Jaa


Copy AD User Profile Path etc between Domain User Objects

Here's a weird one, you are migrating users from multiple domains to a single domain and your migration process\procedure had determined that the primary domain of a user was not what it actually is, so the settings (Profile Path, Home Drive\Directory, and Script Path) for the new user are for the wrong account. For various reasons you don't want or cannot merge the user objects attributes. This was one of the queries posed to me recently by a customer.

 

The script below gives a remedy to this by taking as a command line parameter the name and domain of one domain user and copying profile settings (the Profile Path, Home Drive & Directory, and Script Path) to relevant attributes of another command line parameter specified user name (in another domain). I even included the ability to prefix the ScriptPath Attribute (in case you use a different folder tree in the new domain).

 

Before using the script read the header to give you a clue as to the syntax. I have attached a copy of the code in a text file at the bottom of this post.

<#
####################################################################
Copy-UserProfile.ps1

Syntax: Copy-UserProfile.ps1 -srcDomain <SourceDomain> -destDomain <DestinationDomain> -scriptPathPrefix <ScriptPrefix> -srcsAMAccountName <UserNetbiosName> -

destsAMAccountName <UserNetbiosName>

Example: Copy-UserProfile.ps1 -srcDomain domain1.local -destDomain woodgrovebank.com -scriptPathPrefix domain1\ -srcsAMAccountName carlh -destsAMAccountName carlh2

Purpose: This Sets the ProfilePath, ScriptPath, HomeDrive and HomeDirectory of the user carlh2 in the
          Woodgrovebank.com domain to the same settings as those for carlh in domain.local. Additionally,
          the scriptPath attribute content is prefixed with the word domin1\

Params: As shown in syntax above or by typing the script name at the command prompt

Req: Windows 2003 SP2 or above, Powershell V2.
  run "set-executionpolicy remotesigned" in Powershell

  https://blogs.technet.com/b/carlh

Author: Carl Harrison

    This script is provided "AS IS" with no warranties, confers no rights and
    is not supported by the authors or Microsoft Corporation.
    Use of this script sample is subject to the terms specified at
    https://www.microsoft.com/info/copyright.mspx.

Version: 1.0 - First cut

####################################################################
#>

Param (
 [Parameter()][string]$srcDomain='',
 [Parameter()][String]$destDomain='',
        [Parameter()][String]$scriptPathPrefix='',
        [Parameter()][String]$srcsAMAccountName='',
        [Parameter()][String]$destsAMAccountName='')

Function GetSetUserHelp () {
$helptext=@"
NAME: Copy-UserPofile.ps1
Used to copy User Profile, Logon Script and Home details of user
from one domain to the next.

PARAMETERS:
-srcDomain Source Domain (Required)
-destDomain Destination Domain (Required)
-scriptPathPrefix Prefix to add to Script Path attribute (include any back slashes or forward slashes as required)
-srcsAMAccountName Netbios name of the user account in the source domain (Required)
-destsAMAccountName Netbios name of the user account in the destination domain (Required)

SYNTAX:
Copy-UserProfile.ps1 -srcDomain domain1.local -destDomain woodgrovebank.com -scriptPathPrefix domain1\ -srcsAMAccountName carlh -destsAMAccountName carlh2

This Sets the ProfilePath, ScriptPath, HomeDrive and HomeDirectory of the user carlh2 in the
Woodgrovebank.com domain to the same settings as those for carlh in domain.local. Additionally,
the scriptPath attribute content is prefixed with the word domin1\

"@
$helptext
exit
}

Function Get-LDAPUser ($UserName, $SourceDomain) {
    $domain1 = new-object DirectoryServices.DirectoryEntry ("LDAP://$SourceDomain")
    $searcher = new-object DirectoryServices.DirectorySearcher($domain1)
    $searcher.filter = "(&(objectClass=user)(sAMAccountName= $UserName))"
    $searcher.findone().getDirectoryEntry()
    $domain1 =""
}

Function Set-LDAPUser ($UserName2, $DestinationDomain) {
    $domain2 = new-object DirectoryServices.DirectoryEntry ("LDAP://$DestinationDomain")
    $searcher = new-object DirectoryServices.DirectorySearcher($domain2)
    $searcher.filter = "(&(objectClass=user)(sAMAccountName= $UserName2))"
    $destUser = $searcher.findone().getDirectoryEntry()
    $destUser.scriptPath = "$Global:ScriptPathPrefix" + $Global:srcUser.scriptPath
    $destUser.profilePath = $Global:srcUser.profilePath
    $destUser.homeDrive = $Global:srcUser.homeDrive
    $destUser.homeDirectory = $Global:srcUser.homeDirectory
    $destUser.setinfo()
    $domain2 = ""
}

if(!($srcDomain)) {"Source Domain Required";GetSetUserHelp}
if(!($destDomain)) {"Destination Domain Required";GetSetUserHelp}
if(!($srcsAMAccountName)) {"Netbios Name or Source Account Required";GetSetUserHelp}
if(!($destsAMAccountName)) {"Netbios Name or Destination Account Required";GetSetUserHelp}

$Global:ScriptPathPrefix = $ScriptPathPrefix
$Global:srcUser = get-ldapuser $srcsAMAccountName $srcDomain
Write-Host $Global:srcUser.displayName "in domain $srcDomain settings are:"
$Global:srcUser.scriptPath
$Global:srcUser.profilePath
$Global:srcUser.homeDrive
$Global:srcUser.homeDirectory
set-ldapuser $destsAMAccountName $destDomain
$Global:destUser = get-ldapuser $destsAMAccountName $destDomain
Write-Host ""
Write-Host $Global:destUser.displayName "in domain $destDomain settings are now:"
$Global:destUser.scriptPath
$Global:destUser.profilePath
$Global:destUser.homeDrive
$Global:destUser.homeDirectory

$Global:destUser = ""
$Global:srcUser = ""
$ScriptPathPrefix = ""

 

 

Copy-UserProfile.ps1.txt