Technology Tips and News
The use case for this is something like
Group: Women
Members: Jenny, Kim, Mary
Group: Managers
Members: Kim, Mary, Bob, John
Group: Women Managers
Members: (Managers INTERSECT Women)
The goal is to simplify management, so groups don't get stale as easily with a sensible inclusion hierarchy. If there is no support for this out-of-the-box, what would be a good scriptable solution?
Hi ,
Sorry , could you please explain me little bit more on this case.
There is no out-of-box support. You can use dynamic distribution group as such,
There is no out-of-box support. You can use dynamic distribution group as such,
Take a look at this PowerShell code. It will do what you want.
Import-Module ActiveDirectory
$groups = "women","managers"
$targetGroup = "Women Managers"
$users = Get-ADUser -Properties MemberOf -Filter *
foreach($user in $users)
{
if($user.MemberOf -match (Get-ADGroup $groups[0]).DistinguishedName -and $user.MemberOf -match (Get-ADGroup $groups[1]).DistinguishedName)
{
Add-ADGroupMember -Identity $targetGroup -Members $user -ErrorAction SilentlyContinue
}
}
Let me know if this answers your question.
Thanks.
You can use dynamic distribution groups to have members who are in a particular recipient container, department, company or state/province but this won't allow you to figure out which users are members of two groups and add them to a group.
You can schedule my script to run every hour or so, depending on how many users you have and AD replication traffic etc.
If you just want to ensure that groups don't contain old members then you can use dynamic distribution groups based on OUs so all users in the finance OU will be members of the finance group. This does mean that you need to ensure that disabled/old users are moved out of the OU.
Let me know if this answers your question.
This topic is archived. No further replies will be accepted.
Other recent topics
Click here to get your free copy of Network Administrator. Over 25 plugins to make your life easier