Solved

Auto assign AD Permission to new AD users

Posted on 2016-09-06
4
26 Views
Last Modified: 2016-10-23
By default, each new AD user created receives the "Domain Users" permissions. If a user is in the "Sales" OU, how can i have AD auto assign that user(s) to the "Everyone Sales" group without having to manually add them to that group? I have many OU's where I need the users to be auto assigned the "Everyone XX" group. Can't seem to find a clear answer.
0
Comment
Question by:idocinfo
4 Comments
 
LVL 3

Assisted Solution

by:ebad-it
ebad-it earned 250 total points
ID: 41786259
Hi idocinfo,

Have you looked at SolarWinds free bulk import Tool.  Quick google search should find it for you.

Or you could use a VBScript

Option Explicit
Dim strOU, strGroup, strUser, strDNSDomain
Dim objRootLDAP, objGroup, objUser

'  Check these objects referenced by strOU, strGroup exist in strOU
strOU = "OU=Newport,"
strUser = "CN=Len Murray,"
strGroup = "CN=Coal Porters,"

'  Bind to Active Directory and get LDAP name
Set objRootLDAP = GetObject("LDAP://RootDSE")
strDNSDomain = objRootLDAP.Get("DefaultNamingContext")

'  Add (str)User to (str)Group
Set objUser = GetObject("LDAP://"& strUser _
& strOU & strDNSDomain)
Set objGroup = GetObject("LDAP://"& strGroup _
& strDNSDomain)
objGroup.add(objUser.ADsPath)

WScript.Echo "Check " & strOU & " for " & strGroup & " = " & strUser

Wscript.Quit

' End of Group Add VBScript
0
 
LVL 5

Accepted Solution

by:
Leon Adato earned 250 total points
ID: 41786323
The link to that SolarWinds toolg:
http://www.solarwinds.com/free-tools/active-directory-admin-tools-bundle/

For what it's worth, you are talking about 3 separate events, and the free tool will really only handle the first:

1) when a new user is added, put them in all the right buckets
2) verify on a regular basis that users in "xx" OUT have "yy" permissions
3) when a user changes groups, update their permissions.

Honestly code is the only way you're going to get where you want to go. And no canned tool is going to have the details or flexibility that you will need in your particular situation.

But a well-crafted set of scripts would be ENORMOUSLY useful in this case, and could be a career-booster. I'd start small with just what you need for this situation, but at the same time have the future goal in mind: a set of scripts which handle Add, Change, and Delete events for your company and can be scheduled to run without human intervention.

Then start building toward that goal.

Good luck!
0
 

Author Comment

by:idocinfo
ID: 41787837
Thanks!
1

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This article runs through the process of deploying a single EXE application selectively to a group of user.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question