Mar 20 2019
03:23 AM
- last edited on
Jan 14 2022
05:20 PM
by
TechCommunityAP
Mar 20 2019
03:23 AM
- last edited on
Jan 14 2022
05:20 PM
by
TechCommunityAP
How to create a dynamic security group in on-premises active directory to use it across on-premises sharepoint?
Jul 09 2019 05:29 AM
@Vinoth_Azure There are no Dynamic Security Groups in Active Directory.
In order to accomplish this, I think the most viable option would be a Powershell script determining who are in the given OU/Group and updating the security group accordingly, maybe something like this:
Import-Module ActiveDirectory
$groupname = PseudoDynamicGroup
$users = Get-ADUser -Filter * -SearchBase "ou=desiredUsers,dc=domain,dc=tld"
$users = Get-ADGroupMember -Identity "GroupName"
foreach($user in $users)
{
Add-ADGroupMember -Identity $groupname -Member $user.samaccountname -ErrorAction SilentlyContinue
}
$members = Get-ADGroupMember -Identity $groupname
foreach($member in $members)
{
if($member.distinguishedname -notlike "*ou=desiredUsers,dc=domain,dc=tld*")
{
Remove-ADGroupMember -Identity $groupname -Member $member.samaccountname
}
}
Kind regards,
Viktor
Jul 16 2019 01:38 PM - edited Jul 16 2019 02:00 PM
@Viktor Hedberg & @Vinoth_Azure
You're incorrect. There are Dynamic Security groups in AD. You can achieve this through LDIFDE. To note, Dynamic Groups have an expiration date done by minutes and after the time expires it will delete itself; also users must be manually added not dynamically. To achieve the dynamic security groups it would be best to do a
Function DynamicGroup($Group, $User)
{
if(!(Get-ADGroupMember -Identity $group | ?{$_.name -eq $User}))
{
Add-ADGroupMember -Identity $group -Members $User -Server $DomainController
}
else
{
Write-Output "The user: $User is already in the $group"
}
}