Skip to main content

Articles in this section

Print

AD Computers | Add to groups based on Dynamic Attributes

  • Updated

AD Computers | Add to groups based on Dynamic Attributes

Rule description

This rule adds Active Directory computers to Active Directory groups based on specified attributes.

When to use this rule

Use this rule to add Active Directory computers to Active Directory groups based on specified attributes. It can be used by itself or as a post-rule for the New Computer and Computer Properties web actions.

Rule settings

Query section

Setting name Description

Limit scope to this domain or OU*

This setting defines the search query scope. To improve query performance, limit the scope to a specific OU.

IMPORTANT: To test the rule configuration, limit the rule scope to an OU that contains test accounts or objects and use the Preview feature.

Query criteria*

Query criteria are sent with the query and may improve query performance.

TIP: For additional information on the criteria builder, see the How to use Query Builder dialog for Query Criteria and Filter rule settings.

Filter*

Set the filtering conditions to hide unwanted data based on criteria not supported in the Query criteria setting.

Example: filter by the found object Distinguished Name.

TIP: For optimal performance, use the Query criteria setting above to filter objects whenever possible.

Properties to display*

Define the object properties to display in the output file.

Computer filters

Last Active Directory logon (days ago) Specify the number of days for the last Active Directory logon.
Operating system Specify the operating system.
Minimum account age (days) Specify the number of days for the minimum account age.
Account state

Specify the account state:

  • Any

  • Enabled

  • Disabled

Other query settings

System properties

List of properties required for this rule to be executed correctly.
LDAP filter

Set the filtering conditions to only return objects or data that must be processed by the rule. This filter will override the Query criteria setting.

Sort by

Specify the property to sort the resulting list of objects by.

Initialization script

Script

Usually, rules use query criteria to limit the query search scope. It improves the performance of the executed rule.

Due to the PowerShell limitations, it is not possible to use calculated expressions in query criteria. That is the point where the initialization script can help. You can initialize a global variable in this setting and then use it in query criteria.

IMPORTANT: To use a variable, declared in the initialization script, in the query scope, it must be global: $global:<variable name>.

Example: Update AD users, created in the last ten days.

  1. Add this initialization script

    Copy
    {$global:DatePeriod = (Get-Date).AddDays(-10)}

  2. Use the $DatePeriod variable in the query criteria builder:

Action section

Setting name Description
Target group(s) selection mode

Select the mode to define target groups:

  • Select group(s) directly

    IMPORTANT: Define the groups manually using the Selected groups setting.

  • Select group(s) dynamically based on attribute mapping in a CSV file

  • Select group(s) based on the naming convention template
Action 

Select the action to execute on the computers returned by the query:

  • Add to selected groups - add computers in the rule scope to the groups specified in the Group names setting. 

  • Add to selected groups and clear membership in all other groups - add computers in the rule scope to the groups specified in the Group names setting and remove from all other groups in which they are added.

  • Remove only from selected groups - remove computers in the rule scope from the groups specified in the Group names setting.

  • Enforce CSV mapping (applies only to dynamic mapping mode):

    • CSV file has two columns: Department and Group DN.

    • When this rule action is used, computers in the rule scope will be mapped by the Department and added to the corresponding groups from the Group DN column.

    • Also, computers will be removed from all other groups specified in the Group DN column, where the Department value is different and can not be mapped.
Selected groups

This setting is used only for Select groups directly mode.

Specify the distinguished names of the groups separated by ';' or click '...' to select them from Active Directory.
Dynamic mapping from file settings 
Data source

Specify the text file to be imported.

The […] (three dots) button allows the user to browse for the file and the Create/Edit button allows the creation or editing of the existing file in the built-in Data Source editor.
Separator used in file 

Specify the separator used in the source CSV file.
AD computer anchor attribute

Specify an AD Computer attribute.

For each object returned by the query, the selected attribute value will be used to map the object with the selected data source anchor.

NOTE: It is possible to use msExchExtensionCustomAttribute1..5 multi-valued attributes. In this case, rows in the CSV file will be matched with each value in this attribute.
CSV anchor match column Select the CSV column that contains the values that will be matched to the AD anchor attribute values.
AD group match column Select the CSV file column containing the AD selected groups DistinguishedName, Name, or objectGUID. 
Select group by naming convention settings
Selected groups name template This setting is used only for the "Match group based on naming convention" selection mode. You can use the expression builder to specify a group name template that can use a computer property in the name instead of specifying group names directly.  
Advanced Settings
Always keep in these groups Specify the distinguished names of the groups separated by ;. Computers will not be removed from these groups.
More options
Write Change History

Define logging behavior when you use the rule:

  • Always. Log changes to objects every time you run the rule.

  • For post-action scenarios only. Log changes to objects every time the rule is used as a post-action rule.

  • Never. Do not log changes to objects made using the rule.

The default behavior is defined in Configuration > Settings > Change History.

Output Section

This section defines the output format of this rule.

To get more information about this section, please see the Rule Output section article.

Enforce/Schedule Section

This section defines the schedule for how often to run the rule.

To get more information about this section, please see the Rule Enforce/Schedule section article.

Change History

Version Notes
13.1 The Write Change History setting has been added.

© Copyright 2013-2026 Cayosoft Inc. All rights reserved.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request
Return to top

Related articles

Comments

0 comments

Please sign in to leave a comment.