locked
dynamic to security group creation RRS feed

  • Question

  • I couldn't find Exchange 2007 discussion forum so I hope this is OK to ask this question here...

    I have a security system (for access ID security badges) that is able to query AD Security Groups to assign certain permission to each user.  We need to identify 10 mouth employees.  These employees AD accounts are in several diferent OU's so I created a query based dynamic distribution group for 10 month employees..  However, our security system cannot see dynamic distribution groups.  Can anyone think of a way how I can make a security group from this dynamic distribution group?  Maybe something like a script to export users from the Dynamic group  I haven't tried anything yet hoping someone out there has had the need for something like this already.  thanks


    me


    • Edited by Strensnik2 Wednesday, June 10, 2015 1:20 PM
    Wednesday, June 10, 2015 1:19 PM

Answers

  • Hi,

    If you want to export the members of the Dynamic Distribution group, please run:
    $Group1 = Get-DynamicDistributionGroup “DDG1”
    Get-Recipient -RecipientPreviewFilter $Group1.RecipientFilter | select Name,RecipientType | Export-csv C:\members.csv

    Then we can create a security distribution group:
    New-DistributionGroup -Name "10 month employees" -OrganizationalUnit "contoso.com/Users" -Type "Security"

    And add group members to this security group:
    Import-CSV "C:\members.CSV" | ForEach-Object {Add-DistributionGroupMember -Identity "10 month employees" -Member $_.name}

    Now, you can check the security group "10 month employees" properties in ADUC.

    Regards,


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Winnie Liang
    TechNet Community Support

    • Proposed as answer by strensnick Thursday, June 11, 2015 6:53 PM
    • Marked as answer by Strensnik2 Tuesday, June 16, 2015 11:16 AM
    Thursday, June 11, 2015 6:32 AM

All replies

  • Not sure if this is what you're looking for:

    https://github.com/davegreen/shadowGroupSync

    Not a conversion of your DL to a security group, but looks like it might accomplish the same goal.


    Remember to mark as helpful if you find my contribution useful or as an answer if it does answer your question.

    Wednesday, June 10, 2015 3:00 PM
  • Hi,

    If you want to export the members of the Dynamic Distribution group, please run:
    $Group1 = Get-DynamicDistributionGroup “DDG1”
    Get-Recipient -RecipientPreviewFilter $Group1.RecipientFilter | select Name,RecipientType | Export-csv C:\members.csv

    Then we can create a security distribution group:
    New-DistributionGroup -Name "10 month employees" -OrganizationalUnit "contoso.com/Users" -Type "Security"

    And add group members to this security group:
    Import-CSV "C:\members.CSV" | ForEach-Object {Add-DistributionGroupMember -Identity "10 month employees" -Member $_.name}

    Now, you can check the security group "10 month employees" properties in ADUC.

    Regards,


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Winnie Liang
    TechNet Community Support

    • Proposed as answer by strensnick Thursday, June 11, 2015 6:53 PM
    • Marked as answer by Strensnik2 Tuesday, June 16, 2015 11:16 AM
    Thursday, June 11, 2015 6:32 AM
  • Thanks B0ndoo7, that script almost would work except I need to select specific users from several OU's based on attribute field content.
    • Edited by strensnick Thursday, June 11, 2015 9:35 PM
    Thursday, June 11, 2015 6:37 PM
  • Perfect. Thanks.

    I added the SAMAccountName so not to be prompted for user input so the command to create the new distribution group now looks like this:

    New-DistributionGroup -Name "10 month employees" -OrganizationalUnit "contoso.com/Users" -SAMAccountName "10MonthEmployees" -Type "Security"

    I will not try to automate this...

    • Proposed as answer by strensnick Thursday, June 11, 2015 6:53 PM
    Thursday, June 11, 2015 6:53 PM
  • Hi Strensnik2,

    Any updates for this issue?

    Have you tried my suggestions?

    Regards,


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Winnie Liang
    TechNet Community Support

    Tuesday, June 16, 2015 5:26 AM