Two options come to mind, I'm sure there are
others...
1) Build a set of scripts and put a web front-end on them,
which would allow others to move the user account and as part of the move, the
OUone groups would get stripped and the OUtwo groups would get
added.
2) Directly delegate the object move (or like above, stick
it in a web page). Then have a scheduled task that periodically runs and looks
at all user objects in OUone and sets the group membership correctly, same for
OUtwo.
Option 1 has a more immediate effect, and that may be an
important point. Option 2 has the advantage of consistently enforcing group
membership, so even if someone makes an inadvertant change it will get corrected
on the next pass of the script. It also makes it easier to change the groups and
have all users get updated. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kennedy, Jim Sent: Tuesday, February 07, 2006 12:47 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Automagic Security groups. I am almost looking for a
query based Security Group, similar to Distribution
Groups.
It would save me a ton of
time if when I moved a user from OUone to OUtwo if it would/could strip that
user of all their old groups and drop them into the new groups, based upon what
OU the user account currently resides in.
15 schools, students moving
from school to school all year long....it would save us a ton of time. In fact I
could delegate the move and have others do it. It would be the last part of the
puzzle to making these moves near zero administrative
overhead.
Any
ideas?
Jim
Kennedy
|
- RE: [ActiveDir] Automagic Security groups. Coleman, Hunter
- RE: [ActiveDir] Automagic Security groups. Kennedy, Jim