Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Auto assign AD Permission to new AD users

Posted on 2016-09-06
4
Medium Priority
?
36 Views
Last Modified: 2016-10-23
By default, each new AD user created receives the "Domain Users" permissions. If a user is in the "Sales" OU, how can i have AD auto assign that user(s) to the "Everyone Sales" group without having to manually add them to that group? I have many OU's where I need the users to be auto assigned the "Everyone XX" group. Can't seem to find a clear answer.
0
Comment
Question by:idocinfo
3 Comments
 
LVL 3

Assisted Solution

by:ebad-it
ebad-it earned 1000 total points
ID: 41786259
Hi idocinfo,

Have you looked at SolarWinds free bulk import Tool.  Quick google search should find it for you.

Or you could use a VBScript

Option Explicit
Dim strOU, strGroup, strUser, strDNSDomain
Dim objRootLDAP, objGroup, objUser

'  Check these objects referenced by strOU, strGroup exist in strOU
strOU = "OU=Newport,"
strUser = "CN=Len Murray,"
strGroup = "CN=Coal Porters,"

'  Bind to Active Directory and get LDAP name
Set objRootLDAP = GetObject("LDAP://RootDSE")
strDNSDomain = objRootLDAP.Get("DefaultNamingContext")

'  Add (str)User to (str)Group
Set objUser = GetObject("LDAP://"& strUser _
& strOU & strDNSDomain)
Set objGroup = GetObject("LDAP://"& strGroup _
& strDNSDomain)
objGroup.add(objUser.ADsPath)

WScript.Echo "Check " & strOU & " for " & strGroup & " = " & strUser

Wscript.Quit

' End of Group Add VBScript
0
 
LVL 5

Accepted Solution

by:
Leon Adato earned 1000 total points
ID: 41786323
The link to that SolarWinds toolg:
http://www.solarwinds.com/free-tools/active-directory-admin-tools-bundle/

For what it's worth, you are talking about 3 separate events, and the free tool will really only handle the first:

1) when a new user is added, put them in all the right buckets
2) verify on a regular basis that users in "xx" OUT have "yy" permissions
3) when a user changes groups, update their permissions.

Honestly code is the only way you're going to get where you want to go. And no canned tool is going to have the details or flexibility that you will need in your particular situation.

But a well-crafted set of scripts would be ENORMOUSLY useful in this case, and could be a career-booster. I'd start small with just what you need for this situation, but at the same time have the future goal in mind: a set of scripts which handle Add, Change, and Delete events for your company and can be scheduled to run without human intervention.

Then start building toward that goal.

Good luck!
0
 

Author Comment

by:idocinfo
ID: 41787837
Thanks!
1

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question