<

How to use User Attributes within Group Policy Preferences Item Level Filtering

Published on
4,828 Points
528 Views
3 Endorsements
Last Modified:
Shaun Vermaak
My name is Shaun Vermaak and I have always been fascinated with technology and how we use it to enhance our lives and business.
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.

1) Create an environmental variable to store the default value for the user attribute, Mobile (#1) in this case



2) Create an environmental variable to store the value for the user attribute, Mobile (#2) in this case



3) From the Common tab, enable Item-level targeting. Add LDAP query filter and enter the following values


Name Value
Filter
(&(objectCategory=person)(objectClass=user)(sAMAccountName=%LogonUser%))
Binding
LDAP:
Attribute
mobile
Environmental variable name
usermobile




4) Create an environmental variable to store the positive outcome, NeedsToRun (#3) in this case



5) From the Common tab, enable Item-level targeting. Add environment variable filter as below



6) Create an environmental variable to store the negative outcome, NeedsToRun (#4) in this case



7) From the Common tab, enable Item-level targeting. Add environment variable filter as below


The variable NeedsToRun can now be used as a trigger on any Group Policy


Please do not forget to press the "Thumb's Up" button if this article was helpful and valuable for EE members.
It also provides me with positive feedback. Thank you!

3
Comment
1 Comment
 
LVL 39

Author Comment

by:Shaun Vermaak
Hiya. Yes I tried it without but could not get a variable to use for getting the value
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Join & Write a Comment

This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month