Auto assign AD Permission to new AD users

By default, each new AD user created receives the "Domain Users" permissions. If a user is in the "Sales" OU, how can i have AD auto assign that user(s) to the "Everyone Sales" group without having to manually add them to that group? I have many OU's where I need the users to be auto assigned the "Everyone XX" group. Can't seem to find a clear answer.
idocinfoAsked:
Who is Participating?
 
Leon AdatoConnect With a Mentor Head GeekCommented:
The link to that SolarWinds toolg:
http://www.solarwinds.com/free-tools/active-directory-admin-tools-bundle/

For what it's worth, you are talking about 3 separate events, and the free tool will really only handle the first:

1) when a new user is added, put them in all the right buckets
2) verify on a regular basis that users in "xx" OUT have "yy" permissions
3) when a user changes groups, update their permissions.

Honestly code is the only way you're going to get where you want to go. And no canned tool is going to have the details or flexibility that you will need in your particular situation.

But a well-crafted set of scripts would be ENORMOUSLY useful in this case, and could be a career-booster. I'd start small with just what you need for this situation, but at the same time have the future goal in mind: a set of scripts which handle Add, Change, and Delete events for your company and can be scheduled to run without human intervention.

Then start building toward that goal.

Good luck!
0
 
ebad-itConnect With a Mentor Commented:
Hi idocinfo,

Have you looked at SolarWinds free bulk import Tool.  Quick google search should find it for you.

Or you could use a VBScript

Option Explicit
Dim strOU, strGroup, strUser, strDNSDomain
Dim objRootLDAP, objGroup, objUser

'  Check these objects referenced by strOU, strGroup exist in strOU
strOU = "OU=Newport,"
strUser = "CN=Len Murray,"
strGroup = "CN=Coal Porters,"

'  Bind to Active Directory and get LDAP name
Set objRootLDAP = GetObject("LDAP://RootDSE")
strDNSDomain = objRootLDAP.Get("DefaultNamingContext")

'  Add (str)User to (str)Group
Set objUser = GetObject("LDAP://"& strUser _
& strOU & strDNSDomain)
Set objGroup = GetObject("LDAP://"& strGroup _
& strDNSDomain)
objGroup.add(objUser.ADsPath)

WScript.Echo "Check " & strOU & " for " & strGroup & " = " & strUser

Wscript.Quit

' End of Group Add VBScript
0
 
idocinfoAuthor Commented:
Thanks!
1
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.