Script to create dynamic group

 Hi Gégé 

Yes it is totally possible to create Dynamic Groups via a script, which would also mean with the correctly written script your can do this via a workflow.

The process for converting a dyanmic gorup is very similar to that of programmatically creating a Managed Unit, just binding to a group object, instead of a managed unit object.

### Variables
# DN of target Group to covert
$GroupDN = "CN=Group1,OU=MyGroups,DC=Test,DC=Domain,DC=com"

# Membership Rule variables
$RuleSearchRoot = "OU=MyUsers,DC=Test,DC=Domain,DC=com" #BASE
$LDAPFilter = "(|(objectClass=user)(Department=ARS Team))" # FILTER



### Code
$EDMSstring = "EDMS://$($GroupDN)"
 
$GroupObject = [ADSI] $EDMSstring
$RuleCollection = $GroupObject.MembershipRuleCollection

# Create a new Include by Query rule
$rule1 = New-Object -ComObject "EDSIManagedUnitCondition"
$rule1.Base = "EDMS://$($RuleSearchRoot)"
$rule1.Filter = "$($LDAPFilter)"
$rule1.Type = 1 
# Add the newly created membership rule to the rule collection
$RuleCollection.Add($rule1)
$GroupObject.SetInfo()
"Rule added"

For other rule types, have a look within the Active Roles SDK under IEDMMembershipRule, which will give you more information (in VBScript) on what values are expected, IE:

Hope this help.

Kind regards

Stu

So, I'm using the above script (modified for my environment of course), and I get to the '$RuleCollection.Add($rule1)' part and I get the following error:

PS C:\Windows\system32> $objRuleCollection.Add($oBaseIncRule)
You cannot call a method on a null-valued expression.
At line:1 char:1
+ $objRuleCollection.Add($oBaseIncRule)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull

and when I look the $ObjRuleCollection object only has the following:

PS C:\Windows\system32> $objRuleCollection

OverloadDefinitions
-------------------

PS C:\Windows\system32> $objRuleCollection |GM

TypeName: System.Management.Automation.PSMethod

Name MemberType Definition
---- ---------- ----------
Copy Method System.Management.Automation.PSM
Equals Method bool Equals(System.Object obj)
GetHashCode Method int GetHashCode()
GetType Method type GetType()
Invoke Method System.Object Invoke(Params Syst
ToString Method string ToString()
IsInstance Property bool IsInstance {get;}
MemberType Property System.Management.Automation.PSM
Name Property string Name {get;}
OverloadDefinitions Property System.Collections.ObjectModel.C
TypeNameOfValue Property string TypeNameOfValue {get;}
Value Property System.Object Value {get;set;}

Neither the $objGroup line, nor the $objRuleCollection liens are giving any errors.

PS C:\Windows\system32> $objgroup

distinguishedName :
Path : EDMS://Sanitized\Newgroup_Dynamic_Users

PS C:\Windows\system32>

Anyone have some clue-bits they want to share?

Thank you,

Mike

EDMS://Sanitized\Newgroup_Dynamic_Users

object name need to be in DN format:

EDMS://CN=Newgroup_Dynamic_Users,OU=Sanitized 

I'm still getting the same result. It successfully creates a group, but it does not add the rules, and the $objGroup.MembershipRuleCollection is still empty, or seemingly non-existent:

PS C:\Windows\system32> $objGroup

distinguishedName : {CN=NewGroup_More_Dynamic_Users,OU=Sanitize,DC=Sani,DC=Tized}
Path : EDMS://CN=NewGroup_More_Dynamic_Users,OU=Sanitize,DC=Sani,DC=Tized

PS C:\Windows\system32> $objRuleCollection.Add($oBaseIncRule) #Fails - ObjRuleCollection object does not have an "Add"
You cannot call a method on a null-valued expression.
At line:1 char:1
+ $objRuleCollection.Add($oBaseIncRule) #Fails - ObjRuleCollection obje ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull

PS C:\Windows\system32> $objRuleCollection.Add($oScndRule) #Fails - ObjRuleCollection object does not have an "Add"
You cannot call a method on a null-valued expression.
At line:1 char:1
+ $objRuleCollection.Add($oScndRule) #Fails - ObjRuleCollection obje ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull

PS C:\Windows\system32>
PS C:\Windows\system32> $objGroup.MembershipRuleCollection
PS C:\Windows\system32> $objGroup |GM

