Creating a Dynamic Group in Active Directory with users from a OU

active-directorydynamicgroups

I would like to create a dynamic group with users from a specific OU in my Active Directory. I can do this perfectly using Exchange Dynamic Distribution List, but of course, Ex DDL's are only for mail.

There's any way to create this? I've found some guides using System Center to handle this, but System Center isn't an option.

Thanks in advance,

Best Answer

There is no such thing as a Dynamic Security Group in Active Directory, only Dynamic Distribution groups.

To accomplish this, I think the most viable option would be to have a Powershell script determining who are in the given OU and updating the security group accordingly, maybe like this:

Import-Module ActiveDirectory
$groupname = PseudoDynamicGroup
$users = Get-ADUser -Filter * -SearchBase "ou=desiredUsers,dc=domain,dc=tld"
foreach($user in $users)
{
  Add-ADGroupMember -Identity $groupname -Member $user.samaccountname -ErrorAction SilentlyContinue
}
$members = Get-ADGroupMember -Identity $groupname
foreach($member in $members)
{
  if($member.distinguishedname -notlike "*ou=desiredUsers,dc=domain,dc=tld*")
  {
    Remove-ADGroupMember -Identity $groupname -Member $member.samaccountname
  }
}

Best Answer

Related Solutions

Active directory group with members from multiple domains

Powershell – Exclude email address/recipient from Exchange 2010 dynamic distribution group

Related Topic