Solved

Auto assign AD Permission to new AD users

Posted on 2016-09-06
4
28 Views
Last Modified: 2016-10-23
By default, each new AD user created receives the "Domain Users" permissions. If a user is in the "Sales" OU, how can i have AD auto assign that user(s) to the "Everyone Sales" group without having to manually add them to that group? I have many OU's where I need the users to be auto assigned the "Everyone XX" group. Can't seem to find a clear answer.
0
Comment
Question by:idocinfo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 3

Assisted Solution

by:ebad-it
ebad-it earned 250 total points
ID: 41786259
Hi idocinfo,

Have you looked at SolarWinds free bulk import Tool.  Quick google search should find it for you.

Or you could use a VBScript

Option Explicit
Dim strOU, strGroup, strUser, strDNSDomain
Dim objRootLDAP, objGroup, objUser

'  Check these objects referenced by strOU, strGroup exist in strOU
strOU = "OU=Newport,"
strUser = "CN=Len Murray,"
strGroup = "CN=Coal Porters,"

'  Bind to Active Directory and get LDAP name
Set objRootLDAP = GetObject("LDAP://RootDSE")
strDNSDomain = objRootLDAP.Get("DefaultNamingContext")

'  Add (str)User to (str)Group
Set objUser = GetObject("LDAP://"& strUser _
& strOU & strDNSDomain)
Set objGroup = GetObject("LDAP://"& strGroup _
& strDNSDomain)
objGroup.add(objUser.ADsPath)

WScript.Echo "Check " & strOU & " for " & strGroup & " = " & strUser

Wscript.Quit

' End of Group Add VBScript
0
 
LVL 5

Accepted Solution

by:
Leon Adato earned 250 total points
ID: 41786323
The link to that SolarWinds toolg:
http://www.solarwinds.com/free-tools/active-directory-admin-tools-bundle/

For what it's worth, you are talking about 3 separate events, and the free tool will really only handle the first:

1) when a new user is added, put them in all the right buckets
2) verify on a regular basis that users in "xx" OUT have "yy" permissions
3) when a user changes groups, update their permissions.

Honestly code is the only way you're going to get where you want to go. And no canned tool is going to have the details or flexibility that you will need in your particular situation.

But a well-crafted set of scripts would be ENORMOUSLY useful in this case, and could be a career-booster. I'd start small with just what you need for this situation, but at the same time have the future goal in mind: a set of scripts which handle Add, Change, and Delete events for your company and can be scheduled to run without human intervention.

Then start building toward that goal.

Good luck!
0
 

Author Comment

by:idocinfo
ID: 41787837
Thanks!
1

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The following article is comprised of the pearls we have garnered deploying virtualization solutions since Virtual Server 2005 and subsequent 2008 RTM+ Hyper-V in standalone and clustered environments.
A hard and fast method for reducing Active Directory Administrators members.
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question