Hello ;)
Do you know if it's possible to use a script to create Dynamic group?
Or by using a activity in a Workflow?
Thanks ;)
Gégé
Hello ;)
Do you know if it's possible to use a script to create Dynamic group?
Or by using a activity in a Workflow?
Thanks ;)
Gégé
Hi Gégé
Yes it is totally possible to create Dynamic Groups via a script, which would also mean with the correctly written script your can do this via a workflow.
The process for converting a dyanmic gorup…
Hi Gégé
This is by design, however it is configurable.
In the "Built-in Policy - Dynamic Groups" Administration Policy, the policy settings has by default a check in "Include only mail-enabled users in…
Hi Gégé
Yes it is totally possible to create Dynamic Groups via a script, which would also mean with the correctly written script your can do this via a workflow.
The process for converting a dyanmic gorup is very similar to that of programmatically creating a Managed Unit, just binding to a group object, instead of a managed unit object.
### Variables # DN of target Group to covert $GroupDN = "CN=Group1,OU=MyGroups,DC=Test,DC=Domain,DC=com" # Membership Rule variables $RuleSearchRoot = "OU=MyUsers,DC=Test,DC=Domain,DC=com" #BASE $LDAPFilter = "(|(objectClass=user)(Department=ARS Team))" # FILTER ### Code $EDMSstring = "EDMS://$($GroupDN)" $GroupObject = [ADSI] $EDMSstring $RuleCollection = $GroupObject.MembershipRuleCollection # Create a new Include by Query rule $rule1 = New-Object -ComObject "EDSIManagedUnitCondition" $rule1.Base = "EDMS://$($RuleSearchRoot)" $rule1.Filter = "$($LDAPFilter)" $rule1.Type = 1 # Add the newly created membership rule to the rule collection $RuleCollection.Add($rule1) $GroupObject.SetInfo() "Rule added"
For other rule types, have a look within the Active Roles SDK under IEDMMembershipRule, which will give you more information (in VBScript) on what values are expected, IE:
Hope this help.
Kind regards
Stu
So, I'm using the above script (modified for my environment of course), and I get to the '$RuleCollection.Add($rule1)' part and I get the following error:
PS C:\Windows\system32> $objRuleCollection.Add($oBaseIncRule)
You cannot call a method on a null-valued expression.
At line:1 char:1
+ $objRuleCollection.Add($oBaseIncRule)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
and when I look the $ObjRuleCollection object only has the following:
PS C:\Windows\system32> $objRuleCollection
OverloadDefinitions
-------------------
PS C:\Windows\system32> $objRuleCollection |GM
TypeName: System.Management.Automation.PSMethod
Name MemberType Definition
---- ---------- ----------
Copy Method System.Management.Automation.PSM
Equals Method bool Equals(System.Object obj)
GetHashCode Method int GetHashCode()
GetType Method type GetType()
Invoke Method System.Object Invoke(Params Syst
ToString Method string ToString()
IsInstance Property bool IsInstance {get;}
MemberType Property System.Management.Automation.PSM
Name Property string Name {get;}
OverloadDefinitions Property System.Collections.ObjectModel.C
TypeNameOfValue Property string TypeNameOfValue {get;}
Value Property System.Object Value {get;set;}
Neither the $objGroup line, nor the $objRuleCollection liens are giving any errors.
PS C:\Windows\system32> $objgroup
distinguishedName :
Path : EDMS://Sanitized\Newgroup_Dynamic_Users
PS C:\Windows\system32>
Anyone have some clue-bits they want to share?
Thank you,
Mike
EDMS://Sanitized\Newgroup_Dynamic_Users
object name need to be in DN format:
EDMS://CN=Newgroup_Dynamic_Users,OU=Sanitized
I'm still getting the same result. It successfully creates a group, but it does not add the rules, and the $objGroup.MembershipRuleCollection is still empty, or seemingly non-existent:
PS C:\Windows\system32> $objGroup
distinguishedName : {CN=NewGroup_More_Dynamic_Users,OU=Sanitize,DC=Sani,DC=Tized}
Path : EDMS://CN=NewGroup_More_Dynamic_Users,OU=Sanitize,DC=Sani,DC=Tized
PS C:\Windows\system32> $objRuleCollection.Add($oBaseIncRule) #Fails - ObjRuleCollection object does not have an "Add"
You cannot call a method on a null-valued expression.
At line:1 char:1
+ $objRuleCollection.Add($oBaseIncRule) #Fails - ObjRuleCollection obje ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
PS C:\Windows\system32> $objRuleCollection.Add($oScndRule) #Fails - ObjRuleCollection object does not have an "Add"
You cannot call a method on a null-valued expression.
