Solved

Auto assign AD Permission to new AD users

Posted on 2016-09-06
4
29 Views
Last Modified: 2016-10-23
By default, each new AD user created receives the "Domain Users" permissions. If a user is in the "Sales" OU, how can i have AD auto assign that user(s) to the "Everyone Sales" group without having to manually add them to that group? I have many OU's where I need the users to be auto assigned the "Everyone XX" group. Can't seem to find a clear answer.
0
Comment
Question by:idocinfo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 3

Assisted Solution

by:ebad-it
ebad-it earned 250 total points
ID: 41786259
Hi idocinfo,

Have you looked at SolarWinds free bulk import Tool.  Quick google search should find it for you.

Or you could use a VBScript

Option Explicit
Dim strOU, strGroup, strUser, strDNSDomain
Dim objRootLDAP, objGroup, objUser

'  Check these objects referenced by strOU, strGroup exist in strOU
strOU = "OU=Newport,"
strUser = "CN=Len Murray,"
strGroup = "CN=Coal Porters,"

'  Bind to Active Directory and get LDAP name
Set objRootLDAP = GetObject("LDAP://RootDSE")
strDNSDomain = objRootLDAP.Get("DefaultNamingContext")

'  Add (str)User to (str)Group
Set objUser = GetObject("LDAP://"& strUser _
& strOU & strDNSDomain)
Set objGroup = GetObject("LDAP://"& strGroup _
& strDNSDomain)
objGroup.add(objUser.ADsPath)

WScript.Echo "Check " & strOU & " for " & strGroup & " = " & strUser

Wscript.Quit

' End of Group Add VBScript
0
 
LVL 5

Accepted Solution

by:
Leon Adato earned 250 total points
ID: 41786323
The link to that SolarWinds toolg:
http://www.solarwinds.com/free-tools/active-directory-admin-tools-bundle/

For what it's worth, you are talking about 3 separate events, and the free tool will really only handle the first:

1) when a new user is added, put them in all the right buckets
2) verify on a regular basis that users in "xx" OUT have "yy" permissions
3) when a user changes groups, update their permissions.

Honestly code is the only way you're going to get where you want to go. And no canned tool is going to have the details or flexibility that you will need in your particular situation.

But a well-crafted set of scripts would be ENORMOUSLY useful in this case, and could be a career-booster. I'd start small with just what you need for this situation, but at the same time have the future goal in mind: a set of scripts which handle Add, Change, and Delete events for your company and can be scheduled to run without human intervention.

Then start building toward that goal.

Good luck!
0
 

Author Comment

by:idocinfo
ID: 41787837
Thanks!
1

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question