CreateNewAADUser&DuplicateGroups_v1.ps1

# import the Azure Active Directory module in order to be able to use Get-AzureADUserMembership and Add-AzureADGroupMember cmdlet
import-Module AzureAD

Connect-AzureAD
Connect-MgGraph -Scopes User.ReadWrite.All, Organization.Read.All

function Get-RandomPassword {
    param (
        [Parameter(Mandatory)]
        [int] $length,
        [int] $amountOfNonAlphanumeric = 1
    )
    Add-Type -AssemblyName 'System.Web'
    return [System.Web.Security.Membership]::GeneratePassword($length, $amountOfNonAlphanumeric)
}

# enter login name of the first user
$userTemplate = Read-host "Enter username@domain to copy from: "

# Get ObjectId based on username of user to copy from
$userTemplateObj = Get-AzureADUser -ObjectID $userTemplate

# Get new user info
$fName = Read-host "Enter the new staff FIRST name: "
$lName = Read-host "Enter the new staff LAST Name: "
$usernameNew = "$($fName.Substring(0, [Math]::Min($fName.Length, 1)))$($lName)"
$userEmailNew = "$($usernameNew)@domain"

$answer = read-host "Create new user $($userEmailNew) based on $($$userTemplate)? [Y] or [N]?"

if ($answer -eq 'Y') {
    $jobTitle = $userTemplateObj.JobTitle
    $showInAddressList = $true

    #Do not show the user in GAL if <dept>
    if($jobTitle -Match "<dept>"){ $showInAddressList = $false }

    $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile
    $PasswordProfile.Password = Get-RandomPassword 12

    #Create user in AAD
    New-AzureADUser -DisplayName "$($fName ) $($lName)" -PasswordProfile $PasswordProfile -UserPrincipalName "$($userEmailNew)" -AccountEnabled $true -MailNickName "$($usernameNew)" -JobTitle "$($jobTitle)" -ShowInAddressList $showInAddressList

    #Set properties
    $manager = Get-AzureADUserManager -ObjectId $userTemplate
    Set-AzureADUserManager -ObjectId $userEmailNew -RefObjectId $manager

    #Assign the new user the licenses from the template user
    $mgUser = Get-MgUser -UserId "$($userTemplate)"
    Set-MgUserLicense -UserId "$($userEmailNew)" -AddLicenses $mgUser.AssignedLicenses -RemoveLicenses @()

    #Get Dynamic groups to skip in the next step to avoid errors
    $dynamicGroups = Get-AzureADMSGroup -Filter "groupTypes/any(c:c eq 'DynamicMembership')" -All:$true

    #Add the member to the groups
    $membershipGroups = Get-AzureADUserMembership -ObjectId $userTemplateObj.ObjectId

    Write-Host "\-- Groups available to copy from" $userTemplate to $userEmailNew "--\" -ForegroundColor Yellow

    foreach($group in $membershipGroups) {
        $isGroup = $true
        foreach ($dgroup in $dynamicGroups){
            if ($group.DisplayName -eq $dgroup.DisplayName){
                Write-Host "[!] - Skipping dynamic group " $dgroup.DisplayName " ... " -ForegroundColor Yellow
                $isGroup = $false
            }
        }
        if ($isGroup){
            Write-Host $group.DisplayName
            Write-Host "[!] - Adding" $userEmailNew " to " $group.DisplayName "... " -ForegroundColor Green -nonewline
            Add-AzureADGroupMember -ObjectId $group.ObjectId -RefObjectId $userEmailNew
            Write-Host "Done"
        }
    }
    Write-Host "The temporary password for user: $($userEmailNew) is: $($PasswordProfile.Password)"
}
else {
    Write-Host "Cancelling..."
    return
}