Hello,
Unfortunately it is impossible to do it with the help of Security Roles. However, you can control the type of group members using Business Rules:
-
Create a Business Rule that is triggered before adding a member to a group.
-
Add Run a program or PowerShell script action to the Business Rule.
-
Enter the following PowerShell script for the action:
Import-Module Adaxes
$Context.GetModifiedPropertyValues("member") | Get-AdmObject | Foreach-Object { if ($_.ObjectClass -ne "user") {$Context.Cancel("Only users can be added to the group.")} }
Please note: to use this script, you need to install the Adaxes PowerShell Module on the computer, where the Adaxes service is running. Adaxes PowerShell Module is installed with the same installation package as used to install Adaxes service.
-
Add conditions for the action. For example:
For more details, please see Validate/Modify User Input Using a Script.