AD Users | Add Users to Groups By OU
Rule description
This rule allows you to query Active Directory for user accounts based on their membership in specific Organizational Units (OUs) and add them to a designated Active Directory group. This rule is useful for managing user group membership dynamically and ensuring that users are consistently placed in the correct groups based on their location within the directory structure.
You can configure the query to target users within a specific OU, and the rule will automatically add these users to the selected group, ensuring that group membership stays up to date with the changes in the organizational structure.
When to use this rule
Use this rule when you need to automate group management based on OU membership. This rule is ideal for scenarios where user groups need to reflect the organizational hierarchy or department structure in Active Directory.
The rule is particularly useful in the following scenarios:
Department-Based Grouping: Automatically add users to department-specific groups based on their OU membership.
Access Control: Use group membership for controlling access to resources like file shares or applications. The rule ensures that users in specific OUs are consistently added to the correct security or distribution groups.
Dynamic Group Management: Simplify the management of dynamic groups by ensuring users are automatically added or removed from groups as they are moved between OUs in the Active Directory.
Rule settings
Query section
| Setting name | Description |
|---|---|
Limit scope to this domain or OU |
This setting defines the search query scope. To improve query performance, limit the scope to a specific OU. IMPORTANT: To test the rule configuration, limit the rule scope to an OU that contains test accounts or objects and use the Preview feature. |
Query criteria |
Query criteria are sent with the query and may improve query performance. TIP: For additional information on the criteria builder, see the How to use Query Builder dialog for Query Criteria and Filter rule settings. |
Select Data Source |
Specify the text file to be imported. The […] (three dots) button allows the user to browse for the file and the Create/Edit button allows the creation or editing of the existing file in the built-in Data Source editor. |
Separator used in file |
Specify the separator used in the source CSV file. |
Enabled |
Select the checkbox to enable the rule. |
Other Query Settings | |
| Filter | Select filter conditions, if needed. |
Action section
This section allows selecting Active Directory groups to include in the rule based on various conditions. This dialog is designed to make it easier to filter and locate specific groups within Active Directory, ensuring accurate and efficient rule configuration.
Users can refine their selection by applying the following filters:
- Name begins with: Filter groups by specifying a prefix. This option returns only the groups whose names begin with the provided characters.
- Group Type: Narrow down the selection based on the type of the group, such as Security groups, Distribution groups, or both.
- Search in (default domain): Select the specific domain in which the group resides, ensuring the correct domain is targeted in multi-domain environments.
- Additional Filters: You may also apply other filters to further narrow the selection, such as by specific group attributes or properties.
Output section
This section defines the output format of this rule.
To get more information about this section, please see the Rule Output section article.
Enforce/Schedule section
This section defines the schedule for how often to run the rule.
To get more information about this section, please see the Rule Enforce/Schedule section article.
Comments
0 comments
Please sign in to leave a comment.