Is there a way to copy the rules of a ‘Membership type = rule-based’ group and add them to another group?

We would like to use a script to copy the rules of a ‘Membership type = rule-based’ group and add them to another group. Is this possible? Do you have a script available?

Thanks

ago by (360 points)
ago by (16.2k points)
0

Hello,

To better understand the requirements, please specify the following:

  • What should be done if the target group is not a rule-based one? Should the script change the membership type of the target group to rule-based?
  • What should be done if the target group already has membership rules configured? Should the copied rules overwrite the existing rules?
  • Should the update schedule of the source group be copied to the target group?
ago by (360 points)
0

Hello, I already have a code that checks whether the target group is rule-based or not, and changes this if necessary. It also adjusts the schedule time. It would be great if the custom command allowed you to choose whether the new rules should be added or overwritten. Do you have a code for both?

Many thanks

1 Answer

ago by (16.2k points)
0 votes

Hello,

Thank you for specifying. Please, find the script below. It must be executed in a custom command configured for the Group object type. The script copies membership rules from the group specified in the custom command parameter to the group on which the command is executed. In the script:

  • $sourceGroupParameterName – Specifies the name of the directory object picker parameter used to select the source group. The name must start with the param- prefix.
  • $addOrReplaceParameterName – Specifies the name of the drop-down list parameter used to specify whether the source group membership rules will be added to the target group, or will replace the existing rules. The name must start with the param- prefix. The parameter must have two items with the following values:
    • Add
    • Replace

image.png

$sourceGroupParameterName = "param-SourceGroup" # TODO: modify me
$addOrReplaceParameterName = "param-AddOrReplace" # TODO: modify me

# Get parameter values
$addOrReplace = $Context.GetParameterValue($addOrReplaceParameterName)
$sourceGroupDN = $Context.GetParameterValue($sourceGroupParameterName)

# Bind to the source group
$sourceGroup = $Context.BindToObjectByDN($sourceGroupDN)

# Check if source group is rule-based
if($sourceGroup.MembershipType -ne "ADM_GROUPMEMBERSHIPTYPE_RULEBASED")
{
    $Context.Cancel("The source group is not rule-based")
    return
}

# Check if target group is rule-based
if($Context.TargetObject.MembershipType -ne "ADM_GROUPMEMBERSHIPTYPE_RULEBASED")
{
    $Context.Cancel("The target group is not rule-based")
    return
}

switch ($addOrReplace)
{
    "Add"
    {
        # Get target group membership rules collection
        $targetGroupRules = $Context.TargetObject.MembershipRules

        # Add source group rules to the collection
        foreach($rule in $sourceGroup.MembershipRules)
        {
            $targetGroupRules.Add($rule)
        }

        # Update target group membership rules collection
        $Context.TargetObject.MembershipRules = $targetGroupRules
    }
    "Replace"
    {
        $Context.TargetObject.MembershipRules = $sourceGroup.MembershipRules
    }
}

# Save the changes
$Context.TargetObject.SetInfo()

Related questions

Is there a way to copy group membership of selected user and make a new user a member of those same groups?

Our Help Desk currently 'mirrors' the group membership of a new user based on another existing user in our AD. I'd like to be able to automate this so that the initiator ... and 'paste' it on the new user being created. Any help on this would be appreciated!

asked Apr 21, 2020 by RayBilyk (260 points)
0 votes
1 answer
Is there a way to add group managed service accounts, GMSA, to rule based groups?

When setting up a rule based group, GMSA objects are not visible. Is there a setting or view I need to add to make these availabe to rule based groups, or is it simply not an option?

asked Sep 16, 2024 by ajmilic (130 points)
0 votes
1 answer
Is there any way to add a warning when adding a group member that is already part of the group?

Is there any way to add a warning message when someone tries to add a group member that already is member? Checked config but found nothing related. Added a new member that ... the group and there is no warning, and the logs show that the task was completed.

asked Jul 9, 2024 by lramirez (20 points)
0 votes
1 answer
Is there a way to update a group membership rule base through my rest API?

I am trying to build a custom command to add a specific user to a rule based group in adaxes and I am curious if it is something we can use the API to complete?

asked Mar 7 by Brian (40 points)
0 votes
1 answer
Is there a way to copy users and preserve all group memberships across all domains?

We have users with group memberships in multiple domain. All groups are type Universal. For example we have DOMAIN A and child domains for each dept, such as ... group memberships during user account copy, including memberships from other domains? Thank you,

asked Sep 10, 2020 by maliguinem (20 points)
0 votes
0 answers