Primary / Secondary Owners inheritance

I'm looking to automate the primary/secondary owners of Security Groups - based on the primary/secondary owners of the OU that the Security Group is contained within.

Security Groups (top ou)

--Application Groups (sub ou)

-- --Application Team1 (sub ou)

Application Team1 OU will have a primary owner (the manager of the application team1 "team")

Application Team1 OU will have a secondary owner (the security group Application Team1)

I want all groups created in the Application Team1 OU to be auto populated with the primary/secondary owner from the parent OU. If the manager is ever replaced, we could change the owner of the Application Team1 OU and it will automatically update all the security groups below it.


Hopefully that makes sense. Seems like it would be easy to do, but I'm struggling a little bit.


No Data
  • Follow up question - still relating to my current scenario

    New groups created - works perfectly fine from the policy, managedby and secondary owner are inherited from the parent OU

    Modification of the OU managedby and secondary owner - workflow kicks in on edit and updates all of the contained groups

    What about moving a group from one OU to another OU? When I move group1 from OU1 to OU2, I do a "check policy" and it comes up as violation. I'm assuming this would be another workflow, triggered by group move?
No Data