{"id":63343,"date":"2008-01-07T21:25:00","date_gmt":"2008-01-07T21:25:00","guid":{"rendered":"https:\/\/blogs.technet.microsoft.com\/heyscriptingguy\/2008\/01\/07\/hey-scripting-guy-how-can-i-copy-the-membership-of-a-local-group-to-a-new-local-group\/"},"modified":"2008-01-07T21:25:00","modified_gmt":"2008-01-07T21:25:00","slug":"hey-scripting-guy-how-can-i-copy-the-membership-of-a-local-group-to-a-new-local-group","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/scripting\/hey-scripting-guy-how-can-i-copy-the-membership-of-a-local-group-to-a-new-local-group\/","title":{"rendered":"Hey, Scripting Guy! How Can I Copy the Membership of a Local Group to a New Local Group?"},"content":{"rendered":"

 <\/p>\n

\"Hey, <\/p>\n

Hey, Scripting Guy! I need to \u201cclone\u201d a local group; in other words, I want to create a new group that contains the same members as the original group. However, I can\u2019t find any sort of copy command that would let me do this. How can I copy the membership of a local group to a new local group?<\/p>\n

— SO<\/p>\n

\"Spacer\"\"Hey,\"Script<\/a> <\/p>\n

Hey, SO. Before we begin, we should take a moment to note that the 2008 Winter Scripting Games<\/b><\/a> are now less than two months away; the games begin on Friday, February 15, 2008 and end on Monday, March 3, 2008. Does that matter to you? Well, it should: after all, with the possible<\/i> exception of the Super Bowl<\/b><\/a>, the Scripting Games are the biggest and most important competition to take place anywhere in the world over the next two months. And while the NFL is really picky about who does, and does not, get to play in the Super Bowl, the Scripting Games are open to anyone and everyone. Are you a beginning scripter? No problem; we have a Beginners Division which features events aimed at scripting newcomers. Are you a more experienced scripter? No problem; we have an Advanced Division in which you can test your mettle against the best scripters in the world. See? Something for everyone. <\/p>\n

As for languages, well, this time around we\u2019re offering competition in VBScript, Windows PowerShell, and Perl. Enter one competition or enter all six competitions; it makes no difference to us. And don\u2019t worry, there\u2019s no entry fee and no pre-registration; just show up at the Games home page<\/b><\/a> on February 15th<\/sup> and have at it. (Try showing up at the Super Bowl with 11 of your friends and see if they\u2019ll let you play. Good luck on that one.)<\/p>\n

Anyway, we hope to see everyone on February 15th<\/sup>. The Scripting Games are fun, they\u2019re (gasp!) educational, and they are well worth the effort. Most important, if you enter at least one event then no one will make fun of you for being too much of a chicken to enter the Games.<\/p>\n\n<\/thead>\n\n\n
\n

Note<\/b>. Will people really<\/i> make fun of you if you don\u2019t enter the Games? Well, they will if we<\/i> have anything to say about it. Baawk, baawk, baawk!<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

<\/div>\n\n<\/thead>\n\n\n
\n

Disclaimer<\/b>. The Scripting Editor has just informed us that it\u2019s not Microsoft policy to make fun of other people; that it is not Microsoft policy to encourage anyone else to make fun of other people; and that it is not Microsoft policy to make chicken-like noises when writing a daily scripting column. To tell you the truth, that\u2019s hard for us to believe; after all, Microsoft has a reputation for being such a happy-go-lucky, fun-loving sort of place. Tell you what: hold off on making fun of anyone for now, and the next time the Scripting Guy who writes this column meets with the HR department (something which happens on a very regular basis) he\u2019ll ask them about that.<\/p>\n

Unless, of course, the HR people are too chicken to talk to him about that. Baawk, baawk, baawk!<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

<\/div>\n

In the meantime, many of you are probably wondering what you can do to get ready for the Games. Well, for one thing, you can take a look at our weekly Scripting Games tips<\/b><\/a>; it\u2019s a sure bet that those tips will come in handy at some point in the competition. For another, you can continue reading this column, and learn how to copy the members of one local group to a new local group. Admittedly, that wouldn\u2019t have helped you much last year, when the Scripting Games events included such tasks as writing a script that could test someone for extra-sensory perception<\/b><\/a> or a script that could play a game of jacks<\/b><\/a>. But hey, maybe this year\u2019s Games will<\/i> include an event on copying the members of one local group to a new local group. When it comes to the Scripting Games, you never know.<\/p>\n

