Add users from another domain to AD group

Question

I need to add all users from one AD group to another AD group. Both groups are in the same domain, though the users are from another domain in the forest.

Domain "LPC": $Source_Group and $Destination_Group
Domain "forestx": Users

Here one example I wrote with the help of this Microsoft article:

$Source_Group = "CN=TestSrc,OU=xxx,OU=yyy,DC=lpc,DC=de" 
$Destination_Group = "CN=TestDest,OU=xxx,OU=yyy,DC=lpc,DC=de" 

$SourceUseres = Get-ADGroupMember -Identity $Source_Group

foreach ($Person in $SourceUseres) { 
    $User = Get-ADUser $Person -Server forestx-dc-1
    Add-ADPrincipalGroupMembership -Server lpc-dc-1 $User -MemberOf $Destination_Group
}

Get-ADUser $Person -Server forestx-dc-1 seems to contain the right object if I write it to the comand line, but the reference seems not to work in the Add-ADPrincipalGroupMembership statement.

Unless there is a programming issue, AD configuration questions are better off on ServerFault. — vonPryz, Jan 16 '17 at 11:16
[Maybe related](http://www.planetcobalt.net/sdb/foreign_groupmembers.shtml). Also, "the reference seems to not work" ... *how?* — Ansgar Wiechers, Jan 16 '17 at 14:04

score 0 · Accepted Answer · answered Feb 14 '17 at 12:21

I found the answer myself using the Set-ADObject command:

$Source_Server = "x1"
$Source_Group = Get-ADGroup "xxx" -Server $Source_Server
$Destination_Server = "y1"
$Destination_Group = Get-ADGroup "yyy" -Server $Destination_Server

$SourceUseres = Get-ADGroupMember -Identity $Source_Group 

foreach ($Person in $SourceUseres) {
    Set-ADObject -Identity $Destination_Group -Add @{member=$Person.distinguishedName} -Server $Destination_Server
}

Add users from another domain to AD group

1 Answers1