0 votes

EDIT: Actually, it would be better if I could just add the ownerDN to the groups automatically regardless of the initiator! Would that make it easier?

Hi All,

I have some workflows/Business Rules that create new shared folders with associated security groups that work very well but I want to enhance functionality so that the Initiator of the new folder/group is added as a member of the new group(s) IF they are the manager of those groups.
The powershell that does the creation is on the update of the user and here's the relevant bit:

# Get acl from template folder
$aclObject = Get-Acl $aclTemplateDirectoryPath

# Create a group and set permissions for Reviewers
$groupReviewersSid = CreateGroup $ouDN "$value-Reviewers"`
    "Shared Area - $value - Reviewers" "/SHA BLGEN $value - Reviewers"`
    "7577-$value-RX" $groupType $ownerDN
    UpdateAclObject $aclObject $value $groupReviewersSid "ReadAndExecute"

# Create a group and set permissions for Editors
$groupEditorsSid = CreateGroup $ouDN "$value-Editors"`
    "Shared Area - $value - Editors" "/SHA BLGEN $value - Editors"`
    "7577-$value-RWXD" $groupType $ownerDN
    UpdateAclObject $aclObject $value $groupEditorsSid "Modify"  

# Update acl for the new directory
Set-Acl $directory.FullName -AclObject $aclObject

So, if the Initiator = $ownerDN can the Initiator be added automatically?
Another wrinkle is that I have a business rule that asks for approval for users being added to groups, can this request bypass that?

Thanks
John.

by (840 points)

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello John,

For this purpose, you need to modify the CreateGroup function used in your script. Find below the function modified per requirements. We've added the following lines:

    # Add Owner to group
    $group.Add("Adaxes://$ownerDN")

Complete function:

# Function to create groups
function CreateGroup($ouDN, $name, $description, $displayName, $sAMAccountName, $groupType, $ownerDN)
{
    $ou = $Context.BindToObjectByDN($ouDN)
    $group = $ou.Create("group", "CN=$name")
    $group.Put("description", $description)
    $group.Put("displayName", $displayName)
    $group.Put("sAMAccountName", $sAMAccountName)
    $group.Put("groupType", [int]$groupType)
    $group.Put("managedBy", $ownerDN)
    $group.SetInfo()

    # Add Owner to group
    $group.Add("Adaxes://$ownerDN")

    $groupSid = $group.Get("objectSid")
    return ,$groupSid
}
0

Great, that all seems to work fine.

Thanks for your reply , much appreciated.

Related questions

0 votes
1 answer

I'm currently writing an "After User Creation" rule and I have a PowerShell script that adds the newly created, on-premises synced user to a handful of cloud ... powershell cmdlet that fails. I need to use PowerShell for the additional condtional flexibility.

asked Dec 13 by smcfarland (60 points)
0 votes
1 answer

Hi Guys, You probably already met with a similar problem in your organization. Communications Department has dozens of distribution groups, that need to be updtaed base on some ... do the job. Maybe you can share some better solution to achieve same goal.

asked Mar 9, 2015 by axmaster (510 points)
0 votes
1 answer

How can I create a script that does these things For internal audit. objective Even removing all groups of a disconnected user, we will still know which groups the ... in the created group (audit)-sAMAccountName-access add the (user)-sAMAccountName in members

asked Jul 2, 2022 by alancardoso (40 points)
0 votes
1 answer

I noticed that I get an error when I execute the "https://www.adaxes.com/script-repository/add-user-to-groups-in-microsoft-365-s578.htm, Add user to groups in Microsoft ... target address) Since it takes so long to sync, I cannot automate the above steps.

asked May 25, 2022 by Tfarmer (160 points)
0 votes
1 answer

Our Help Desk currently 'mirrors' the group membership of a new user based on another existing user in our AD. I'd like to be able to automate this so that the initiator ... and 'paste' it on the new user being created. Any help on this would be appreciated!

asked Apr 21, 2020 by RayBilyk (240 points)
3,589 questions
3,278 answers
8,303 comments
548,122 users