Domain Trust and AD Groups

Posted by robd on April 26, 2023
powershell

The company I work for is much like the Borg where they like to assimilate new companies.

Part of this assimilation often involves a domain trust and adding users from one domain to a second domains AD groups to gain access to permissions in Domain 2.

This is really useful if your giving a user a laptop on domain 1 but they need access to files on domain 2.

 

My Mate Handsom Dave came up with this script too:

Compare users from Domain 1 and Domain 2 on display name (username didnt match),

Get the Domain 2 groups,

Look at domain 2 groups members,

If they exist in domain 1 then add those people into the group in Domain 2.

Remember: The AD groups need to be Domain Local.

 

 

#Get the users from domain1
$domain1 = get-aduser -filter * -Server dc01.domain1.com
#get the users from domain2
$domain2 = get-aduser -filter * -Server dc02.domain2.net
#compare the users on name (not username as they didnt match)
$usercompare = Compare-Object -ReferenceObject $domain1.name -DifferenceObject $domain2.name -IncludeEqual
#If its the same then save to this variable
$inboth = $usercompare | where {$_.sideindicator -eq "=="}
#In Domain 2 get all the AD groups that start with ACL_
$domain1groups = Get-ADGroup -filter {name -like "ACL_*"} -Server dc01.domain1.com

#Here we go
foreach ($group in $domain1groups)
{ 
    #get the ad members from the acl group 
    $domain1groupmembers = Get-ADGroupMember $group.name -Server dc01.domain1.com 
    foreach ($groupmember in $domain1groupmembers) 
    { 
        #if the member of the group matches someone in the inboth variable
        if ($inboth.inputobject -contains $groupmember.name) 
        { 
        
        $domain2userobject = Get-ADUser -Filter {name -like $groupmember.name} 
        
        # add that domain 1 person to the domain 2 ad group
        Add-ADGroupMember -Identity $group -Members $domain2userobject -server dc01.domain1.com -WhatIf
        } 
        
        }
        
}

 

 

 

Tags: , , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.