dougdog
asked on
Dynamic Security Groups In AD
is it possible to create dynamic security groups in AD based on say extensionattribute1?
i need to create a group and have it automatically populated
i need to create a group and have it automatically populated
Unfortunately this is only viable for distribution groups
I haven't done it, but what should work: create a script and have it run on your DC every x minutes using a scheduled task.
The powershell script would read that attribute for all user objects and i present or if set to a defined value, add that user to the group if not already in it.
Will work, but don't ask me for the syntax.
The powershell script would read that attribute for all user objects and i present or if set to a defined value, add that user to the group if not already in it.
Will work, but don't ask me for the syntax.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I liked Peter's method, but there is one caveat that needs to be aware of. Security groups will not apply until you logoff and back on.
So if you changed a users attributes and they are added to the group via the Powershell and Schedule task the computer that they are on will not know they are part of that group until they logon again.
So if you changed a users attributes and they are added to the group via the Powershell and Schedule task the computer that they are on will not know they are part of that group until they logon again.
But that will apply to methods.
As if I hadn't suggested the same right before :-)