Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Dynamic Groups in AD

5 views
Skip to first unread message

Price

unread,
Nov 3, 2008, 11:04:10 AM11/3/08
to
I want to create a group in AD that includes everyone in a specific
set of OUs. If a new user is added to a particular OU, then I want
them to be include in this group. Is this possible?

I know it works for Dynamic Distribution Groups (for Exchange), but I
don't know about AD Global Security Groups.

Any help would be appreciated! Step-by-Step instructions would be
GREAT!

Price

unread,
Nov 3, 2008, 11:47:50 AM11/3/08
to
Hate to answer it myself. But, I did some further research and
thought you might benefit from it.

Microsoft System Center Operations Manager can do it.

Dynamic Group Based on Active Directory OU
May 13th, 2007 by Anders Bengtsson

This is a short step by step guide how to make a dynamic group based
on computers in a OU (Organizational Unit).

From the Start Menu, select the Operations System Center Operations
Console
In the Navigation pane (left), Click Authoring
In the Authoring pane, right-click Groups and choose New Group
In the Create Group Wizard - General Properties window, input a
suitable name and choose a management pack, you should have one
explicit management packs for all your overrides. Click Next
In the Create Group Wizard - Explicit Members window, choose any
machines that will always be a member of this group even if they don’t
fulfill the dynamic member formula. Click Next
In the Create Group Wizard - Dynamic Members window, click Create/Edit
rules…
In the Create Group Wizard - Query Builder, choose Windows Computer
from the drop-down menu and then click Add. Choose Organizational Unit
in the property menu, equals in the operator menu and input a OU name
in the Value field, for example
OU=London,OU=Contoso,DC=contoso,DC=Local . Click OK
In the Create Group Wizard - Dynamic Members window, the formula will
now look like this
( Object is Windows Computer AND ( Organizational Unit Equals
OU=London,OU=Contoso,DC=Contoso,DC=Local ) )
In the Create Group Wizard - Dynamic Members window, click Next
In the Create Group Wizard - Subgroups window, choose subgroups to add
to this group. Click Next
In the Create Group Wizard - Excluded Members, choose any machines
that will not be a member of this group even if they don’t fulfill the
dynamic member formula. Click Create
Please note that this will only include machines in the OU specified,
it you want to include computers from another OU you can simple add a
“OR” expression.

Price

unread,
Nov 3, 2008, 4:36:39 PM11/3/08
to
Another message to me. For those of us who don't want to purchase and
install Microsoft System Center Operations Manager for this purpose.

Authentication Manager (aka, azman) will do the same thing. Open an
MMC on your DC and add the snap-in for Authentication Manager.

I am working on a sight for step-by-step.

JPolicelli [MVP-DS]

unread,
Nov 20, 2008, 9:31:47 AM11/20/08
to
Hi Price,

Sorry to interrupt your conversation :).

You can also use the concept of shadow groups, which I cover here:
http://johnpolicelli.wordpress.com/2008/01/15/manage-shadow-groups-in-windows-server-2008/

You will need to tweak my example, but it is a starting point for you, and
you do not need to deploy any new products to achieve this.


"Price" <kpr...@hoover.k12.al.us> wrote in message
news:00296aed-889d-4b86...@b31g2000prf.googlegroups.com...

0 new messages