Adaxes

Assign a group in Active Directory based on a users "Office" and "Description"

0 votes

Hi we are trying to add users to a group based on the values of their "Office" and "Description" attributes within Active Directory.

We have populated the below script to search a defined hashtable for the values however this doesn't seem to be populating the results we are after.

All advice welcome!

Import-Module Adaxes

$officeDescriptionToGroup = @{ "Site1-Job1" = "CN=ROLE_Test1,OU=Site1,OU=Site,OU=Domain Role Groups,DC=company,DC=com" "Site2-Job2" = "CN=ROLE_Test2,OU=Site2,OU=Site,OU=Domain Role Groups,DC=company,DC=com"

}

$userOffice = $Context.TargetObject.OfficeLocations $userDescription = $Context.TargetObject.Description $combination = "$userOffice-$userDescription"

if ($officeDescriptionToGroup.ContainsKey($combination)) {

$groupDN = $officeDescriptionToGroup[$combination] $userObject = Get-AdmUser -Filter { Name -eq $Context.TargetObject.Name }

if ($userObject -ne $null) { Add-AdmGroupMember -DN $groupDN -Members $userObject $Context.LogMessage("User $($Context.TargetObject.Name) added to group $groupDN.") } else { $Context.LogMessage("Error: User $($Context.TargetObject.Name) not found.")

} }

else { $Context.LogMessage("No matching criteria found for User $($Context.TargetObject.Name).") }

by (20 points)

1 Answer

0 votes
by (299k points)

Hello,

First of all, you can make the groups rule-based. As a result, no scripts will be required to adjust membership. For details, see section Rule-based groups of the following tutorial: https://www.adaxes.com/help/AddUsersToGroupsByDepartment/#dynamicgroups.

If you still want to use a script, have a look at the following one from our repository: https://www.adaxes.com/script-repository/update-group-membership-based-on-two-properties-s510.htm.

Related questions

0 votes
1 answer
Report showing users who are inactive in both our on-premise Active Directory and Azure Active Directory?

We manage employee user accounts in our on-premise Active Directory and synchronize them to Azure Active Directory using Azure AD Connect. We'd like to be able to generate ... if this is possible so we can easily identify user accounts that are truly inactive.

asked May 9, 2023 by RickWaukCo (320 points)
0 votes
1 answer
disable user based on a dropped file and change description.

Forgive me if this topic has been discussed elsewhere i searched and didn't find anything. What I would like to have adaxes do is on a nightly basis 1. go to a folder it ... disabled by adaxes $date" } Is this possible #4 eludes me a bit. Thank you in advance.

asked Jun 19, 2018 by dexion11 (50 points)
0 votes
1 answer
mail notification when a new Active-Directory Group Security is created on a specific Organization Unit

Hello, I want to get a mail notification when a new Active-Directory Group Security is created on a specific Organization Unit. When an AD admin create a Local group security ... administrator about this new group. Is there a way to implement that on Adaxes ?

asked Feb 11 by wrobin68 (40 points)
0 votes
1 answer
Create a business Unit to auto populate based on group owners in a specific OU

Is it possible to create a business unit and have it auto populate with group owners in a specific OU. I've tried a few scripts to get propertie adm-managedbylist but none have worked so far.

asked Nov 18, 2024 by C27 (20 points)
0 votes
1 answer
How does this work for a hybrid setup where Active Directory Users with Entra Connect Sync are synced to Entra?

Is there a comparison between the OnPrem user object and Entra user object in the built-in condition? Which determines the most recent inactivity from both environments. Or should a choice be made between the OnPrem domain or Entra based on the Activity scope?

asked Dec 13, 2024 by IwistIT (40 points)
3,634 questions
3,322 answers
8,398 comments
548,787 users