Temporary group membership

HI, I would like to add a group by midnight through a script, I know the GUI has the setting to set date and time but how would I do it using a script.

Command:

Add-QADgroupmember -identity "groupname" -member $ADuser (tonight at midnight)

any help would be much appreciated

Top Replies

Stu.Pollock over 2 years ago in reply to aguliana +1 verified

Yes

Bear in mind however, the time that gets set is based upon your local time... so in the UK for example, currently we are in British Summer Time (GMT+1 or UTC+1), therefore if I were to add at 10,…

Parents

0 JohnnyQuest over 2 years ago

Here's a KB article to get you started:

support.oneidentity.com/.../powershell-commands-for-temporal-group-management
Cancel
Up 0 Down

Reply

Verify Answer

Cancel

0 Stu.Pollock over 2 years ago in reply to JohnnyQuest

I had a script open, I had to remove bits (so you'll need to test in your lab environment), but to add to Johnny's link

$Type = "Add"
$Group = "<GroupDN>"
$Member = "<MemberDN>"
$Reason = "<Reason>"
$SetTime = get-date -Date (Get-date).Date -Hour 00 -Minute 00 -Second 00
$GroupDN =  Get-QADObject -Identity $Group
$MemberDN = Get-QADObject -Identity $Member
   
$ControlHash=@{}
$ControlHash.Add("OperationReason","$Reason")
$ControlHash.Add('ScheduledOperation-SetTime',$($SetTime))

if($Type -eq "Add")
{
	$Add = Add-QADGroupMember -Identity $GroupDN.DN -Member $MemberDN.DN -Control $ControlHash -Proxy
}
ElseIf($Type -eq "Remove")
{
	$Remove = Remove-QADGroupMember -Identity $GroupDN.DN -Member $MemberDN.DN -Control $ControlHash -Proxy
}
Elsehttps://www.oneidentity.com/community/active-roles/f/forum/32839/temporary-group-membership/80088#
{
	Write-Host "Unhandled type ($($Type))"
}

Reply

0 Stu.Pollock over 2 years ago in reply to JohnnyQuest

I had a script open, I had to remove bits (so you'll need to test in your lab environment), but to add to Johnny's link

$Type = "Add"
$Group = "<GroupDN>"
$Member = "<MemberDN>"
$Reason = "<Reason>"
$SetTime = get-date -Date (Get-date).Date -Hour 00 -Minute 00 -Second 00
$GroupDN =  Get-QADObject -Identity $Group
$MemberDN = Get-QADObject -Identity $Member
   
$ControlHash=@{}
$ControlHash.Add("OperationReason","$Reason")
$ControlHash.Add('ScheduledOperation-SetTime',$($SetTime))

if($Type -eq "Add")
{
	$Add = Add-QADGroupMember -Identity $GroupDN.DN -Member $MemberDN.DN -Control $ControlHash -Proxy
}
ElseIf($Type -eq "Remove")
{
	$Remove = Remove-QADGroupMember -Identity $GroupDN.DN -Member $MemberDN.DN -Control $ControlHash -Proxy
}
Elsehttps://www.oneidentity.com/community/active-roles/f/forum/32839/temporary-group-membership/80088#
{
	Write-Host "Unhandled type ($($Type))"
}

Children

No Data