jdouthit
asked on
Is it possible to create a Dynamic Security Group in Active Directory 2008?
I know you can create a dynamic distribution group, but is it possible to create a dynamic security group? I'd like to create a security group that when a user is added to a specific OU they are also added to a specific security group.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I forgot to mention that I have OU's inside OU's. How would I enter that type of data in the code? For example, I have Corporate Offices as an OU and then 4 different OU's based off of locations under that OU.
aSearchOUs = Array("ou=employees,ou=peo ple,dc=con toso,dc=co m", "ou=contractors,ou=people, dc=contoso ,dc=com")
Change line 40 how you want it. Just keep adding commas for each OU under the sub ou using the syntax above.
Change line 40 how you want it. Just keep adding commas for each OU under the sub ou using the syntax above.
ASKER
I modified that section of code and attempted to run it. I receive an error message.
Script: C:\Group_Shadow.vbs
Line: 340
Char: 3
Error: Table does not exist.
Code: 80040E37
Source: Provider
Script: C:\Group_Shadow.vbs
Line: 340
Char: 3
Error: Table does not exist.
Code: 80040E37
Source: Provider
Blimey that's a lot of lines of code...
The short answer is no, you can't create a dynamic security group. Security group membership needs to be static, it would require a lot of rewriting of the domain security sub-system to permit truly dynamic lists.
That means using a script like the one above, although you could do it in 50 lines of VbScript rather than 300, and considerably less using PowerShell :)
Chris