• State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 62 subscribers
  • Views 3585 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Powershell Add to group based on user attribute

robert barkhuff
over 5 years ago

I'm writing my user create policy.  I'm going to set the office attribute to be a mandatory value.  In the policy I am going to include runs script.  Can someone help me with the first script.  If office attribute contains x, add to group X, if office attribute contains Y, add to group Y, if office attribute contains Z, add to Z group.

Yes I know that doing dynamic groups would work, but then I would be "taking over" group management from native tools, and people would "have" to use ARS in their daily job function.  We aren't there yet.  Powershell is preferred.  I understand it the best.  I guess this function would be on postcreate.

Parents
  • 0 over 5 years ago

    You don't HAVE to do this with a script.  Though somewhat tedious to create in large numbers, you could use a series of Group Membership Auto Provisioning Policies that implement the same rule you describe.  There is a place in the policy config to filter based on an attribute.  You just need to create one policy per group to match the rules you cite above.

    Since you asked, Powershell would be something like this:

    Function OnPostCreate ($Request)

    {

    If ($Request.class -ne "user") {return}

    $CurrentOffice = $Request.get("physicaldeliveryofficename")

    Switch ($CurrentOffice) {

    X {$Group = "X"}

    Y {$Group = "Y"}

    Z {$Group = "Z"}

    }

    # $Request.GUID is the GUID of the just-created user

    Add-QADGroupMember -Identity $Group -Member $Request.GUID

    }

Reply
  • 0 over 5 years ago

    You don't HAVE to do this with a script.  Though somewhat tedious to create in large numbers, you could use a series of Group Membership Auto Provisioning Policies that implement the same rule you describe.  There is a place in the policy config to filter based on an attribute.  You just need to create one policy per group to match the rules you cite above.

    Since you asked, Powershell would be something like this:

    Function OnPostCreate ($Request)

    {

    If ($Request.class -ne "user") {return}

    $CurrentOffice = $Request.get("physicaldeliveryofficename")

    Switch ($CurrentOffice) {

    X {$Group = "X"}

    Y {$Group = "Y"}

    Z {$Group = "Z"}

    }

    # $Request.GUID is the GUID of the just-created user

    Add-QADGroupMember -Identity $Group -Member $Request.GUID

    }

Children
No Data