Update group membership by jobCode

Question

We found this script for updating group membership by department: http://www.adaxes.com/script-repository ... t-s403.htm

However we would like it to be based off of jobCode instead. Also it is this is a department template, how would we create those?

Answer 1

Hello,

You will need to update the following lines:

$departmentProperty = "department"

Replace department with the LDAP name of the property that will be used for the group names template.

$groupNameTemplate = "Department_{0}_"

Replace Department_{0}_ with the required template for group names.

Also you can update warnings depending on the property used for the group names template. For example:
Replace There is no group for department '$department' with There is no group for Job Code '$department'.

Comments

How do we specify the groupNameTemplates?

---

Hello,

The {0} placeholder in the template will be replaced with the value of the property specified by $departmentProperty. For example: if the template is JobCode_{0} and Job Code is ITStaff, the result will be JobCode_ ITStaff.

---

ok, maybe i mis understood the groupNameTemplate. We have anywhere from 3-33 groups for specific jobCodes. We would like to add and remove them based on the jobCode changing. Would this need to be accomplished through another way?

---

Hello,

Could you specify the relation between groups and Job Codes? Describe the process of adding users to groups in as much detail as you can.

---

We are looking for a way to add several AD groups to a user based on the jobCode being changed. For example:

When we change jobCode 01000 we want the following groups added to the account VPN Users, Internet group and PW group.

We looked at property patterns but did not see a way to add groups, everything else looks like it will change through the property pattern though.

---

Hello,

As a solution we suggest adding all the necessary jobCodes into one of extension attributes (e.g. extensionAttribute1) for each group. PowerShell script will add the user to all groups that have the corresponding jobCode in the extension attribute.

Alternatively, you can enter a list of groups for each jobCode into the script that we will write for you. This solution will require script update each time relations between groups and jobCodes change.

---

Thank you Support2 for the response, what would be the maximum extension attributes allowed? I can envision when i get started on this completed 500 different extension attributes for the various jobCodes we have in the company. There are some overlaps but we will still be north of 250 to start.

---

Hello,

The first 13 extension attributes have a length of 1024 characters, Extension Attributes 14 have 15 have lengths of 2048 characters.

The extension attribute of each group will not need to contain all the Job Codes. You will need to enter only Job Codes of users that should be added to the group.

---

I still don't get how the jobCodes would translate to the necessary groups associated with the jobCode. Do you have sample script i could look at?

---

Hello,

Sorry for the confusion.

You will need to enter the Job Codes to the extension attribute of each group manually.

---

Ok, so if i am reading this correctly. For every group we use we need to add the appropriate job Codes to an attribute on that specific group ID.

We were hoping to be able to add it to a property pattern instead however we dont see the option to add memberOf fields.

---

Hello,

Ok, so if i am reading this correctly. For every group we use we need to add the appropriate job Codes to an attribute on that specific group ID.

Yes, that is correct.

We were hoping to be able to add it to a property pattern instead however we dont see the option to add memberOf fields.

There is no possibility to achieve what you want using property patterns.