Adaxes

Assign a group in Active Directory based on a users "Office" and "Description"

0 votes

Hi we are trying to add users to a group based on the values of their "Office" and "Description" attributes within Active Directory.

We have populated the below script to search a defined hashtable for the values however this doesn't seem to be populating the results we are after.

All advice welcome!

Import-Module Adaxes

$officeDescriptionToGroup = @{ "Site1-Job1" = "CN=ROLE_Test1,OU=Site1,OU=Site,OU=Domain Role Groups,DC=company,DC=com" "Site2-Job2" = "CN=ROLE_Test2,OU=Site2,OU=Site,OU=Domain Role Groups,DC=company,DC=com"

}

$userOffice = $Context.TargetObject.OfficeLocations $userDescription = $Context.TargetObject.Description $combination = "$userOffice-$userDescription"

if ($officeDescriptionToGroup.ContainsKey($combination)) {

$groupDN = $officeDescriptionToGroup[$combination] $userObject = Get-AdmUser -Filter { Name -eq $Context.TargetObject.Name }

if ($userObject -ne $null) { Add-AdmGroupMember -DN $groupDN -Members $userObject $Context.LogMessage("User $($Context.TargetObject.Name) added to group $groupDN.") } else { $Context.LogMessage("Error: User $($Context.TargetObject.Name) not found.")

} }

else { $Context.LogMessage("No matching criteria found for User $($Context.TargetObject.Name).") }

by (20 points)

1 Answer

0 votes
by (272k points)

Hello,

First of all, you can make the groups rule-based. As a result, no scripts will be required to adjust membership. For details, see section Rule-based groups of the following tutorial: https://www.adaxes.com/help/AddUsersToGroupsByDepartment/#dynamicgroups.

If you still want to use a script, have a look at the following one from our repository: https://www.adaxes.com/script-repository/update-group-membership-based-on-two-properties-s510.htm.

Related questions

0 votes
1 answer
Report showing users who are inactive in both our on-premise Active Directory and Azure Active Directory?

We manage employee user accounts in our on-premise Active Directory and synchronize them to Azure Active Directory using Azure AD Connect. We'd like to be able to generate ... if this is possible so we can easily identify user accounts that are truly inactive.

asked May 9, 2023 by RickWaukCo (320 points)
0 votes
1 answer
disable user based on a dropped file and change description.

Forgive me if this topic has been discussed elsewhere i searched and didn't find anything. What I would like to have adaxes do is on a nightly basis 1. go to a folder it ... disabled by adaxes $date" } Is this possible #4 eludes me a bit. Thank you in advance.

asked Jun 19, 2018 by dexion11 (50 points)
0 votes
1 answer
Assign user to a single security group among ones contained in a OU

Hello, We would like to implement a form / extend one where a user (eventually created before) is made member of a security group defining his/her role, and ... guarantee the membership to a single role? Apologize if the question seems convoluted. Thanks!

asked Jun 6, 2023 by IT Division (20 points)
0 votes
1 answer
Add user to a group based on a custom field

Is it possible to add a user to a group based on hardware ? There are users with a Windows device and a MacOS device. I want to be able to choose this when ... the user via Adaxes and automatically link them to a specific group based on the chosen hardware.

asked Apr 16 by Cas (150 points)
0 votes
1 answer
Auto-Add/Remove to a Security Group Based on an AD Attribute

Is it possible to script having users added (or removed) from a Security Group based on another AD Attribute? I have found ways to do this in Powershell (something like): ... just utilize the PS script and just run it through Adaxes on a timed fashion? Thanks!

asked Oct 7, 2014 by PunkinDonuts (360 points)
3,351 questions
3,052 answers
7,791 comments
545,091 users