Why would you need to do this? Suppose that the person that you inherited the Citrix environment from has published a large portion of the applications to Domain Users. Now you need to make a fundamental change to the user environment for only some of the users. How do you migrate groups of users w/o doubling the icons they see? I chose to first change the group to a group populated with all users. Then move users from that group to a new group for the new icons.
If you're fortunate enough to have 5000 user objects or less, this is a trivial powershell command (something like -- get-adgroupmember -Identity "Domain Users" | Add-ADGroupMember -member $_.samaccountname -Identity "NewGroup" -- full disclosure, I didn't test this command).
What I had to do was use a dsquery command to output the list to a text file.
dsquery group -samid "Domain Users" | dsget group -members | dsget user -samid > C:\Temp\ALL_Users.txt
Then loop through the list and import via powershell.
import-module activedirectory
foreach ($user in (gc c:\temp\All_Users.txt) ) { add-adgroupmember -member $user.trim() -Identity "NewGroup1" }
Best of luck! Again, this is without guarantees or warranties. You're on your own if this doesn't work or has unintended effects.