Unless, of course, you\u2019re too chicken to keep reading this column. Baawk, baawk, baawk!<\/p>\n

Sorry. Once you start with that it\u2019s hard to stop.<\/p>\n

Let\u2019s kick things off by taking a look at how we can \u201cclone\u201d a group on the same computer (that is, both the original group and the new group reside on the same machine). After that, we\u2019ll show you a script that \u2013 with some restrictions \u2013 can create the cloned group on a second computer. <\/p>\n

But, first things first: <\/p>\n

strComputer = \"atl-fs-001\"\n\nSet colAccounts = GetObject(\"WinNT:\/\/\" & strComputer & \"\")\n\nSet objNewGroup = colAccounts.Create(\"group\", \"NewGroup\")\nobjNewGroup.SetInfo\n\nSet objGroup = GetObject(\"WinNT:\/\/\" & strComputer & \"\/OldGroup\")\n\nFor Each strUser in objGroup.Members\n    objNewGroup.Add(strUser.AdsPath)\nNext\n<\/pre>\n
As you can see, this is a relatively simple little script. We start out by assigning the name of the computer in question (that is, the computer where the original group resides) to a variable named strComputer. After we\u2019ve done that we can then bind to the Security Accounts Manager (SAM) on that machine by using this line of code:<\/p>\n
Set colAccounts = GetObject(\"WinNT:\/\/\" & strComputer & \"\")\n<\/pre>\n
And once we\u2019ve connected to the SAM we can create a new local group (a group cleverly-named NewGroup) by using the Create<\/b> method and then calling the SetInfo<\/b> method:<\/p>\n
Set objNewGroup = colAccounts.Create(\"group\", \"NewGroup\")\nobjNewGroup.SetInfo\n<\/pre>\n
That gives us a new local group, albeit a new group that doesn\u2019t have any members. Considering the fact that this new group is supposed to have the same members as an existing group (OldGroup), well, what exactly was the point of all that?<\/p>\n
Believe it or not, there is<\/i> a point to all that. As SO noted, he had difficulty locating a copy command that would copy the membership of one group to a new group. Why did he have so much difficulty locating the copy command? One reason might be this: there\u2019s no such thing as the copy command. In fact, as far as we know, there\u2019s no straightforward, one-command approach to cloning a local group and its membership. Instead, you need to do this: create the new group, then \u201cmanually\u201d copy the membership list of the original group to this new group.<\/p>\n
What does that mean? Coincidentally enough, we were just about to explain what that all means. Now that we have our new group our next step is to make a second connection, this one to the original group (OldGroup). That\u2019s what this line of code is for:<\/p>\n
Set objGroup = GetObject(\"WinNT:\/\/\" & strComputer & \"\/OldGroup\")\n<\/pre>\n
After we make the connection we then set up a For Each loop to walk through the values stored in the Members<\/b> attribute; as the name implies, the Members attribute contains a list of all the group members. Notice that we\u2019re looping through the values in the original group, the one with the object reference objGroup:<\/p>\n
For Each strUser in objGroup.Members\n<\/pre>\n
Is that important? Of course it is. Remember, our new group (objNewGroup) doesn\u2019t even have <\/i>any members.<\/p>\n
Well, not yet anyway.<\/p>\n
So what do we do inside this loop? One thing and one thing only: we execute the following line of code:<\/p>\n
objNewGroup.Add(strUser.AdsPath)\n<\/pre>\n
All we\u2019re doing here is using the Add<\/b> method to add a new member to the cloned group (NewGroup). And just who are we adding to the group? You got it: the first member of the original group. We add this first member to NewGroup (using the user\u2019s ADsPath<\/b> attribute as the method parameter) and then loop around and repeat the process with the next member of the original group. When we\u2019re all done, our two groups \u2013 NewGroup and OldGroup \u2013 will have the exact same members. Even though the copy command doesn\u2019t exist we still managed to copy the membership of one group to another.<\/p>\n
And that\u2019s<\/i> what it means to \u201cmanually\u201d copy the membership list of one group to another.<\/p>\n
Now, what about copying group membership from a local group on one computer to another local group on another computer? Can we even do that?<\/p>\n
Yes, we can, although as we noted, there are some limitations here. The script we\u2019re about to show you works just fine as long as a group member is a domain user; if a group member happens to be a local user, however, that user will not<\/i> be copied to the new group. Why not? Well, suppose we have a computer named atl-fs-001, a computer that belongs to the fabrikam.com domain. A local user account on that machine is going to have an ADsPath similar to this:<\/p>\n
WinNT:\/\/FABRIKAM\/atl-fs-001\/kenmyer\n<\/pre>\n
