This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Group Membership Restrictions

Hi,

I was wondering if it is possible to have a group and if someone adds a user to this group that I can restrict the group to only contain users which meet certain criteria? For example: A group which only accepts members of which the first name starts with Steve.

Thanks.

Sander.

0 Terrance.Crombie over 7 years ago

This is possible, but can get extremely complicated. The complexity lies in the fact that a Group membership update can contain one or more objects, including Users, Contacts, Computers, and other Groups. You would have to code a solution which pulled apart the requested modifications, checked to see what it was, and handled each scenario accordingly.

It would be much simpler to simply leverage the Dynamic Groups feature within Active Roles. You can set a rule to build membership, and Active Roles takes care of it automatically. Anything manually added which doesn't meet the Group Membership criteria is removed immediately.
Cancel
Up 0 Down

Cancel
0 sander.martijn over 7 years ago

Hi Terrance,

Thanks for you reply, but I have looked at this. What I need is that if someone would add a member which does not meet the criteria, the user is automatically removed from the group.
Cancel
Up 0 Down

Cancel
0 morgan01 over 7 years ago

I would recommend that native AD permissions be removed so the admins cannot update directly. Then provide them with ARS interfaces and apply approval rules. This way the changes are not committed until the approver has reviewed/approved. This is how my department approached this internal requirement.
Cancel
Up 0 Down

Cancel