I would like to be able to have user automatically put into a group based on the OU to which they belong. I've been looking into this, but there appears to be no easy way to do it. I was able to do it with a PS command something like this: dsquery user "Ou=X, dc=x," ... then pipe that to a dsmod command - dsmod group "cn=groupname,ou=x,dc=x" -addmbr That works one time. However on subsequent runs of that command, like it would be in a logon script for example, it returnds the error message that dsmod failed because the specifed account name is already a member of that group. I see there is a -c switch that is supposed to contine on error messages, but I can't seem to make it work. Does anyone know of a better way to accomplish this or a fix to my command to allow this to run more than one time? Thank you.

>>>I would like to be able to have user automatically put into a group based on the OU to which they belong. automatically? has several meanings. Daily/weekly scheduled task, or upon user creation, or simply a one time script you run that does this for you??? The best approach for this is really a script that does this once for you, just to get your groups initially populated, then upon new user creation you use a User Template or an internally defined process where and administrators manually adds (or runs a simple script) the user to the appropriate groups. If you are trying to simplify your daily administration, i think your approach is the wrong one..there is no reason to continually add users over and over again to the same group. User Template works best after the groups are populated. A simplier script would be to take as input only ONE user's account DN (distiguished name...cn=user,ou=myou,dc=domain), and then based on the DN, your script adds that one user to the appropriate group. Your script would need to know which groups go with which OU, this is a simple relationship stored in the script.

That does make sense. I was hoping for something like a dynamic group in Exchange, but the template account would also work well. I think that is a better option. Thank you.