Creating Dynamic Groups

Video Tutorial

In this video guide, you will learn in what scenarios you can use Dynamic Groups, how they work, and their basic configuration.

Active Directory Dynamic group configuration with two membership commands: AD Users, when group membership is controlled automatically, and AD members of this group, when the membership of the specified group is controlled manually.

Getting Started

Dynamic Groups begin with the selection of an existing group onto which the rules are applied to control the group's membership. Dynamic Groups do not create groups, they only populate the group according to the configured rules.

There are two types of Dynamic Groups: Active Directory and Office 365. Each Dynamic Group can have:

1. The following Membership rules:

   • Include Query - includes the set of objects that meet a certain condition.

   • Exclude Query - excludes the set of objects that meet a certain condition.

   • Include Objects - includes specific objects that meet a certain condition.

   • Exclude Objects - excludes specific objects that meet a certain condition.

2. Rule Enforce/Schedule section

3. Rule Output section

4. Advanced settings of Dynamic Groups

Each Membership rule includes membership rule commands that define the type of included objects and the conditions these objects must meet. See the Membership Rule Commands for Active Directory and Microsoft 365 Dynamic Groups for Active Directory and Office 365 Dynamic Groups.

Creating a dynamic group

1. Open the Cayosoft Administrator Console.

2. Click NEW+ > Dynamic Group.

   

3. At the top of the object select dialog, select Extension (Active Directory or Microsoft Office 365) and the type of group to be populated. For example, the Active Directory extension is selected.

4. In the Name begins with field, enter the first few letters of the group's name, then click Search.

5. Select the group from the search results.

6. The new Dynamic Group appears and the Membership Rules can now be added.

   

7. If you create a Dynamic Group that is based on the Active Directory group, you can check Add change details to Change History and Execution History to track Dynamic Group changes and scope in the Auditing Cayosoft Administrator with Change History and Execution History.

Adding Membership Rules based on a user attribute value

1. Click Add Membership Rule.

   

2. In the Name field, enter a descriptive name for the rule.

3. Select the memberships type of Include Query or Exclude Query depending on which operation is going to be performed.

4. Click the Add button on the membership rule.

5. Select AD Users. The lower half of the dialog box now displays the query configuration.

6. Click the picker button to the right of the Query Criteria field.

7. Click Add Condition.

8. Enter the attribute name, condition operator, and value that must be met for the rule to include or exclude a user

9. Click OK. You will see your criteria show in the Query Criteria field.

10. Click OK.

11. Click Save Changes.

12. Click the Preview to verify the correct users are returned by the query.

Schedule the Dynamic GroupRule

1. In the Enforce/Schedule section click Enable.

2. From the options displayed, select the settings that will determine when you want to run the Dynamic Group's rule and update memberships

3. Click Save.

Creating a Runbook out of existing Dynamic Groups

When you need to run Dynamic Groups in a certain order and you don't want to configure schedules for each Dynamic Group separately, you can create a Runbook out of existing Dynamic groups:

1. In the Cayosoft Administrator Console, click on the New button on the top and select Runbook:

2. Provide a name and a folder for the Runbook.

3. Once it is created, select Link to existing from inside the Sequence section of the created Runbook:

4. Select the Dynamic Groups you want to include in this runbook.

5. Schedule Runbook as required.