Forum Discussion
Active Directory Dynamic Security Group creation
How to create a dynamic security group in on-premises active directory to use it across on-premises sharepoint?
2 Replies
Vinoth_Azure There are no Dynamic Security Groups in Active Directory.
In order to accomplish this, I think the most viable option would be a Powershell script determining who are in the given OU/Group and updating the security group accordingly, maybe something like this:
Import-Module ActiveDirectory
$groupname = PseudoDynamicGroup
$users = Get-ADUser -Filter * -SearchBase "ou=desiredUsers,dc=domain,dc=tld"$users = Get-ADGroupMember -Identity "GroupName"
foreach($user in $users)
{
Add-ADGroupMember -Identity $groupname -Member $user.samaccountname -ErrorAction SilentlyContinue
}
$members = Get-ADGroupMember -Identity $groupname
foreach($member in $members)
{
if($member.distinguishedname -notlike "*ou=desiredUsers,dc=domain,dc=tld*")
{
Remove-ADGroupMember -Identity $groupname -Member $member.samaccountname
}
}Kind regards,
Viktor
You're incorrect. There are Dynamic Security groups in AD. You can achieve this through LDIFDE. To note, Dynamic Groups have an expiration date done by minutes and after the time expires it will delete itself; also users must be manually added not dynamically. To achieve the dynamic security groups it would be best to do a
Function DynamicGroup($Group, $User)
{
if(!(Get-ADGroupMember -Identity $group | ?{$_.name -eq $User}))
{
Add-ADGroupMember -Identity $group -Members $User -Server $DomainController
}
else
{
Write-Output "The user: $User is already in the $group"
}
}
