I need to create a group that contains all users who are in OUs that have a certain string in the name. For example, if an OU has "Admin" in the name, add all users in the OU to a group. Is this possible?

If all the OUs are named once, we recommend you to use the approach with rule-based groups. For details, have a look at the corresponding section of the following tutorial: https://www.adaxes.com/help/AddUsersToGroupsByDepartment/#dynamicgroups. Each group will just have a separate membership rule for each related OU to include all its users. Whenever a new matching OUs are created, you will just add membership rules to the corresponding groups.


Hi -- that's definitely an approach, but it's one we are trying to avoid. Is it possible to add users to a group based on the name of the OU or container they're in?

I was able to create a business unit containing all the OUs that match my desired string, so I do have that as a starting point. I'm not sure how to go from there to individual users.

Another option I was thinking about is searching for a string like "OU=Admin" in distinguishedName, but I can't figure out how to do that.



that's definitely an approach, but it's one we are trying to avoid.

It works the same and requires less configuration. However, it is totally up to you.

Is it possible to add users to a group based on the name of the OU or container they're in?

Have a look at section Centralized automation of the same tutorial. In your case, you will need a scheduled task like below. Your business unit will not work in this case. image.png

Another option I was thinking about is searching for a string like "OU=Admin" in distinguishedName, but I can't figure out how to do that.

Unfortunately, there is no such possibility. The restriction comes from AD and is not related to Adaxes.


We managed to do this with a scheduled task using the "ParentDisplayName" property.

