SOLVED

Cloning O365 Group Memberships

Copper Contributor
I'm interested in replicating the O365 group memberships of a given user for another user. By this I mean adding a user to the same set of groups in which a given user is currently a member.

The use case for this is granting memberships for new hires based on existing users, specifically when filling the role of individuals who are members of multiple groups.

I'm interested in a solution that's less manual than looking up the user's memberships in the admin UI and manually adding them to each.

Thanks in advance!
7 Replies
If you use dynamic groups, membership can be set based on a certain attribute! So if a attribute results in membership for this amount of groups, this can be set to anyone and they become members as well

Otherwise you need to write a powershell script that gets all groups the user is member of, then pipe that to add those groups to the other user!
Thanks! I think the PowerShell option is the more desirable one at the moment.

I'm still a novice with PowerShell, though eagerly learning all I can. Could you help me out with the code I should use?

Thanks much!
Well, I could probably figure it out using the unifiedgroup and unifiedgrouplinks cmdlets but I’d hear with @VasilMichev first! Maybe he got something in stock
best response confirmed by Sean Vriesen (Copper Contributor)
Solution

That depends on the specifics I guess. Here's a quick sample of what you can do with PowerShell.

 

List all groups a given user is a member of:

$dn = (Get-Mailbox user).DistinguishedName
Get-Recipient -Filter "Members -eq '$dn'"

Use the above list to add another user as member:

Get-Recipient -Filter "Members -eq '$dn'" | % { Add-DistributionGroupMember $_.Name -Member anotheruser}

That's a really basic code though and it assumes that all the groups are distribution ones. A bit more complex one will check the actual type and use the corresponding cmdlet:

 

$dn = (Get-Mailbox user).DistinguishedName

Get-Recipient -Filter "Members -eq '$dn'" -RecipientTypeDetails GroupMailbox | % { Add-UnifiedGroupLinks $_.Name -LinkType Member -Links anotheruser }

Get-Recipient -Filter "Members -eq '$dn'" -RecipientTypeDetails MailUniversalDistributionGroup | % { Add-DistributionGroupMember $_.Name -Member anotheruser }

 

Thanks very much indeed, @VasilMichev! This code worked perfectly. Appreciate the help! 

 

All the best!

@VasilMichev those scripts you provided, after the first one is used, you say 

"Use the above list to add another user as member:" 

does that second one mean that if the first user has, say, 20 groups, will the second user get added to those 20 groups.

I am just very worried about typing in a command that will alter the system in a way that i did not intend. Thank you. 

I'm running the script with the correct information inserted in the "user" and "another user" entry points. All copy and pasted without additional edits.

The first time I ran the script it completed correctly and copied the 16 groups from the source user to the target user.

Every consecutive execution of the script is adding every group in our organization to the target user. Same source user. Even running the script again with the original source/target the target now receives all groups instead of the original 16. No errors reported in the PS window.
1 best response

Accepted Solutions
best response confirmed by Sean Vriesen (Copper Contributor)
Solution

That depends on the specifics I guess. Here's a quick sample of what you can do with PowerShell.

 

List all groups a given user is a member of:

$dn = (Get-Mailbox user).DistinguishedName
Get-Recipient -Filter "Members -eq '$dn'"

Use the above list to add another user as member:

Get-Recipient -Filter "Members -eq '$dn'" | % { Add-DistributionGroupMember $_.Name -Member anotheruser}

That's a really basic code though and it assumes that all the groups are distribution ones. A bit more complex one will check the actual type and use the corresponding cmdlet:

 

$dn = (Get-Mailbox user).DistinguishedName

Get-Recipient -Filter "Members -eq '$dn'" -RecipientTypeDetails GroupMailbox | % { Add-UnifiedGroupLinks $_.Name -LinkType Member -Links anotheruser }

Get-Recipient -Filter "Members -eq '$dn'" -RecipientTypeDetails MailUniversalDistributionGroup | % { Add-DistributionGroupMember $_.Name -Member anotheruser }

 

View solution in original post