Here is a script that has turned out to be used a lot more often than I thought it would!
It copies group membership and OU location from an existing computer to a new computer. It can also delete the existing computer from AD. For us, it is mainly used when replacing a physical computer and makes the process a lot quicker after imaging completes.
Simply run the script, enter an old/source computer name, and enter a new computer name. No other configuration should be needed.
Import-Module ActiveDirectory
write-output "This script is only used on a single existing domain joined computer."
write-output "This script copies group membership between two computers. It can also move a new computer into the OU of another computer and delete an old computer account."
write-output ""
$SourceComputerInput = read-host "What is the source computer? (This computer is in groups already.)"
$DestinationComputerInput = read-host "What is the destination computer? (This computer needs to be added to groups.)"
$DestinationComputer = Get-ADComputer -Identity $DestinationComputerInput -Properties CanonicalName
$DestinationComputerCN = $DestinationComputer.CanonicalName
#Format CN and DN values for AD parameters
$InitialCN = (Get-ADComputer $SourceComputerInput -Properties CanonicalName).CanonicalName -Split ("/")
$ParentOU = $InitialCN[0..$($InitialCN.Count - 2)] -Join "/"
$InitialDN = Get-ADComputer $SourceComputerInput -Properties DistinguishedName
$SourceComputer = Get-ADComputer $SourceComputerInput
$SourceComputerOUasDN = ($InitialDN.distinguishedname) -replace ('^.*?,')
write-output ""
write-output "The source computer, $SourceComputerInput , is in $ParentOU"
write-output ""
$MoveComputer = Read-Host "Would you like to move the destination computer, $DestinationComputerInput , to $ParentOU ? Type Yes to move and press enter"
write-output ""
$DeleteSourceComputer = Read-Host "Would you like to delete the source computer account from AD? Type Yes to delete the source computer account."
$Groups = @()
$Groups = Get-ADComputer $SourceComputer -Properties MemberOf | Select-Object -ExpandProperty MemberOf | Sort-Object
write-output ""
write-output "The source computer, $SourceComputerInput , is in the following groups:"
Write-Output $Groups
write-output ""
write-output "The destination computer, $DestinationComputerInput , will be added to the groups listed above."
Pause
Foreach ($Group in $Groups) {
Add-ADGroupMember $Group $DestinationComputer -ErrorAction SilentlyContinue
}
If ($? -eq $true) {
write-output "Group membership has been copied successfully."
}
if ($MoveComputer -eq "Yes"){
Move-ADObject -Identity $DestinationComputer.DistinguishedName -TargetPath "$SourceComputerOUasDN"
}
If ($? -eq $true -and $MoveComputer -eq "Yes") {
write-output "$DestinationComputerInput has been moved to $ParentOU."
}
if ($DeleteSourceComputer -eq "Yes"){
$SourceComputerAD = Get-ADComputer $SourceComputer |select -ExpandProperty SamAccountName
if (($SourceComputerAD).count -eq 1){
Remove-ADComputer -Identity $SourceComputerAD -Confirm:$false
if ($? -eq $True){
write-output "The Source Computer account has been deleted from AD"
}
}
}