Solved

How to create dynamic Groups in Active Directory (not dynamic Distribution List)

Posted on 2006-07-21
8
8,642 Views
Last Modified: 2009-07-01
Hello,

is there a way to create groups dynamically based on office location, department, title etc?

there is solution to create dynamic distribution list, but would need to create dynamic groups.

thanks.
0
Comment
Question by:swisscommerce
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17158936
IMHO unless you are talking about using a third party tool, probably syncing AD with a HR system or the like I can't see that working directly.

I suppose you could write some nifty scripts which do LDAP queries onto the directory or query another database for the details and then re-populate the members of a group on a schedule.

Are the attributes you mention already in AD now?  What do you intend to use the groups for?

Can you get a distribution group with all the correct users into it dynamically already?  In which case maybe a simple script to take all the members of distgroupa and update groupb?
0
 
LVL 26

Expert Comment

by:Pber
ID: 17160044
You can't do this for security groups unless you use a 3rd party tool or scripting as dragon-it mentioned.
0
 

Author Comment

by:swisscommerce
ID: 17160297

1. yes, the attributes are already in AD, such as office first name, last name, email, phone, fax, mobile, title, department, office address, city and country for each user.

2. the groups will be used for multiple web based applications, portals etc that require us to create groups. We are able to create dynamic groups directly from those applications with user attributes taken directly from active directory. But instead of creating one and the same group in each application, we prefer to create the group ONCE in AD and have all applications to use the same group from AD. Makes sense?

right now, AD allows you to create groups, however, the group members needs to be added and updated manually as new employees are added or removed, which is very time consuming for larger number of users.

3. yes, we are able to create dynamic distribution groups with the correct users already. But what script can we use to convert those distribution list to create the groups? even if we can run that script once a day to update the groups, it will do the job.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:swisscommerce
ID: 17160363
or can you recommend any 3rd party that does that?
0
 
LVL 43

Accepted Solution

by:
Steve Knight earned 500 total points
ID: 17161506
I presume these are standard AD dist groups?  In which case you could do something with a scheduled batch file perhaps?

net group "Your Dist List name" should retutn the members of that group
You can use

net group "groupname" /add name to add them to another group.

If you have spaces in some usernames things could be difficult but if you don't this might work, seems OK in my own quick tests.  You could so similar to delete all group members first too.

@echo off
for /f "skip=6 tokens=*" %%A in ('net group "dist group" ^|find /v "command completed"') do call :process %%A
goto end

:process

set fullline=%*

net group "access group" /add %fullline%

:end

To delete group members:

@echo off
for /f "skip=6 tokens=*" %%A in ('net group "access group" ^|find /v "command completed"') do call :process %%A
goto end

:process

set fullline=%*

net group "access group" /delete %fullline%

:end
0
 

Expert Comment

by:super3
ID: 21918902
the NET GROUP command does not return any Dynamic Distribution Groups.

It only returns security groups.


0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question