we offer our team leads to manage their teams:
- the manager select "My Team"
- then all member of the team are listed
- the manager selects a member of the team and the defined properties are listed (for example in which group the selected user is a member)
- after click on "Add ..." the manager can select a group ("Please select groups")
But then ALL groups are listed - not only the groups where the manager is defined as owner ("managed by") :o
How can I set such a filter which restricts the groups?
There is no possibility to limit only the groups that can be selected to add the user to. It is only possible to filter all the groups displayed in the Member Of section. For example, if you apply an LDAP filter to show only groups managed by the currently logged on user, in the Member Of section they will be able to see only the groups they own even if the user is a member of other groups too. If this solution meets your needs, follow the instructions below to apply the filter:
ok, than I'll use the filter in the member section.
the solution above works perfect for Self Service. :D
But now i'm "designing" the User View "AD Management" - "Customize Forms and Views".
I created a "member of"section which shows the groups where the user is a member.
In the next step I need a section "Owner (managed by)" which shows the groups where the user is the responsible manager but I despair with the LDAP filter:
(&(objectCategory=group)(managedBy=%distinguishedName%)) shows nothing :evil:
Do we understand correctly that you need to add a section to the page that displays users that will contain objects managed by the user? If that is correct, there is no possibility to filter managed objects, but you can create a section that will contain all the objects managed by the user. To do so:
Perfect, exactly what I was looking for :D :D :D
How can I create a script that does these things For internal audit. objective Even removing all groups of a disconnected user, we will still know which groups the ... in the created group (audit)-sAMAccountName-access add the (user)-sAMAccountName in members
Hello, Is there a way to send an email notification when a user is added to a group dynamically (with LDAP filter) , it's work only when i add the user manually Thank you
Our Help Desk currently 'mirrors' the group membership of a new user based on another existing user in our AD. I'd like to be able to automate this so that the initiator ... and 'paste' it on the new user being created. Any help on this would be appreciated!
My security team is looking to do a security review and would like the vendor to fill out a questionnaire.
We have a business rule that will update an AD attribute when a new member is added to a group. This business rule works when we use powershell commands or the admin console ... set to trigger "After adding a member to a group". Thank you for your support!