A question was asked at Daniel Petri's forums about copying AD user's group membership using dsquery/dsmod tools. Having some spare time I have written a batch script that does just that - looks at memberOf attribute of source user account and joins the target account to those groups.
Important: if the source account is a member in a group that resides in another forest or the group is of Domain Local type, the fact is not reflected in the memberOf attribute and membership in those group will not be copied between accounts. The script is mosly usefull in single domain AD, where the caviats mentioned above do not apply.
Code:
:: CpGroups.CMD - Guy Teverovsky - December 2006
::
:: Copies group membership between user accounts
@echo off
setlocal ENABLEDELAYEDEXPANSION
setlocal ENABLEEXTENSIONS
if "%1"=="" goto :SYNTAX
if "%1"=="/?" goto :SYNTAX
echo/
:: Define initial environment
set source_usr=%1
set target_usr=%2
set scriptname=CpGroups
:: Determine if supplied arguments were sufficient
if "%source_usr%"=="" (
echo/
echo ERROR - Insufficient arguments
goto :SYNTAX
)
if "%target_usr%"=="" (
echo/
echo ERROR - Insufficient arguments
goto :SYNTAX
)
:: Locate critical executables
for %%e in (dsquery.exe dsget.exe) do (
set where="%%~$PATH:e"
if "!where!"=="""" (
echo ERROR - Required executable, "%%e", not located within the path
goto :END
)
)
for /f "delims=" %%i in ('dsquery user -samid %source_usr%') do (
setlocal DISABLEEXTENSIONS
set source_usr_dn=%%i
setlocal ENABLEEXTENSIONS
)
if %source_usr_dn%=="" (
echo/
echo ERROR - Source user account not found
goto :END
)
for /f "delims=" %%i in ('dsquery user -samid %target_usr%') do (
setlocal DISABLEEXTENSIONS
set target_usr_dn=%%i
setlocal ENABLEEXTENSIONS
)
if %target_usr_dn%=="" (
echo/
echo ERROR - Target user account not found
goto :END
)
for /f "delims=" %%i in ('dsget user %source_usr_dn% -memberof') do (
dsmod group %%i -addmbr %target_usr_dn%
)
goto :END
:SYNTAX
echo/
echo SYNTAX - %scriptname% [source account samid] [target account samid]
echo/
echo * [source account samid] is the account to copy the group membership from
echo * [target account samid] is the account to copy the group membership to
echo/
echo e.g. - %scriptname% jdoe bsmith
echo/
:END
Download the script
I have been fighting this one for several years. Because of the way the daylight savings start and end time were determined in Israel till not long ago, the operating systems that came out of Microsoft's playground do not contain the settings required for configuring summer clock for Israel. If you are looking for more details, you can take a look at my article for year 2005 at Daniel Petri's website and Daniel's excellent followup in 2006 - both articles were written in order to help system administrators to cope with the process of updating the client computers and coping with issues related to those updates.
But it looks like this year it is going to be different - Microsoft have finally included Israel in the 2007 round of daylight savings updates and the result is KB article 928388 . To put the long story short, if you were among those that were updating their environment and were using custom tools, this year all you will have to do is to deploy the update that will be available via Microsoft/Windows Update or WSUS services.
What this hotfix does ?
The hotfix updates the daylight savings settings on the client computer to reflect the start and end date of summer clock for more than 30 different time zones (Israel among them) on the computer. In addition the tool changes the way the information is stored in the registry and configures the computer to have the correct settings till year 2023 (hurray! no more yearly updates!). After you install the update, the computer's registry will look like this:
Notice the "Dynamic DST" registry key and the values representing different years that have been added under "Israel Standard Time" key.
Why there is no Vista version ?
Vista already contains the updated time zone definitions.
What about Exchange ?
Currently a test version of update for Exchange server can be downloaded from the following link: http://support.microsoft.com/kb/926666. The update is supposed to address issues related to CDO based programs like Outlook Web Access that are not aware of summer clock start/end dates configured on the client computer. I suggest you to check out the following link for updated versions of the hotfix for Exchange: http://www.microsoft.com/windows/timezone/exchange.mspx
Where can I find more information ?
http://www.microsoft.com/windows/timezone/dst2007.mspx is right place to go.