add testuserabc456 to the groups that contain the FS_ string that testuserabc123 is a memberof with the exception of all groups testuserabc456 is already a member of.`
			`#>`
			`param(`
			`[Parameter(Mandatory=$true)]`
			`[string] $SourceAcc,`
			`[Parameter(Mandatory=$true)]`
			`[string] $DestAcc,`
			`[string] $MatchGroup,`
			`[switch] $NoConfirm`
			`)`

			`# Retrieves the group membership for both accounts`
			`$SourceMember = Get-AdUser -Filter {samaccountname -eq $SourceAcc} -Property memberof \| Select-Object memberof`
			`$DestMember = Get-AdUser -Filter {samaccountname -eq $DestAcc } -Property memberof \| Select-Object memberof`

			`# Checks if accounts have group membership, if no group membership is found for either account script will exit`
			`if ($SourceMember -eq $null) {'Source user not found';return}`
			`if ($DestMember -eq $null) {'Destination user not found';return}`

			`# Uses -match to select a subset of groups to copy to the new user`
			`if ($MatchGroup) {`
			`$SourceMember = $SourceMember \| Where-Object {$_.memberof -match $MatchGroup}`
			`}`

			`# Checks for differences, if no differences are found script will prompt and exit`
			`if (-not (Compare-Object $DestMember.memberof $SourceMember.memberof \| Where-Object {$_.sideindicator -eq '=>'})) {write-host "No difference between $SourceAcc & $DestAcc groupmembership found. $DestAcc will not be added to any additional groups.";return}`

			`# Routine that changes group membership and displays output to prompt`
			`compare-object $DestMember.memberof $SourceMember.memberof \| where-object {$_.sideindicator -eq '=>'} \|`
			`Select-Object -expand inputobject \| foreach {write-host "$DestAcc will be added to:"([regex]::split($_,'^CN=\|,OU=.+$'))[1]}`

			`# If no confirmation parameter is set no confirmation is required, otherwise script will prompt for confirmation`
			`if ($NoConfirm) {`
			`compare-object $DestMember.memberof $SourceMember.memberof \| where-object {$_.sideindicator -eq '=>'} \|`
			`Select-Object -expand inputobject \| foreach {add-adgroupmember "$_" $DestAcc}`
			`}`

			`else {`
			`do{`
			$UserInput = Read-Host "Are you sure you wish to add $DestAcc to these groups?`n[Y]es, [N]o or e[X]it"
			`if (('Y','yes','n','no','X','exit') -notcontains $UserInput) {`
			`$UserInput = $null`
			`Write-Warning 'Please input correct value'`
			`}`
			`if (('X','exit','N','no') -contains $UserInput) {`
			`Write-Host 'No changes made, exiting...'`
			`exit`
			`}`
			`if (('Y','yes') -contains $UserInput) {`
			`compare-object $DestMember.memberof $SourceMember.memberof \| where-object {$_.sideindicator -eq '=>'} \|`
			`Select-Object -expand inputobject \| foreach {add-adgroupmember "$_" $DestAcc}`
			`}`
			`}`
			`until ($UserInput -ne $null)`
			`}`