Active Directory Group Membership Replication Tool

This PowerShell script is a GUI application for replicating group memberships between two Active Directory users. Here's a breakdown of the script:

1. It starts with comments using <# and #> to provide a synopsis, description, author information, and examples of how to use the script.

 

2. The Add-Type -AssemblyName System.Windows.Forms command is used to load the System.Windows.Forms assembly, which is necessary for creating the graphical user interface.

 

3. The script then creates a Windows Form by instantiating a System.Windows.Forms.Form object. This form will serve as the graphical interface for the tool.

 

4. Labels are added for "Source User" and "Target User" to indicate where users should enter the source and target usernames.

 

5. Textboxes are created for users to input the source and target usernames.

 

6. A "Replicate Group Membership" button is added to trigger the replication process. When clicked, it retrieves the source and target usernames from the textboxes and performs the following steps: a. It retrieves the Active Directory object of the source user using Get-ADUser and specifies that it needs the MemberOf property to fetch the group memberships. b. If the source user exists, it fetches the list of groups the source user is a member of. c. It then retrieves the Active Directory object of the target user. d. If the target user exists, it iterates through the source user's group memberships and adds each group to the target user using Add-ADGroupMember. e. If the process is successful, a success message is displayed using MessageBox. If the source or target user is not found, an appropriate error message is displayed.

 

7. Finally, the script displays the Windows Form using $Form.ShowDialog().

This script simplifies the process of replicating group memberships from one user to another in Active Directory, making it user-friendly and suitable for administrators managing user access within an organization's network resources.

<#

.SYNOPSIS

    This script creates a Windows Forms application for replicating group memberships between two Active Directory users.

.DESCRIPTION

 

    Author: Navinya Ambre

    Date: 10/10/2023

 

    This PowerShell script provides a user-friendly interface to replicate group memberships between two Active Directory (AD) users. Group memberships are crucial in controlling access to resources within an organization's network. This script simplifies the process of transferring group memberships from one user to another, helping administrators efficiently manage user access.

 

    When executed, the script displays a graphical interface that includes:

    - Input fields for specifying the source and target users.

    - A "Replicate Group Membership" button to initiate the replication process.

 

    The replication process involves the following steps:

    1. Retrieving the source user's AD object, including their group memberships.

    2. Verifying the existence of the target user.

    3. Adding the source user's group memberships to the target user.

 

    If successful, the script notifies the user with a success message. If errors occur (e.g., user not found), appropriate error messages are displayed.

 

    This script is particularly useful for administrators who need to efficiently manage group memberships, ensuring that users have the appropriate access privileges within the organization's network resources.

 

.NOTES

    - PowerShell Version: 5.1 or later

    - Active Directory module is required for AD operations.

 

.EXAMPLE

    To replicate group memberships:

    1. Launch the script.

    2. Enter the source user's name in the "Source User" textbox.

    3. Enter the target user's name in the "Target User" textbox.

    4. Click the "Replicate Group Membership" button.

 

    The script will attempt to replicate group memberships from the source user to the target user and display a success or error message accordingly.

 

#>

 

 

Add-Type -AssemblyName System.Windows.Forms

 

# Create the form

$Form = New-Object Windows.Forms.Form

$Form.Text = "Group Membership Replication Tool"

$Form.Size = New-Object Drawing.Size(400, 200)

$Form.StartPosition = "CenterScreen"

$Form.FormBorderStyle = [Windows.Forms.FormBorderStyle]::FixedSingle

$Form.MaximizeBox = $false

 

# Labels

$sourceLabel = New-Object Windows.Forms.Label

$sourceLabel.Text = "Source User:"

$sourceLabel.Location = New-Object Drawing.Point(20, 20)

$Form.Controls.Add($sourceLabel)

 

$targetLabel = New-Object Windows.Forms.Label

$targetLabel.Text = "Target User:"

$targetLabel.Location = New-Object Drawing.Point(20, 50)

$Form.Controls.Add($targetLabel)

 

# Textboxes

$sourceTextBox = New-Object Windows.Forms.TextBox

$sourceTextBox.Location = New-Object Drawing.Point(120, 20)

$Form.Controls.Add($sourceTextBox)

 

$targetTextBox = New-Object Windows.Forms.TextBox

$targetTextBox.Location = New-Object Drawing.Point(120, 50)

$Form.Controls.Add($targetTextBox)

 

# Button

$replicateButton = New-Object Windows.Forms.Button

$replicateButton.Text = "Replicate Group Membership"

$replicateButton.Location = New-Object Drawing.Point(120, 90)

$replicateButton.Add_Click({

    $sourceUser = $sourceTextBox.Text

    $targetUser = $targetTextBox.Text

 

    # Retrieve the source user object

    $sourceUserObj = Get-ADUser -Identity $sourceUser -Properties MemberOf

 

    if ($sourceUserObj) {

        # Get the list of groups the source user is a member of

        $sourceGroups = $sourceUserObj.MemberOf

 

        # Retrieve the target user object

        $targetUserObj = Get-ADUser -Identity $targetUser

 

        if ($targetUserObj) {

            # Add the source user's group membership to the target user

            $sourceGroups | ForEach-Object {

                Add-ADGroupMember -Identity $_ -Members $targetUserObj

            }

 

            [System.Windows.Forms.MessageBox]::Show("Group membership replicated successfully.", "Success", [System.Windows.Forms.MessageBoxButtons]::OK, [System.Windows.Forms.MessageBoxIcon]::Information)

        } else {

            [System.Windows.Forms.MessageBox]::Show("Target user not found.", "Error", [System.Windows.Forms.MessageBoxButtons]::OK, [System.Windows.Forms.MessageBoxIcon]::Error)

        }

    } else {

        [System.Windows.Forms.MessageBox]::Show("Source user not found.", "Error", [System.Windows.Forms.MessageBoxButtons]::OK, [System.Windows.Forms.MessageBoxIcon]::Error)

    }

})

$Form.Controls.Add($replicateButton)

 

# Display the form

$Form.ShowDialog()

Please consider this an open forum for sharing your thoughts, modifications, and suggestions regarding the script. Your input and feedback are highly encouraged and valued.