Solved

Dynamic group memberships

Posted on 2004-04-23
3
255 Views
Last Modified: 2010-04-19
I know Aelita makes a tool that allows for dynamic group membership.

Is there any others out there? or can it be scripted somehow?

What I want is the ability to have an ACL group that will give rights to a folder based on an attribute in their user account (such as location field). I want it to be dynamic, so that if I change the attribute it will remove them from the group and add them to the appropriate group.

Anyone?

0
Comment
Question by:TheCleaner
  • 2
3 Comments
 
LVL 10

Accepted Solution

by:
KingHollis earned 250 total points
ID: 10904204
TheCleaner,

Using ADSI scripting, you can do such a thing:
1. You would have to create the groups and give the groups the access you require.
2. You would have to write the ADSI script(s) that would run against members in the group(s) looking for the attribute. If the attribute was not present in the member then you would have your batch file make a call to another ADSI script to remove the member.
3. You would also have to create another ADSI script which would run against all members in your domain looking for the attribute. If found, your batch file would make another call to another ADSI script(s) to add the members to specific groups.
4. Then you would either manually run these batch files or schedule them with the proper authority.

Sounds complicated, but it isn't really. It's just teduious and time consuming and will require you to become a bit familiar with ADSI scripting-- which you should because there are a lot of cool things admins can do without having to know a whole lot about programming. Otherwise, this is why Aelita gets paid the big bucks!
0
 
LVL 23

Author Comment

by:TheCleaner
ID: 11059280
KingHollis,

Thanks for the information.  We decided the Aelita product was well worth it in the long run, so that's the direction we went.

Thanks for your help though...points awarded, and a B grade given...
0
 
LVL 10

Expert Comment

by:KingHollis
ID: 11062511
TheCleaner,

Aelita makes good stuff, so definitely not a bad move.
Thanks for your consideration and best of luck!
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

822 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question