RE: [ActiveDir] Automagic Security groups.

[Coleman, Hunter]

Two options come to mind, I'm sure there are others...   1) Build a set of scripts and put a web front-end on them, which would allow others to move the user account and as part of the move, the OUone groups would get stripped and the OUtwo groups would get added.   2) Directly delegate the object move (or like above, stick it in a web page). Then have a scheduled task that periodically runs and looks at all user objects in OUone and sets the group membership correctly, same for OUtwo.   Option 1 has a more immediate effect, and that may be an important point. Option 2 has the advantage of consistently enforcing group membership, so even if someone makes an inadvertant change it will get corrected on the next pass of the script. It also makes it easier to change the groups and have all users get updated. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kennedy, Jim Sent: Tuesday, February 07, 2006 12:47 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Automagic Security groups. I am almost looking for a query based Security Group, similar to Distribution Groups.   It would save me a ton of time if when I moved a user from OUone to OUtwo if it would/could strip that user of all their old groups and drop them into the new groups, based upon what OU the user account currently resides in.   15 schools, students moving from school to school all year long....it would save us a ton of time. In fact I could delegate the move and have others do it. It would be the last part of the puzzle to making these moves near zero administrative overhead.   Any ideas?   Jim Kennedy