Revoke group membership after X days?

Is it possible to configure a trigger so that it automatically removes an AD user from an AD group, x days after they were added?

For instance, if we have a group that grants access to an MFA bypass, but we only want people to be able to have membership for 3 days before being removed...

Instead of constantly auditing that group, could we make a custom command something like:

IF ((user was added to group)) >= 3 days, THEN ((remove them))

I haven't used Adaxes custom attributes before, but maybe when a user is added to that group, setting the DateTime in an attribute, then comparing to that in the removal action?

Thanks for any advice!

ago by (170 points)

1 Answer

ago by (306k points)
0 votes

Hello jake,

Have a look at the solution in the following article: https://www.adaxes.com/script-repository/temporary-group-membrship-s533.htm.

Related questions

One time email x days after Account Expired

I want to send out an email one time 60 days after an account expires. I was trying to set this up using the scheduled task, but it requires me to pick a schedule before I ... select One time, it requires me to pick a date. Is there any other to do this?

asked Oct 25, 2013 by sdavidson (730 points)
0 votes
1 answer
Running scheduled tasks every X days of the year - how to change next runtime?

We need to run a scheduled task twice a year, so I chose every 182 days like it's suggested in here, only problem is that there is no way to change the next run ... really don't want these tasks to be triggered again if they've already been executed this year.

asked May 8, 2024 by boing (20 points)
0 votes
1 answer
Report to show all modified users and the attribute in the last x days.

Hi, we currenlty have a business rule to send an email everytime the Title, Manager, Department, accountExpires, EmployeeType or FirstName attributes are ... Unit: %BusinessUnit% End Date: %accountExpires% Effective Date of Change: %adm-CustomAttributeDate2%

asked Feb 14, 2024 by KevC (60 points)
0 votes
1 answer
I would like to delete users that have been disabled for more then X number of days

I would like to delete users that have been disabled for more then X number of days. This would be a phase of our deprovisioning process. The user is first disabled and placed ... we are sure that we no longer need it, I would like to automaticially delete it.

asked Oct 13, 2022 by rmedeiros (380 points)
0 votes
1 answer
Migrate mailbox to PST 180 days after expiry

Is there a way to export mailboxes to individual PST files 180 days after the account was set to expire? /Kaj

asked Dec 5, 2017 by KajLehtinen (650 points)
0 votes
1 answer