At line:1 char:1
+ $objRuleCollection.Add($oScndRule) #Fails - ObjRuleCollection obje ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
PS C:\Windows\system32>
PS C:\Windows\system32> $objGroup.MembershipRuleCollection
PS C:\Windows\system32> $objGroup |GM
TypeName: System.DirectoryServices.DirectoryEntry
Name MemberType Definition
---- ---------- ----------
ConvertDNWithBinaryToString CodeMethod static string ConvertDNWithBinaryToString(psobject deInstance, psobject dnWithBinaryInstance)
ConvertLargeIntegerToInt64 CodeMethod static long ConvertLargeIntegerToInt64(psobject deInstance, psobject largeIntegerInstance)
cn Property System.DirectoryServices.PropertyValueCollection cn {get;set;}
distinguishedName Property System.DirectoryServices.PropertyValueCollection distinguishedName {get;set;}
dSCorePropagationData Property System.DirectoryServices.PropertyValueCollection dSCorePropagationData {get;set;}
groupType Property System.DirectoryServices.PropertyValueCollection groupType {get;set;}
instanceType Property System.DirectoryServices.PropertyValueCollection instanceType {get;set;}
name Property System.DirectoryServices.PropertyValueCollection name {get;set;}
nTSecurityDescriptor Property System.DirectoryServices.PropertyValueCollection nTSecurityDescriptor {get;set;}
objectCategory Property System.DirectoryServices.PropertyValueCollection objectCategory {get;set;}
objectClass Property System.DirectoryServices.PropertyValueCollection objectClass {get;set;}
objectGUID Property System.DirectoryServices.PropertyValueCollection objectGUID {get;set;}
objectSid Property System.DirectoryServices.PropertyValueCollection objectSid {get;set;}
sAMAccountName Property System.DirectoryServices.PropertyValueCollection sAMAccountName {get;set;}
sAMAccountType Property System.DirectoryServices.PropertyValueCollection sAMAccountType {get;set;}
uSNChanged Property System.DirectoryServices.PropertyValueCollection uSNChanged {get;set;}
uSNCreated Property System.DirectoryServices.PropertyValueCollection uSNCreated {get;set;}
whenChanged Property System.DirectoryServices.PropertyValueCollection whenChanged {get;set;}
whenCreated Property System.DirectoryServices.PropertyValueCollection whenCreated {get;set;}
Thanks,
Mike
I'm still getting the same result. It successfully creates a group, but it does not add the rules, and the $objGroup.MembershipRuleCollection is still empty, or seemingly non-existent:
PS C:\Windows\system32> $objGroup
distinguishedName : {CN=NewGroup_More_Dynamic_Users,OU=Sanitize,DC=Sani,DC=Tized}
Path : EDMS://CN=NewGroup_More_Dynamic_Users,OU=Sanitize,DC=Sani,DC=Tized
PS C:\Windows\system32> $objRuleCollection.Add($oBaseIncRule) #Fails - ObjRuleCollection object does not have an "Add"
You cannot call a method on a null-valued expression.
At line:1 char:1
+ $objRuleCollection.Add($oBaseIncRule) #Fails - ObjRuleCollection obje ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
PS C:\Windows\system32> $objRuleCollection.Add($oScndRule) #Fails - ObjRuleCollection object does not have an "Add"
You cannot call a method on a null-valued expression.
At line:1 char:1
+ $objRuleCollection.Add($oScndRule) #Fails - ObjRuleCollection obje ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
PS C:\Windows\system32>
PS C:\Windows\system32> $objGroup.MembershipRuleCollection
PS C:\Windows\system32> $objGroup |GM
TypeName: System.DirectoryServices.DirectoryEntry
Name MemberType Definition
---- ---------- ----------
ConvertDNWithBinaryToString CodeMethod static string ConvertDNWithBinaryToString(psobject deInstance, psobject dnWithBinaryInstance)
ConvertLargeIntegerToInt64 CodeMethod static long ConvertLargeIntegerToInt64(psobject deInstance, psobject largeIntegerInstance)
cn Property System.DirectoryServices.PropertyValueCollection cn {get;set;}
distinguishedName Property System.DirectoryServices.PropertyValueCollection distinguishedName {get;set;}
dSCorePropagationData Property System.DirectoryServices.PropertyValueCollection dSCorePropagationData {get;set;}
groupType Property System.DirectoryServices.PropertyValueCollection groupType {get;set;}
instanceType Property System.DirectoryServices.PropertyValueCollection instanceType {get;set;}
name Property System.DirectoryServices.PropertyValueCollection name {get;set;}
nTSecurityDescriptor Property System.DirectoryServices.PropertyValueCollection nTSecurityDescriptor {get;set;}
objectCategory Property System.DirectoryServices.PropertyValueCollection objectCategory {get;set;}
objectClass Property System.DirectoryServices.PropertyValueCollection objectClass {get;set;}
objectGUID Property System.DirectoryServices.PropertyValueCollection objectGUID {get;set;}
objectSid Property System.DirectoryServices.PropertyValueCollection objectSid {get;set;}
sAMAccountName Property System.DirectoryServices.PropertyValueCollection sAMAccountName {get;set;}
sAMAccountType Property System.DirectoryServices.PropertyValueCollection sAMAccountType {get;set;}
uSNChanged Property System.DirectoryServices.PropertyValueCollection uSNChanged {get;set;}
uSNCreated Property System.DirectoryServices.PropertyValueCollection uSNCreated {get;set;}
whenChanged Property System.DirectoryServices.PropertyValueCollection whenChanged {get;set;}
whenCreated Property System.DirectoryServices.PropertyValueCollection whenCreated {get;set;}
Thanks,
Mike