|Kieren Anderson 3305910e57||2 months ago|
|DynamicADGroups||2 months ago|
|README.md||2 months ago|
|demo.gif||2 months ago|
|image-1.png||2 months ago|
|image.png||2 months ago|
So what do I mean when I say Dynamic AD Groups? I look at it in a number of stages.
Based from groups selected by the business, return each groups members where specific attributes are checked and match Department, Title and Office values. Again these values are noted by the business.
Based on results collected so far, verify each members compliance.
“Does this user have Department “X” and Office “Y”?
If these values are satisfied, then the user can stay a member of the group.
However, if the values are not satisfied, the user is removed from the group.
So to achieve this we need to create a database instance or a CSV file. To get a proof of concept, and to determine what the SQL instance would even look like I opted to work with a CSV file.
At the time of writing this, I would like to use sql instead of the CSV. I imagine that this would be a stored procedure that I could call upon to return the values like I do with the CSV in this example. Stay tuned for a Part 2 when I eventually implement that.
So first we need to create a CSV file with the data we are interested in.
group,department,title,office all.finance.brisbane.users,Finance,Payroll Officer,Brisbane all.itops.sydney.users,Information Technology,Systems Administrator,Sydney
Here we give four headings that we are interested in, group, department, title and office.
In this example we know that to be a member of all.finance.brisbane you MUST have;
The same goes for all.itops.sydney.users. You must have Information Technology, System Administrator and Sydney as an attribute.
Download the following powershell script. Note: As a safety measure I have put the -Whatif parameter on each of the three remove or add users from groups. When you have tested completely feel free to remove this.
So lets see this in action…
So here is my CSV file:
To quickly note for this example the following test users where configured like below,