TypeName: System.DirectoryServices.DirectoryEntry

Name MemberType Definition
---- ---------- ----------
ConvertDNWithBinaryToString CodeMethod static string ConvertDNWithBinaryToString(psobject deInstance, psobject dnWithBinaryInstance)
ConvertLargeIntegerToInt64 CodeMethod static long ConvertLargeIntegerToInt64(psobject deInstance, psobject largeIntegerInstance)
cn Property System.DirectoryServices.PropertyValueCollection cn {get;set;}
distinguishedName Property System.DirectoryServices.PropertyValueCollection distinguishedName {get;set;}
dSCorePropagationData Property System.DirectoryServices.PropertyValueCollection dSCorePropagationData {get;set;}
groupType Property System.DirectoryServices.PropertyValueCollection groupType {get;set;}
instanceType Property System.DirectoryServices.PropertyValueCollection instanceType {get;set;}
name Property System.DirectoryServices.PropertyValueCollection name {get;set;}
nTSecurityDescriptor Property System.DirectoryServices.PropertyValueCollection nTSecurityDescriptor {get;set;}
objectCategory Property System.DirectoryServices.PropertyValueCollection objectCategory {get;set;}
objectClass Property System.DirectoryServices.PropertyValueCollection objectClass {get;set;}
objectGUID Property System.DirectoryServices.PropertyValueCollection objectGUID {get;set;}
objectSid Property System.DirectoryServices.PropertyValueCollection objectSid {get;set;}
sAMAccountName Property System.DirectoryServices.PropertyValueCollection sAMAccountName {get;set;}
sAMAccountType Property System.DirectoryServices.PropertyValueCollection sAMAccountType {get;set;}
uSNChanged Property System.DirectoryServices.PropertyValueCollection uSNChanged {get;set;}
uSNCreated Property System.DirectoryServices.PropertyValueCollection uSNCreated {get;set;}
whenChanged Property System.DirectoryServices.PropertyValueCollection whenChanged {get;set;}
whenCreated Property System.DirectoryServices.PropertyValueCollection whenCreated {get;set;}

Thanks,

Mike

I'm still getting the same result. It successfully creates a group, but it does not add the rules, and the $objGroup.MembershipRuleCollection is still empty, or seemingly non-existent:

PS C:\Windows\system32> $objGroup

distinguishedName : {CN=NewGroup_More_Dynamic_Users,OU=Sanitize,DC=Sani,DC=Tized}
Path : EDMS://CN=NewGroup_More_Dynamic_Users,OU=Sanitize,DC=Sani,DC=Tized

PS C:\Windows\system32> $objRuleCollection.Add($oBaseIncRule) #Fails - ObjRuleCollection object does not have an "Add"
You cannot call a method on a null-valued expression.
At line:1 char:1
+ $objRuleCollection.Add($oBaseIncRule) #Fails - ObjRuleCollection obje ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull

PS C:\Windows\system32> $objRuleCollection.Add($oScndRule) #Fails - ObjRuleCollection object does not have an "Add"
You cannot call a method on a null-valued expression.
At line:1 char:1
+ $objRuleCollection.Add($oScndRule) #Fails - ObjRuleCollection obje ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull

PS C:\Windows\system32>
PS C:\Windows\system32> $objGroup.MembershipRuleCollection
PS C:\Windows\system32> $objGroup |GM

TypeName: System.DirectoryServices.DirectoryEntry

Name MemberType Definition
---- ---------- ----------
ConvertDNWithBinaryToString CodeMethod static string ConvertDNWithBinaryToString(psobject deInstance, psobject dnWithBinaryInstance)
ConvertLargeIntegerToInt64 CodeMethod static long ConvertLargeIntegerToInt64(psobject deInstance, psobject largeIntegerInstance)
cn Property System.DirectoryServices.PropertyValueCollection cn {get;set;}
distinguishedName Property System.DirectoryServices.PropertyValueCollection distinguishedName {get;set;}
dSCorePropagationData Property System.DirectoryServices.PropertyValueCollection dSCorePropagationData {get;set;}
groupType Property System.DirectoryServices.PropertyValueCollection groupType {get;set;}
instanceType Property System.DirectoryServices.PropertyValueCollection instanceType {get;set;}
name Property System.DirectoryServices.PropertyValueCollection name {get;set;}
nTSecurityDescriptor Property System.DirectoryServices.PropertyValueCollection nTSecurityDescriptor {get;set;}
objectCategory Property System.DirectoryServices.PropertyValueCollection objectCategory {get;set;}
objectClass Property System.DirectoryServices.PropertyValueCollection objectClass {get;set;}
objectGUID Property System.DirectoryServices.PropertyValueCollection objectGUID {get;set;}
objectSid Property System.DirectoryServices.PropertyValueCollection objectSid {get;set;}
sAMAccountName Property System.DirectoryServices.PropertyValueCollection sAMAccountName {get;set;}
sAMAccountType Property System.DirectoryServices.PropertyValueCollection sAMAccountType {get;set;}
uSNChanged Property System.DirectoryServices.PropertyValueCollection uSNChanged {get;set;}
uSNCreated Property System.DirectoryServices.PropertyValueCollection uSNCreated {get;set;}
whenChanged Property System.DirectoryServices.PropertyValueCollection whenChanged {get;set;}
whenCreated Property System.DirectoryServices.PropertyValueCollection whenCreated {get;set;}

Thanks,

Mike