Rule description
This rule allows you to query Active Directory for user accounts based on their membership in specific Organizational Units (OUs) and add them to a designated Active Directory group. This rule is useful for managing user group membership dynamically and ensuring that users are consistently placed in the correct groups based on their location within the directory structure.
You can configure the query to target users within a specific OU, and the rule will automatically add these users to the selected group, ensuring that group membership stays up to date with the changes in the organizational structure.
When to use this rule
Use the AD Users | AD Users to Group by OU rule when you need to automate group management based on OU membership. This rule is ideal for scenarios where user groups need to reflect the organizational hierarchy or department structure in Active Directory.
The rule is particularly useful in the following scenarios:
- Department-Based Grouping: Automatically add users to department-specific groups based on their OU membership.
- Access Control: Use group membership for controlling access to resources like file shares or applications. The rule ensures that users in specific OUs are consistently added to the correct security or distribution groups.
- Dynamic Group Management: Simplify the management of dynamic groups by ensuring users are automatically added or removed from groups as they are moved between OUs in the Active Directory.
Rule Settings
Query Section
Setting name | Description |
---|---|
Limit scope to this domain or OU |
This setting defines the search query scope. To improve query performance, limit the scope to specific OU.
Important: To test rule configuration, limit the rule scope to an OU that contains test accounts or objects.
|
Query criteria |
Query criteria are sent with the query and may improve query performance.
Tip: For different samples on the criteria builder, see How to use Query Builder dialog for Query Criteria and Filter rule settings.
|
Select Data Source |
Select a data source from the list of Cayosoft predefined templates using the ... (three dots) button or create your list by clicking Create. |
Separator used in file |
Specify the separator used in the file. For the description of possible formats, please see Add group members from file article. |
Enabled |
Select the checkbox to enable the rule. |
Other Query Settings |
|
Filter | Select filter conditions, if needed. |
Action Section
This section allows selecting Active Directory groups to include in the rule based on various conditions. This dialog is designed to make it easier to filter and locate specific groups within Active Directory, ensuring accurate and efficient rule configuration.
Users can refine their selection by applying the following filters:
- Name begins with: Filter groups by specifying a prefix. This option returns only the groups whose names begin with the provided characters.
- Group Type: Narrow down the selection based on the type of the group, such as Security groups, Distribution groups, or both.
- Search in (default domain): Select the specific domain in which the group resides, ensuring the correct domain is targeted in multi-domain environments.
- Additional Filters: You may also apply other filters to further narrow the selection, such as by specific group attributes or properties.
Output Section
This section defines the output format of this rule.
To get more information about this section, please see the Output section article.
Enforce/Schedule section
This section defines the schedule for how often to run the rule.
To get more information about this section, please see the Enforce/Schedule section article.
Comments
0 comments
Article is closed for comments.