Adaxes

Query that returns users with a certain string in their OU?

0 votes

I need to create a group that contains all users who are in OUs that have a certain string in the name. For example, if an OU has "Admin" in the name, add all users in the OU to a group. Is this possible?

ago by (40 points)

1 Answer

0 votes
ago by (294k points)

Hello,

If all the OUs are named once, we recommend you to use the approach with rule-based groups. For details, have a look at the corresponding section of the following tutorial: https://www.adaxes.com/help/AddUsersToGroupsByDepartment/#dynamicgroups. Each group will just have a separate membership rule for each related OU to include all its users. Whenever a new matching OUs are created, you will just add membership rules to the corresponding groups.

0

Hi -- that's definitely an approach, but it's one we are trying to avoid. Is it possible to add users to a group based on the name of the OU or container they're in?

I was able to create a business unit containing all the OUs that match my desired string, so I do have that as a starting point. I'm not sure how to go from there to individual users.

Another option I was thinking about is searching for a string like "OU=Admin" in distinguishedName, but I can't figure out how to do that.

ago by (40 points)
0

Hello,

that's definitely an approach, but it's one we are trying to avoid.

It works the same and requires less configuration. However, it is totally up to you.

Is it possible to add users to a group based on the name of the OU or container they're in?

Have a look at section Centralized automation of the same tutorial. In your case, you will need a scheduled task like below. Your business unit will not work in this case. image.png

Another option I was thinking about is searching for a string like "OU=Admin" in distinguishedName, but I can't figure out how to do that.

Unfortunately, there is no such possibility. The restriction comes from AD and is not related to Adaxes.

ago by (294k points)
0

We managed to do this with a scheduled task using the "ParentDisplayName" property.

ago by (40 points)

Related questions

0 votes
1 answer
Password Change workflow that excludes certain words that users cannot use in a password

Does Adaxes all one to setup/configure a custom dictionary with chosen words that will prevent passwords beign set with these words? Example: Many people use "Welcome", "Password", ... set, even from an Admin side when the first password is set for an Account

asked May 10, 2022 by dtorannini (80 points)
0 votes
1 answer
Is it possible to restrict users from creating a password that is too similar to their old one?

For example, if their old password was "Password1", if they try to change it to "Password2" it would block the password reset since it doesn't meet the password requirements.

asked Sep 10 by tsinball (20 points)
0 votes
1 answer
Is there a script to move a user to their managers OU in a scheduled task?

seting up a scheduled task to move users to thier correct OU. For some we can do this based on employee type and direct to a specific OU. For most of our users we will have to script this to move to the manager's OU.

asked Apr 12, 2023 by mightycabal (1.0k points)
0 votes
1 answer
Exclude copied user accounts from being added to security groups in a certain OU.

When a new user account is created by copying an existing one, is it possible to prevent the new account from becoming a member of security groups in a specific OU (when the ... same way as the account being added to the group, which I need for audit purposes.

asked Sep 28, 2020 by markcox (70 points)
0 votes
1 answer
Is there a way to force users to change their password, but still allow them to log in to Self-Service to change it?

I know I can set the "User must change password at next logon" flag, but noticed when I do that, they can no longer log in to Self-Service.

asked Oct 1, 2020 by RickWaukCo (320 points)
3,588 questions
3,277 answers
8,303 comments
548,078 users