How to change membership in groups based on attributes of users in AD automatically

Written by on Wednesday, February 27, 2008 5:18 - 0 Comments

If your company has a complicated structure, you may need to filter members of your security or distribution groups automatically based on changes to some attribute of users in Active Directory – let’s say Department.

If your company has a complicated structure, you may need to filter members of your security or distribution groups automatically based on changes to some attribute of users in Active Directory – let’s say Department.

There is a simple way how to do it: create a grp.txt file whose content would be names of departments, and second a changemembership.bat file in the same path, where inside would be:

FOR /F %%i in (grp.txt) do dsquery * domainroot -filter “(&(objectCategory=user)(department=%%i))” | dsmod group “CN=%%i,ou=Distribution Lists,dc=yourdomain,dc=com”

chmbr Prerequisities: your group name must be the same as name of your department (customize rest of CN path as you require), or you need to think another way to associate your users with groups. I want just to show you the capability of AD in right usage.

Article written by MyComputerAid.com



Leave a Reply

You must be logged in to post a comment.

2003 server - Sep 30, 2008 22:34 - 0 Comments

instant messaging srv records

More In Computers & PC


Microsoft Outlook - Mar 22, 2009 11:22 - 0 Comments

Outlook: Duplicates in Mailbox

More In Computers & PC