Dynamic Group Membership

[Chris]

I would love to make my administration tasks a lot
simplier by allowing dynamic group membership.

For example I have several OU's two of which are labeled
staffA and staffB. I want to assign a certain set of
groups(security and distribution)to a particular OU. So
for example if I were to move a user from one OU to
another it would automatically remove all groups from the
user and then add the new groups based on the users
destination OU.

This makes life easier so that I never have to worry about
whether certain users are in certain groups and I know
they will be in the right groups no matter where they are.

Thanx,
Chris

 

[Joe Richards [MVP]]

That is something that you could script. It isn't built into the native OS but the capability to do it is.

 

[Chris]

I know it is possible to somehow script it. My question is
how do I go about scripting this? Or is there some
utility that will make this alot easier.

Chris

 

[Joe Richards [MVP]]

The basic process would be

1. loop until someone says stop
2. take last highusn for a given DC and do a search for all userobjects in a specified watched area with USNchanged >=
that value.
3. Every object that has changed, check its DN and verify if current group memberships are correct, if not modify them.
4. Store the new highusn.

I am not aware of any software out there that will do this as of right now. BUT... I would bet one of Quests products
could come close though it would only be for stuff moved via their tools.