alohadin
asked on
Powershell - Group membership with mapping table
Hi,
I have a list of users that need to be added to a a security group in AD depending on some kind of mapping table.
Mapping table example:
Gender, Department, Security Group
M, HR, Group 1
F, HR, Group2
M, Finance, Group 3
F, Finance, Group 4
etc...
Note: This is just an example
So I have a list of users where I can read the gender en department from the object and I need to add them to a corresponding group according to the mapping table.
If this mapping table is changed, the group membership should changed dinamically.
What would be the easiest approach fir this?
I don't like to have a lot of if statements as the mapping table is very big.
Thanks
I have a list of users that need to be added to a a security group in AD depending on some kind of mapping table.
Mapping table example:
Gender, Department, Security Group
M, HR, Group 1
F, HR, Group2
M, Finance, Group 3
F, Finance, Group 4
etc...
Note: This is just an example
So I have a list of users where I can read the gender en department from the object and I need to add them to a corresponding group according to the mapping table.
If this mapping table is changed, the group membership should changed dinamically.
What would be the easiest approach fir this?
I don't like to have a lot of if statements as the mapping table is very big.
Thanks
The way I am reading this it would not be very easy or efficient to accommodate this.
If I am reading this question correctly, you have a list of
Gender, Department, Security Group
M, HR, Group 1
F, HR, Group2
M, Finance, Group 3
F, Finance, Group 4
etc...
and you want to be able to make modifications to that "list" and it dynamically change the attributes for that user/s in Active Directory?
Please confirm this.
If I am reading this question correctly, you have a list of
Gender, Department, Security Group
M, HR, Group 1
F, HR, Group2
M, Finance, Group 3
F, Finance, Group 4
etc...
and you want to be able to make modifications to that "list" and it dynamically change the attributes for that user/s in Active Directory?
Please confirm this.
ASKER
Ok, it would go like this:
Get all users from AD.
In the user objects I read the gender and department attributes.
If (Gender = F -and Department=HR){
Ad user to AD Group "Group2"
}
and so on...
The mapping table basically defines in which security group the user would be added depending on Gender and Department.
If that mapping table changes in a couple of months (e.g. a new Department is introduced or a condition is changed), the script should add the users to the groups according to the new mapping table
Get all users from AD.
In the user objects I read the gender and department attributes.
If (Gender = F -and Department=HR){
Ad user to AD Group "Group2"
}
and so on...
The mapping table basically defines in which security group the user would be added depending on Gender and Department.
If that mapping table changes in a couple of months (e.g. a new Department is introduced or a condition is changed), the script should add the users to the groups according to the new mapping table
I would suggest you a gig for this.
ASKER
Nah, I already figured it out.
I combined the columns Gender and Department into one so I wold have two columns then converted it to a hashtable and used that for lookup.
I'll post the script when it's finished.
Still have a couple of things to change.
I combined the columns Gender and Department into one so I wold have two columns then converted it to a hashtable and used that for lookup.
I'll post the script when it's finished.
Still have a couple of things to change.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
footech,
This works perfectly.
I just tested it and it works perfectly fine!
Never thought of using the compare-object cmdlet
Thank you
This works perfectly.
I just tested it and it works perfectly fine!
Never thought of using the compare-object cmdlet
Thank you
Glad it works.
The method you mentioned of combining the two columns so that you essentially have unique values that you can use as keys in a hashtable is also a good one.
The method you mentioned of combining the two columns so that you essentially have unique values that you can use as keys in a hashtable is also a good one.
So the process would be?
Take the name of the people somewhere and get the mapping table finally do the Add/remove from groups?
I mean that table is for all users? (since they have different genders)... ? the problem is not clear try to reformulate your question.
Jose.