Dynamic list edsaDGConditionsList content.

I need a command that will pull the rule sets content from my dynamic groups.

I can get the basic attributes with Get-QADGroup SG-Everyone_RTP-Auto | export-csv c:\temp\bobtest.csv but I can not get the content of the edsaDGConditionsList attribute.

 

Thank you

  • my understanding is:
    1. Is the attribute format documented and supported?
    2. ARS used to store the DG configuration on AD\group in AD attribute (maybe: adminDescription?, maybe it was changed in new ARS to edsaDGConditionsList?) in XML format, containing: ldap query, ARS version, ARS Admin Service instance to control/enforce the group membership etc…
    3. #2 - the XML format was not documented, “know-how” and, therefore, any modification of it no by ARS is not supported?
    4. You can see DG ldap query on the AD\group itself (in ARS MMC)
    5. (probably) you may report on it using ARS SSRS report pack | ARS Configuration Reports (ARS AT Links, Policy Links etc..) though the reports were basic and limited.

    PS: ARS MMC (ldap) search UI provides option to enumerate all Dynamic Groups in Managed Domains.

  • The edsaDGCondisitionsList attribute is used for an internal process only and as such is not in a usable format for external use.

    There is no tool to translate the attribute value to what you would see in the GUI to a simple list. Additionally, any alteration to this attribute value will break the group.
  • So you just want the rule sets?

    Start by having a look at the reference around IEDMMembershipRule in the AR SDK. It will give you a sense of how the setup of them works under the covers.