I need to clean this up and update it further, but here it is anyway…

I have edited my script to copy Active Directory group membership down to about 5 lines of code for the export process. This version of the export process allows you to bypass the installation of the Quest AD add-in, which is very handy for those without administrative credentials. The first line of the script is unnecessary if you are copying your current domain; however, if you need to copy a child/uncle/other domain, it will allow you to do so with the proper credentials and network access.

New-PSDrive –Name MyOtherAD –PSProvider ActiveDirectory –Server 'DOMAIN.NAME' –credential (Get-Credential 'DOMAIN\username') –root ‘//RootDSE/’ ; cd MyOtherAD:

$OUList = Get-ADObject -Filter {(ObjectClass -eq "organizationalunit")}

$Collection = get-adgroup -filter * -properties * | select-object -Property Name,@{name='memberof';expression={$_.memberof -join ';'}},DistinguishedName,objectGuid

$OUList | export-csv c:\oulist.csv
$collection | export-csv c:\grouplist.csv

In lieu of exporting to a CSV (which is necessary when transferring across physical networks), replace the last line with:

$collection | % { $grp.memberof = $grp.memberof.split(";") ; $grp.edmPolicy = $grp.edmPolicy.split(";") }

The import process will remain the same as before.

