We have a cloud app which can not use nested groups, and apparently doesn't like the Dynamic rules in Azure either. So I'd like to build the groups in AD and sync it to Azure, this is confimed working.
So basically to keep the group updated, I plan on running a scheduled task. This takes a bit to run through all my users, so if there's a better way, then please let me know.
- Add it to the group if your part of the department
- Add it to the group if you have the Extension 1 Attribute
- Remove from the group if neither are true.
If the user is a member of the 'DEP-Accounting (domain.com\Groups\User Department Branch Groups)' group then
Add the user to the 'DTS-TEST-AUDT (domain.com\Groups\APP Security Groups\DTS)' group
If the 'Extension Attribute 1' property equals 'AUDT' then
Add the user to the 'DTS-TEST-AUDT (domain.com\Groups\APP Security Groups\DTS)' group
If the user is not a member of the 'DEP-Accounting (domain.com\Groups\User Department Branch Groups)' group AND
the 'Extension Attribute 1' property does not equal 'AUDT' then
Remove the user from the 'DTS-TEST-AUDT (domain.com\Groups\APP Security Groups\ DTS)' group
I will also be running this for 5 different groups and trying to update daily. Each group have different users, and uses differnt IF statements. So is it best to have 5 different scheduled tasks kicking these off seperately, or should they be combined? Just overall looking for best way to keep them updated.