Why would you need to do this? Suppose that the person that you inherited the Citrix environment from has published a large portion of the applications to Domain Users. Now you need to make a fundamental change to the user environment for only some of the users. How do you migrate groups of users w/o doubling the icons they see? I chose to first change the group to a group populated with all users. Then move users from that group to a new group for the new icons.
If you're fortunate enough to have 5000 user objects or less, this is a trivial powershell command (something like -- get-adgroupmember -Identity "Domain Users" | Add-ADGroupMember -member $_.samaccountname -Identity "NewGroup" -- full disclosure, I didn't test this command).
What I had to do was use a dsquery command to output the list to a text file.
dsquery group -samid "Domain Users" | dsget group -members | dsget user -samid > C:\Temp\ALL_Users.txt
Then loop through the list and import via powershell.
import-module activedirectory
foreach ($user in (gc c:\temp\All_Users.txt) ) { add-adgroupmember -member $user.trim() -Identity "NewGroup1" }
Best of luck! Again, this is without guarantees or warranties. You're on your own if this doesn't work or has unintended effects.
I've since also learned about csvde which can do the export based upon LDAP query language.
ReplyDelete