Solved

Dynamic group memberships

Posted on 2004-04-23
3
257 Views
Last Modified: 2010-04-19
I know Aelita makes a tool that allows for dynamic group membership.

Is there any others out there? or can it be scripted somehow?

What I want is the ability to have an ACL group that will give rights to a folder based on an attribute in their user account (such as location field). I want it to be dynamic, so that if I change the attribute it will remove them from the group and add them to the appropriate group.

Anyone?

0
Comment
Question by:TheCleaner
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 10

Accepted Solution

by:
KingHollis earned 250 total points
ID: 10904204
TheCleaner,

Using ADSI scripting, you can do such a thing:
1. You would have to create the groups and give the groups the access you require.
2. You would have to write the ADSI script(s) that would run against members in the group(s) looking for the attribute. If the attribute was not present in the member then you would have your batch file make a call to another ADSI script to remove the member.
3. You would also have to create another ADSI script which would run against all members in your domain looking for the attribute. If found, your batch file would make another call to another ADSI script(s) to add the members to specific groups.
4. Then you would either manually run these batch files or schedule them with the proper authority.

Sounds complicated, but it isn't really. It's just teduious and time consuming and will require you to become a bit familiar with ADSI scripting-- which you should because there are a lot of cool things admins can do without having to know a whole lot about programming. Otherwise, this is why Aelita gets paid the big bucks!
0
 
LVL 23

Author Comment

by:TheCleaner
ID: 11059280
KingHollis,

Thanks for the information.  We decided the Aelita product was well worth it in the long run, so that's the direction we went.

Thanks for your help though...points awarded, and a B grade given...
0
 
LVL 10

Expert Comment

by:KingHollis
ID: 11062511
TheCleaner,

Aelita makes good stuff, so definitely not a bad move.
Thanks for your consideration and best of luck!
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question