Using the Active Directory command-line tools, I have scripted CopyDomGroups.bat to 'copy' domain group membership from a source account to a destination account.

The syntax for using CopyDomGroups.bat is:

CopyDomGroups From Add_or_Replace \[To\]

where:

From is the the source account, using the NetBIOS (SamId) account name in the current domain.

Add_or_Replace is an A to add the accounts from the source user (From) to the destination user (To), and a R replaces the destination user's (To) group membership with the source user's (From) group membership.

To is the destination account, using the NetBIOS (SamId) account name in the current domain. If omitted, the current user (%UserName%) is used.

NOTE: All domain group scopes and group types (security or distribution) are 'copied'.

CopyDomGroups.bat contains:

<font size="1">@echo off
if \{%2\}<h1><a name="_echo_Syntax_Call_CopyDomGroups_From_Add_or_Replace_To_amp_goto_EOF_setlocal_set_from_1_set_ar_2_set_to_username_if_not_3_">\{\} @echo Syntax: Call CopyDomGroups From Add_or_Replace \[To\]&goto :EOF
setlocal
set from=%1
set ar=%2
set to=%username%
if not \{%3\}</a></h1>\{\} set to=%3
if /i "%ar%" EQU "a" goto arok
if /i "%ar%" NEQ "r" @echo Syntax: Call CopyDomGroups From MergeReplace \[To\]&goto finish
:arok
for /f "Tokens=*" %%u in ('dsquery user -samid %from%') do set fdn=%%u
if not defined fdn @echo CopyDomGroups %from% not found.&goto finish
for /f "Tokens=*" %%u in ('dsquery user -samid %to%') do set tdn=%%u
if not defined tdn @echo CopyDomGroups %to% not found.&goto finish
if /i "%ar%" EQU "a" goto add
@echo.>%TEMP%\CopyDomGroups.tmp
for /f "Tokens=*" %%a in ('dsget user %fdn% -memberof') do @echo %%a>>%TEMP%\CopyDomGroups.tmp
for /f "Tokens=*" %%b in ('dsget user %tdn% -memberof ^|findstr /i /l /v /g:%TEMP%\CopyDomGroups.tmp') do set DN=%%b&call :rparse
:add
@echo.>%TEMP%\CopyDomGroups.tmp
for /f "Tokens=*" %%a in ('dsget user %tdn% -memberof') do @echo %%a>>%TEMP%\CopyDomGroups.tmp
for /f "Tokens=*" %%b in ('dsget user %fdn% -memberof ^|findstr /i /l /v /g:%TEMP%\CopyDomGroups.tmp') do set DN=%%b&call :aparse
:finish
if exist %TEMP%\CopyDomGroups.tmp del /a %TEMP%\CopyDomGroups.tmp
endlocal
goto :EOF
:rparse
dsmod group %DN% -rmmbr %tdn% >nul
goto :EOF
:aparse
dsmod group %DN% -addmbr %tdn% >nul</font>