The company I work for is much like the Borg where they like to assimilate new companies.
Part of this assimilation often involves a domain trust and adding users from one domain to a second domains AD groups to gain access to permissions in Domain 2.
This is really useful if your giving a user a laptop on domain 1 but they need access to files on domain 2.
My Mate Handsom Dave came up with this script too:
Compare users from Domain 1 and Domain 2 on display name (username didnt match),
Get the Domain 2 groups,
Look at domain 2 groups members,
If they exist in domain 1 then add those people into the group in Domain 2.
Remember: The AD groups need to be Domain Local.
#Get the users from domain1
$domain1 = get-aduser -filter * -Server dc01.domain1.com
#get the users from domain2
$domain2 = get-aduser -filter * -Server dc02.domain2.net
#compare the users on name (not username as they didnt match)
$usercompare = Compare-Object -ReferenceObject $domain1.name -DifferenceObject $domain2.name -IncludeEqual
#If its the same then save to this variable
$inboth = $usercompare | where {$_.sideindicator -eq "=="}
#In Domain 2 get all the AD groups that start with ACL_
$domain1groups = Get-ADGroup -filter {name -like "ACL_*"} -Server dc01.domain1.com
#Here we go
foreach ($group in $domain1groups)
{
#get the ad members from the acl group
$domain1groupmembers = Get-ADGroupMember $group.name -Server dc01.domain1.com
foreach ($groupmember in $domain1groupmembers)
{
#if the member of the group matches someone in the inboth variable
if ($inboth.inputobject -contains $groupmember.name)
{
$domain2userobject = Get-ADUser -Filter {name -like $groupmember.name}
# add that domain 1 person to the domain 2 ad group
Add-ADGroupMember -Identity $group -Members $domain2userobject -server dc01.domain1.com -WhatIf
}
}
}
