When a group fails to contain the correct members, access to resources or to a network application could fail. So, ensuring that group membership is correct can go a long way in reducing calls about failures to access resources. One way to ensure that the correct users are located in group is to leverage user properties to place users into the correct groups.
Let’s look at the following example. Say you have an HR application that all HR employees need to be able to access on a daily basis. Users who are members of the HR_App1 group are given this access. You also have a specific task within the HR application which only HR managers should have the ability to access. Users who have membership in the HR_App1_Managers are given this access.
For each of these group memberships, you can rely on the user account properties to give you control over which users should belong to each group.
To configure these group memberships automatically, you can follow a few easy steps in ADManager Plus. First, you need to setup an Automation Policy to add users to the HR_App1 group, which you can see in Figure 1.
Figure 1. Automation Policy to add users to the HR_App1 group.
Now, you need to specify which users will be added to the group. To do this, you setup an automation. The automation will point to the correct Automation Policy from above, as well as which report you want to leverage to select the users. Since we only want the HR employees, we are going to pick the Enabled Users report (to select all user accounts in AD that are active) and then filter based on department, which is HR. You can see what this automation looks like in Figure 2 and what the filter looks like in Figure 3.
Figure 2. Automation to point to the correct Automation Policy and to select which user accounts will be selected.
Figure 3. Report filter to select only the users from HR.
Finally, you select the schedule time at which you want to run the automation.
For our other group, you will setup another Automation Policy and automation; however, for this group membership, you will also specify the user title, which in this case will be HR manager, as shown in Figure 4.
Figure 4. By using the AND option, you can narrow the HR employees to only HR managers.
By leveraging the user account properties, you can be very specific about which users are added to the correct groups. In addition to department and title, you can also use this for OU membership and other properties.
Latest posts by Derek Melber (see all)
- Remove accidental spaces while creating user accounts - March 10, 2017
- Assign the manager attribute automatically when group membership changes - March 2, 2017
- Three neglected password policy tips that increase security - December 29, 2016