• State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 62 subscribers
  • Views 5819 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Dynamic group not processing

akingbade.ajewole
over 5 years ago

We are seeing random issues where random dynamic group are not processing new users. Upon research, I found out "Service to evaluate and apply rule changes" is empty. Immediately I pick a service server and hit rebuild, they start showing up. Why is this happening? Anyway to search ARS for dynamic groups without this information blank?

Parents
  • 0 over 5 years ago

    Possible reason: ARS Upgrade. Search all Dynamic Groups in ARS MMC and check/reset the current ARS01 server on each group.

  • 0 over 5 years ago in reply to Aidar.Karabalaev

    Can I do this with PS? Thanks for your response

  • 0 over 5 years ago in reply to akingbade.ajewole

    PS1 script - probably Yes. 

    Due criticality of DG feature and potential impact on AD security, during ARS Upgrade, I strongly recommend customer to use the chance to review the DG list and confirm it (Deprovision the legacy not needed anymore).

  • 0 over 5 years ago in reply to Aidar.Karabalaev

    Thanks. I was able to run this command to get all dynamic group

    Get-QADGroup -LdapFilter '(edsaisdynamicgroup=True)' -IncludedProperties edsadgoriginatingservice,edsaisdynamicgroup -Proxy | Select-Object name,edsadgoriginatingservice,edsaisdynamicgroup | Export-csv C:\Users\5username\Desktop\Result.csv


Then I run the following against groups without the attribute.

clear
$list = import-csv “C:\Users\username\Desktop\ScriptsInput\groupattribute.csv"
foreach ($name in $list)
{
Get-QADGroup -SamAccountName $name.sAMAccountName -IncludedProperties edsadgoriginatingservice,edsaisdynamicgroup -Proxy | Set-QADGroup -ObjectAttributes @{edsadgoriginatingservice="ServerName.domain.corp"}
}

Reply
  • 0 over 5 years ago in reply to Aidar.Karabalaev

    Thanks. I was able to run this command to get all dynamic group

    Get-QADGroup -LdapFilter '(edsaisdynamicgroup=True)' -IncludedProperties edsadgoriginatingservice,edsaisdynamicgroup -Proxy | Select-Object name,edsadgoriginatingservice,edsaisdynamicgroup | Export-csv C:\Users\5username\Desktop\Result.csv


Then I run the following against groups without the attribute.

clear
$list = import-csv “C:\Users\username\Desktop\ScriptsInput\groupattribute.csv"
foreach ($name in $list)
{
Get-QADGroup -SamAccountName $name.sAMAccountName -IncludedProperties edsadgoriginatingservice,edsaisdynamicgroup -Proxy | Set-QADGroup -ObjectAttributes @{edsadgoriginatingservice="ServerName.domain.corp"}
}

Children
No Data