Why Isn't New-ADuser Copying Group Memberships?

Question

I have a script that allows people to create a new user from scratch or copying another user but for some reason it is not copying AD group memberships. Any help would be greatly appreciated.

I am getting the user information with this command which is working fine.

$userToCopy = Get-ADUser -identity $copyUsername -Properties Department, title, Company, MemberOf

Then I am asking questions to get updated info for the new user then creating the new use with this command and everything works but the group memberships do not copy over which I was expecting that using the $userToCopy as the -Instance would do.

New-ADUser -SamAccountName "$username" -Name "$fname $lname" -DisplayName "$fname $lname" -Surname "$lname" -GivenName "$fname" -userprincipalname "$fname.$lname@$domain" `
               -AccountPassword $secPassword -ChangePasswordAtLogon $True -Office "$empID" -MobilePhone "$mobilePhone" -OfficePhone "$officePhone" -Title "$jobTitle" -department "$department" `
                 -ProfilePath "" -Path "$OUDN" -Instance $userToCopy -Credential $UserCredential -Server "BOM.chris.domain" -Enabled $True -Company "Chris"

Answer 1

This issue makes sense and then again it doesn't. Since ADUC supports copying groups from another account, it would seem like the same feature would be available with New-ADUser -Instance. However, New-ADUser does not seem to support updating group membership with any of its parameters. I can only guess, but I imagine this is because MemberOf is a calculated property rather than a direct attribute defined by the schema. You could do the following though with one line of code after creating the user.

Add-ADPrincipalGroupMembership -Identity $username -MemberOf $UserToCopy.MemberOf -Server "BOM.chris.domain"

The code above without -Identity $username could be piped into after the New-ADUser command provided you add the -Passthru switch to New-ADUser.