Temporary group membership

Hi 

I tried the below code in my lab, and worked as I'd expect:

$GroupName = "GroupName"
$Member = "Temp"

$StartTime = (Get-Date -Year 2020 -Month 09 -Day 09 -Hour 16 -Minute 00 -Second 00).ToUniversalTime()
$EndTime = (Get-Date -Year 2020 -Month 10 -Day 09 -Hour 09 -Minute 00 -Second 00).ToUniversalTime()

# Add Member - Temporal add
Add-qadgroupmember -identity $GroupName -member $Member -control @{'scheduledoperation-settime'=$StartTime} -Proxy

# Remove Member - Temporal remove
Remove-QADGroupMember -identity $GroupName -member $Member -control @{'scheduledoperation-settime'=$EndTime} -Proxy

Having had a couple of issues recently myself, and double checking the SDK, the date required to be set in the ScheduledOperation-SetTime control is a GeneralizedDate. JohnnyQuest and I discussed the problem and talked throught the issue, with his assistance I came up with the below, Thanks Johnny.

If you're using a value generated from Get-Date, this will work as you expect, however if you're converting it from a string (for instance you've imported it from a CSV), although you might use a covert method to get it into a date format, you may still have problem.

The below function will convert it to a GeneralizedDate format, which you can pipe into the appropriate place in your script. This is something I've just created, so will need proper testing in your development environment to ensure it works in all your use cases.

Function Convert-ToGeneralizedDate
{
    Param
    (
        [string]$Date=$null,
        [string]$CurrentDateFormat = 'dd/MM/yyyy HH:mm:ss'
    )

    $WorkingDate = [datetime]::parseexact($Date, $CurrentDateFormat, $null)
    $DateElement = ($WorkingDate.ToString("yyyyMMdd")).Replace("/","")
    $TimeElement = ($WorkingDate.ToLongTimeString()).Replace(":","")

    $Result = [string]::Format("{0}{1}.{2}Z",$DateElement,$TimeElement,$WorkingDate.Millisecond)
    Return $Result
}

When you call the function, ensure that $CurrentDateFormat is set to the date format your data has the value held, in my case its always in the format "dd/MM/yyyy HH:mm:ss", IE:

Function Convert-ToGeneralizedDate
{
    Param
    (
        [string]$Date=$null,
        [string]$CurrentDateFormat = 'dd/MM/yyyy HH:mm:ss'
    )

    $WorkingDate = [datetime]::parseexact($Date, $CurrentDateFormat, $null)
    $DateElement = ($WorkingDate.ToString("yyyyMMdd")).Replace("/","")
    $TimeElement = ($WorkingDate.ToLongTimeString()).Replace(":","")

    $Result = [string]::Format("{0}{1}.{2}Z",$DateElement,$TimeElement,$WorkingDate.Millisecond)
    Return $Result
}


$GroupName = "Group1"
$Member = "Test20"

$StartTime = Convert-ToGeneralizedDate -Date "01/01/2022 09:00:00" -CurrentDateFormat "dd/MM/yyyy HH:mm:ss"
$EndTime = Convert-ToGeneralizedDate -Date "01/01/2023 14:45:29" -CurrentDateFormat "dd/MM/yyyy HH:mm:ss"

# Add Member - Temporal add
Add-qadgroupmember -identity $GroupName -member $Member -control @{'scheduledoperation-settime'=$StartTime} -Proxy

# Remove Member - Temporal remove
Remove-QADGroupMember -identity $GroupName -member $Member -control @{'scheduledoperation-settime'=$EndTime} -Proxy

Hey,

Great post. Thank you for sharing this.

I have a situation where, upon termination, I would like a user to remain in a specific group for 1 month and then they should be removed. So I only needed the Remove-QADGroupMember command. I also needed the $EndTime to be dynamic. This is what I came up. There are probably better ways of doing it, but this served my purpose.

$GroupName = "Group Name"
$Member = "Temp"


$EndTime = Get-Date ((Get-Date).AddMonths(1)).ToUniversalTime() -UFormat "%A, %B %e, %Y %r"

# Remove Member - Temporal remove
Remove-QADGroupMember -identity $GroupName -member $Member -control @{'scheduledoperation-settime'=$EndTime} -Proxy