- Products
- Solutions
- Resources
- Trials
- Support
- Partners
- Communities
Hi All,
Does anyone know of a way to copy the logic from one dynamic group to another or even reuse the same logic with a slight change for an existing group?
Example -
We have 3 user types but the Dynamic Groups only give options to use "and" or "or", I can't get them to both be included so we have to have 3 identical rules but for each of the user types.
User types = Regular, Contractor, Vendor
Location = Can't be location1 and can't be location2 and can't be location3.
Desired result = All regular, contractors and vendors whose location is not one of those 3.
I would have to create a rule that says UserType is exactly Regular and location is not location1 and location2 and location3.
I would then have to do the same for usertype Contractor and Vendor as well.
Is there a way to either use "And" and "or" in the same rule (Usertype is Regular or Contractor or Vendor) and location is not location1 and location is not location2 and location is not location3.
If there is no way to do the above, can I simply build it out for "Regular" and then copy the logic some how and just update it to "Contractor" and "Vendor".
I have some groups with dozens of "locations" that I would need to recreate multiple times for each user type.
Thanks
Josh
Hi Josh
One option is to change the query you're using in your dynamic group "include by query" membership rule.
In my lab I have 20 user objects, as below:
In my example
Location = City (ldap name "l")
User Type = employee type (ldap name "employeeType"
I created a Dynamic group called "DG-Test", where:
Find = Custom Search
In= OU structure containing my test accounts
LDAP Query:
(&(samAccountType=805306368)(&(!(l=location1))(!(l=location2))(!(l=location3)))(|(employeeType=Regular)(employeeType=Contractor)(employeeType=Vendor)))
LDAP Query breaks down as follows:
(&
(samAccountType=805306368)
(&
(!(l=location1))
(!(l=location2))
(!(l=location3))
)
(|
(employeeType=Regular)
(employeeType=Contractor)
(employeeType=Vendor)
)
)
Results are:
The query in essence has 3 sections
So we want to only include:
User Account (805306368 SAM_NORMAL_USER_ACCOUNT)
AND
City is NOT location1
AND
City is NOT location2
AND
City is NOT location3
AND
User Type is Regular
OR
User Type is Contractor
OR
User Type is Vendor
The problem we (myself include) usual make when writing an LDAP Query (other than the usual mismatch of brackets) is confusing when AND should be used vs OR, especially when you're looking at something that is not true. As in speech we're saying "any user, where they are not in London, New York or Paris, and the are of type Regular, Contractor or vendor"
If we implement the query as we speak it, we get the below... as the location "OR" block (|(!(l=location1))(!(l=location2))(!(l=location3))) means that all our users are in scope
For example, if we were to plug user "test 1" properties into that query we'd get
NOT Location 1 = FALSE
NOT Location 2 = TRUE
NOT Location 2 = TRUE
As an OR logical operator, we have at least one true, therefore its all true... and its included (when it shouldn't be)
As an AND logical operator, we need all to be true, therefore "test 1" would not be included
Where are for users "test 4" and "test 5" both would be included as their locations are not any we're interested it.
Hope this helps.