How to change membership in groups based on attributes of users in AD automatically

  • Section(s): Active Directory
  • Created on May 03, 2006.
  • Last Modified on Jun 01, 2006.
  • Last Modified by Rostislav Soukup.
  • Rated 3 out of 5 based on 2 votes.
If your company has a complicated structure, you may need to filter members of your security or distribution groups automatically based on changes to some attribute of users in Active Directory – let's say Department.

If your company has a complicated structure, you may need to filter members of your security or distribution groups automatically based on changes to some attribute of users in Active Directory – let's say Department.

There is a simple way how to do it: create a grp.txt file whose content would be names of departments, and second a changemembership.bat file in the same path, where inside would be:

FOR /F %%i in (grp.txt) do dsquery * domainroot -filter "(&(objectCategory=user)(department=%%i))" | dsmod group "CN=%%i,ou=Distribution Lists,dc=company,dc=com"

chmbr Prerequisities: your group name must be the same as name of your department (customize rest of CN path as you require), or you need to think another way to associate your users with groups. I want just to show you the capability of AD in right usage.

Article not looking right or info is missing? Let us know so that we can fix it: .


Receive all the latest articles by email!

Receive Real-Time & Monthly WindowsNetworking.com article updates in your mailbox. Enter your email below!
Click for Real-Time sample & Monthly sample

Become a WindowsNetworking.com member!

Discuss your network issues with thousands of other network administrators. Click here to join!

Community Area

Log in | Register

Readers' Choice

Which is your preferred Anti Virus Appliance solution?