How to Copy Office 365 Group membership to another user using PowerShell?

Requirement: Copy group membership to another user in Office 365

How to Copy O365 group membership from one user to another?

If you’re administering Office 365 and need to copy the group membership from one user to another, there’s no easy way to do it! Let me walk you through the steps required to duplicate the group memberships of one user into another.

  • Login to Microsoft 365 Admin Center at https://admin.microsoft.com/
  • Click on Groups >> Active Groups. Search and Pick the source user >> in the user properties panel, note down all groups the user is a member of.how to copy office 365 group memberships
  • Now, select the target user >> Assign Memberships to the target user from the list of groups you have noted down from the source user.

How painful is this manual process when you have a bunch of groups? What if we automate this process with a PowerShell script that would read out the membership of a source user and then add the new user to the same group?

PowerShell to Copy Office 365 Group Memberships

If you want to clone all group memberships of a user in the Microsoft 365 environment, use this PowerShell script. Make sure the Azure AD module is installed before executing this script.

#Parameters
$SourceUserAccount = "[email protected]"
$TargetUserAccount = "[email protected]"

#Connect to Azure AD
Connect-AzureAD

#Get the Source and Target users
$SourceUser = Get-AzureADUser -Filter "UserPrincipalName eq '$SourceUserAccount'"
$TargetUser = Get-AzureADUser -Filter "UserPrincipalName eq '$TargetUserAccount'"

#Check if source and Target users are valid
If($SourceUser -ne $Null -and $TargetUser -ne $Null)
{
    #Get All memberships of the Source user
    $SourceMemberships = Get-AzureADUserMembership -ObjectId $SourceUser.ObjectId | Where-object { $_.ObjectType -eq "Group" }

    #Get-AzureADUserOwnedObject -ObjectId $SourceUser.ObjectId

    #Loop through Each Group
    ForEach($Membership in $SourceMemberships)
    {
        #Check if the user is not part of the group
        $GroupMembers = (Get-AzureADGroupMember -ObjectId $Membership.Objectid).UserPrincipalName
        If ($GroupMembers -notcontains $TargetUserAccount)
        {
            #Add Target user to the Source User's group
            Add-AzureADGroupMember -ObjectId $Membership.ObjectId -RefObjectId $TargetUser.ObjectId
            Write-host "Added user to Group:" $Membership.DisplayName
        }
    }
}
Else
{
    Write-host "Source or Target user is invalid!" -f Yellow
}

Please note, this script gets all group memberships including Microsoft 365 groups / Unified groups, Security Groups, Distribution Lists, and Mail enabled security groups of the given user where he’s added as a member of the group. To get all groups where the user is an owner, use:

$Ownerships  = Get-AzureADUserOwnedObject -ObjectId $SourceUser.ObjectId | Where-object { $_.ObjectType -eq "Group" 

Here is the PowerShell script to copy the user’s group ownership:

#Parameters - UPN
$SourceUserAccount = "[email protected]"
$TargetUserAccount = "[email protected]"

#Connect to Azure AD
Connect-AzureAD

#Get the Source and Target users
$SourceUser = Get-AzureADUser -Filter "UserPrincipalName eq '$SourceUserAccount'"
$TargetUser = Get-AzureADUser -Filter "UserPrincipalName eq '$TargetUserAccount'"

#Check if source and Target users are valid
If($SourceUser -ne $Null -and $TargetUser -ne $Null)
{
    #Get All Groups where the Source user is a Owner
    $SourceOwnerships = Get-AzureADUserOwnedObject -ObjectId $SourceUser.ObjectId | Where-object { $_.ObjectType -eq "Group" }

    #Loop through Each Group
    ForEach($Ownership in $SourceOwnerships)
    {
        #Check if the user is not part of the group
        $GroupOwners = (Get-AzureADGroupOwner -ObjectId $Ownership.Objectid).UserPrincipalName
        If ($GroupOwners -notcontains $TargetUserAccount)
        {
            #Add Target user to the Source User's group
            Add-AzureADGroupOwner -ObjectId $Ownership.ObjectId -RefObjectId $TargetUser.ObjectId
            Write-host "Added user to Group:" $Ownership.DisplayName
        }
    }
}
Else
{
    Write-host "Source or Target user is invalid!" -f Yellow
}

Salaudeen Rajack

Salaudeen Rajack - SharePoint Expert with Two decades of SharePoint Experience. Love to Share my knowledge and experience with the SharePoint community, through real-time articles!

2 thoughts on “How to Copy Office 365 Group membership to another user using PowerShell?

  • Hi,
    I received the same error message. Office 365 groups were successfully copied but mail enabled and distro group membership was not. Please help.

    Reply
  • Hi was able to add some groups but for all mail enable groups i get below error message

    Added user to Group: Sales-All
    Add-AzureADGroupMember : Error occurred while executing AddGroupMember
    Code: Request_BadRequest
    Message: Cannot Update a mail-enabled security groups and or distribution list.
    RequestId: ed3671e6-eef5-4d8d-b330-89759571f24b
    DateTimeStamp: Thu, 03 Feb 2022 16:42:43 GMT
    HttpStatusCode: BadRequest
    HttpStatusDescription: Bad Request
    HttpResponseStatus: Completed
    At line:28 char:13
    + Add-AzureADGroupMember -ObjectId $Membership.ObjectId -Re …
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (:) [Add-AzureADGroupMember], ApiException
    + FullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD16.PowerShell.AddGroupMember

    Reply

Leave a Reply

Your email address will not be published.