The only way to add local user Ken Myer to a group on the computer atl-fs-002 would be to change Ken\u2019s ADsPath to look like this:<\/p>\n
WinNT:\/\/atl-fs-002\/kenmyer\n<\/pre>\n
Could you do that programmatically? Sure, but even then the script will fail if the user Ken Myer doesn\u2019t exist on the remote machine. OK, but could you then check for the existence of that account and then create it if it doesn\u2019t <\/i>exist? Yes, but by then we\u2019re way<\/i> beyond what we can do in today\u2019s column. If that\u2019s of interest to people just let us know, and we\u2019ll see if we can tackle that in the future. <\/p>\n
For now, here\u2019s a script that will copy any domain users who belong to the group OldGroup (on the computer atl-fs-001) to the membership list of the group NewGroup on atl-fs-002: <\/p>\n
On Error Resume Next\n\nstrComputer1 = \"atl-fs-001\"\nstrComputer2 = \"atl-fs-002\"\n\nSet colAccounts = GetObject(\"WinNT:\/\/\" & strComputer1 & \"\")\n\nSet objNewGroup = colAccounts.Create(\"group\", \"NewGroup\")\nobjNewGroup.SetInfo\n\nSet objGroup = GetObject(\"WinNT:\/\/\" & strComputer2 & \"\/OldGroup\")\n\nFor Each strUser in objGroup.Members\n    objNewGroup.Add(strUser.AdsPath)\nNext\n<\/pre>\n
Thanks to the On Error Resume Next command, the script will copy over any domain users, and simply ignore any local users. Which, like we said, is the best we can hope for without adding a bunch of extra code.<\/p>\n
We had a feeling that would come up: many of you would now like to perform this same task with Active Directory groups. Again, we\u2019re pretty much out of time for today. But this script<\/b><\/a>, found in the Community Script Center, should help you do that.<\/p>\n
We hope that helps, SO. Incidentally, if you, or anyone else out there is still waffling on whether or not they should enter the Scripting Games (did someone say, \u201cBaawk, baawk, baawk?\u201d), well, consider this: we have some fantastic<\/i> prizes lined up for this year\u2019s Games. We can\u2019t give you the details just yet; however, we can<\/i> tell you that anyone who scores at least 60 points (out of 100) in any division will receive one of the coveted Certificates of Excellence. We can also tell you that there will be a brand-new Dr. Scripto bobblehead<\/b><\/a>, one designed especially for the Scripting Games. Oh, and we\u2019ll have script editors and other cool software to give away as well. (Details to come.)<\/p>\n
And yes, we know that none of you<\/i> need to be bribed by the prospect of prizes in order to enter the Games; after all, you want to enter just for the sheer joy of taking part. But you might mention these prizes to any of your … friends \u2026 who might still need convincing. The Scripting Guys are definitely not<\/i> above bribing people any time we can.<\/p>\n
Unless, of course, you\u2019re too chicken to take<\/i> a bribe. Baawk, baa \u2013 well, you know the rest.<\/p>\n\n<\/thead>\n\n\n
\n
Note<\/b>. You might also tell your \u2026 friends \u2026 that they\u2019ll be eligible to win any of these prizes just by entering a single event; they don\u2019t even have to successfully complete <\/i>that event to have a chance to win big. (Try doing that<\/i> at the Super Bowl.) The only exception, of course, is the coveted Certificate of Excellence; that one you have to earn. Which helps explain why it\u2019s the coveted<\/i> Certificate of Excellence.<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"
  Hey, Scripting Guy! I need to \u201cclone\u201d a local group; in other words, I want to create a new group that contains the same members as the original group. However, I can\u2019t find any sort of copy command that would let me do this. How can I copy the membership of a local group […]<\/p>\n","protected":false},"author":595,"featured_media":87096,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[7,44,3,5],"class_list":["post-63343","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-scripting","tag-active-directory","tag-groups","tag-scripting-guy","tag-vbscript"],"acf":[],"blog_post_summary":"
  Hey, Scripting Guy! I need to \u201cclone\u201d a local group; in other words, I want to create a new group that contains the same members as the original group. However, I can\u2019t find any sort of copy command that would let me do this. How can I copy the membership of a local group […]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/63343","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/users\/595"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/comments?post=63343"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/63343\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media\/87096"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media?parent=63343"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/categories?post=63343"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/tags?post=63343"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}