Adaxes

[SOLVED] Add Initiator to a new group automatically.

0 votes

EDIT: Actually, it would be better if I could just add the ownerDN to the groups automatically regardless of the initiator! Would that make it easier?

Hi All,

I have some workflows/Business Rules that create new shared folders with associated security groups that work very well but I want to enhance functionality so that the Initiator of the new folder/group is added as a member of the new group(s) IF they are the manager of those groups.
The powershell that does the creation is on the update of the user and here's the relevant bit:

# Get acl from template folder
$aclObject = Get-Acl $aclTemplateDirectoryPath

# Create a group and set permissions for Reviewers
$groupReviewersSid = CreateGroup $ouDN "$value-Reviewers"`
    "Shared Area - $value - Reviewers" "/SHA BLGEN $value - Reviewers"`
    "7577-$value-RX" $groupType $ownerDN
    UpdateAclObject $aclObject $value $groupReviewersSid "ReadAndExecute"

# Create a group and set permissions for Editors
$groupEditorsSid = CreateGroup $ouDN "$value-Editors"`
    "Shared Area - $value - Editors" "/SHA BLGEN $value - Editors"`
    "7577-$value-RWXD" $groupType $ownerDN
    UpdateAclObject $aclObject $value $groupEditorsSid "Modify"  

# Update acl for the new directory
Set-Acl $directory.FullName -AclObject $aclObject

So, if the Initiator = $ownerDN can the Initiator be added automatically?
Another wrinkle is that I have a business rule that asks for approval for users being added to groups, can this request bypass that?

Thanks
John.

by (840 points)

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello John,

For this purpose, you need to modify the CreateGroup function used in your script. Find below the function modified per requirements. We've added the following lines:

    # Add Owner to group
    $group.Add("Adaxes://$ownerDN")

Complete function: 

# Function to create groups
function CreateGroup($ouDN, $name, $description, $displayName, $sAMAccountName, $groupType, $ownerDN)
{
    $ou = $Context.BindToObjectByDN($ouDN)
    $group = $ou.Create("group", "CN=$name")
    $group.Put("description", $description)
    $group.Put("displayName", $displayName)
    $group.Put("sAMAccountName", $sAMAccountName)
    $group.Put("groupType", [int]$groupType)
    $group.Put("managedBy", $ownerDN)
    $group.SetInfo()

    # Add Owner to group
    $group.Add("Adaxes://$ownerDN")

    $groupSid = $group.Get("objectSid")
    return ,$groupSid
}
0

Great, that all seems to work fine.

Thanks for your reply , much appreciated.

by (840 points)

Related questions

0 votes
1 answer
[SOLVED]How to add a large bunch of users to several groups.

Hi Guys, You probably already met with a similar problem in your organization. Communications Department has dozens of distribution groups, that need to be updtaed base on some ... do the job. Maybe you can share some better solution to achieve same goal.

asked Mar 9, 2015 by axmaster (510 points)
0 votes
1 answer
Copy all groups of a user, create a new group add the groups copied in this group

How can I create a script that does these things For internal audit. objective Even removing all groups of a disconnected user, we will still know which groups the ... in the created group (audit)-sAMAccountName-access add the (user)-sAMAccountName in members

asked Jul 2, 2022 by alancardoso (40 points)
0 votes
1 answer
Add to 365 group automation for new account creations

I noticed that I get an error when I execute the "https://www.adaxes.com/script-repository/add-user-to-groups-in-microsoft-365-s578.htm, Add user to groups in Microsoft ... target address) Since it takes so long to sync, I cannot automate the above steps.

asked May 25, 2022 by Tfarmer (160 points)
0 votes
1 answer
Is there a way to copy group membership of selected user and make a new user a member of those same groups?

Our Help Desk currently 'mirrors' the group membership of a new user based on another existing user in our AD. I'd like to be able to automate this so that the initiator ... and 'paste' it on the new user being created. Any help on this would be appreciated!

asked Apr 21, 2020 by RayBilyk (240 points)
0 votes
1 answer
Error Trying To Create A New Group

Trying to create a new group and getting the following error: "The name reference is invalid. (Server: example.com)" I've created groups before...the problem seems to have just ... a new Group object. It has me puzzled so I'm looking for some direction...

asked Feb 28, 2014 by RickWaukCo (320 points)
3,549 questions
3,240 answers
8,232 comments
547,814 users