Link to home
Start Free TrialLog in
Avatar of jdouthit
jdouthitFlag for United States of America

asked on

Is it possible to create a Dynamic Security Group in Active Directory 2008?

I know you can create a dynamic distribution group, but is it possible to create a dynamic security group?  I'd like to create a security group that when a user is added to a specific OU they are also added to a specific security group.
ASKER CERTIFIED SOLUTION
Avatar of Joseph Moody
Joseph Moody
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial

Blimey that's a lot of lines of code...

The short answer is no, you can't create a dynamic security group. Security group membership needs to be static, it would require a lot of rewriting of the domain security sub-system to permit truly dynamic lists.

That means using a script like the one above, although you could do it in 50 lines of VbScript rather than 300, and considerably less using PowerShell :)

Chris
Avatar of jdouthit

ASKER

I forgot to mention that I have OU's inside OU's.  How would I enter that type of data in the code?  For example, I have Corporate Offices as an OU and then 4 different OU's based off of locations under that OU.
aSearchOUs = Array("ou=employees,ou=people,dc=contoso,dc=com", "ou=contractors,ou=people,dc=contoso,dc=com")

Change line 40 how you want it. Just keep adding commas for each OU under the sub ou using the syntax above.
I modified that section of code and attempted to run it.  I receive an error message.

Script: C:\Group_Shadow.vbs
Line: 340
Char: 3
Error: Table does not exist.
Code: 80040E37
Source: Provider