Copy a User's Properties
Applies To: Windows Server 2008 R2
This topic explains how to use the Active Directory module for Windows PowerShell to copy the properties of one user to another user.
The following example is a sample script that you can use to copy properties of the user Sara Davis to the user Miles Reid. Some user object properties are disallowed in a Modify operation (see 3.1.1.5.3.2 Constraints for a complete list). You can either pass the list of properties that you want to copy, or if you want to use an instance, you can make all the properties of the instance that you do not want to copy as null.
$u=Get-ADUser -Identity Sara Davis -Properties Division, HomeDirectory, Manager, ProfilePath, Path
$u.UserPrincipalName = $null
New-ADUser -Instance $u -SamAccountName Miles Reid –UserPrincipalName MilesReid@Contoso.com –Name 'Miles Reid' -AccountPassword (ConvertTo-SecureString -AsPlainText "p@ssw0rd" -Force)
In Windows Server 2012 R2 and later, the –UserPrincipalName must be unique. You can avoid a UPN uniqueness error by specifying a unique value for –UserPrincipalName with the New-ADUser cmdlet.
A script is a series of Active Directory module cmdlets. For more information about running Active Directory module scripts see, Running Windows PowerShell Scripts (https://go.microsoft.com/fwlink/?LinkID=119588)
You can use the following parameters when you set many of the common values that are associated with creating a new user in Active Directory Domain Services (AD DS):
-AccountExpirationDate
-AccountNotDelegated
-AccountPassword
-AllowReversiblePasswordEncryption
-CannotChangePassword
-ChangePasswordAtLogon
-Enabled
-PasswordNeverExpires
-PasswordNotRequired
-SmartcardLogonRequired
-TrustedForDelegation
-DisplayName
-GivenName
-Initials
-OtherName
-Surname
-Description
-City
-Country
-POBox
-PostalCode
-State
-StreetAddress
-Company
-Department
-Division
-EmployeeID
-EmployeeNumber
-Manager
-Office
-Organization
-Title
-Fax
-HomePhone
-MobilePhone
-OfficePhone
-EmailAddress
-HomeDirectory
-HomeDrive
-HomePage
-ProfilePath
-ScriptPath
-Certificates
-LogonWorkstations
-PermittedLogonTimes
-UserPrincipalName
-ServicePrincipalNames
In addition to the standard Lightweight Directory Access Protocol (LDAP) attributes, you can retrieve the following extended properties of the Get-ADUser cmdlet by using the -Properties parameter:
City
Country
EmailAddress
Fax
LogonWorkstations
MobilePhone
Office
OfficePhone
Organization
OtherName
POBox
SmartcardLogonRequired
State
Surname
For a full explanation of the parameters that you can pass to New-ADUser or Get-ADUser, at the Active Directory module command prompt, type Get-Help New-ADUser –detailed or Get-Help Get-ADUser –detailed, and then press ENTER.