none
how to manage trust domain user membership to a domain local security group according to a fixed expiration day by script RRS feed

  • Discussione generale

  • Hi,

    I manage users and group in a Windows Server 2008 St SP2 domain  but I’m not administrator of a trust domain; i only can add a user trust domain in a security group of my domain because the trust is unidirectional.

    I need to manage users membership by security group  in my domain to allow several services so only a user who is a member of certain group, can use services (for i.e. Citrix published application).

    Users membership by security group expires at a certain data according to my company policy.

    I'm going to create a powershell script that every day:

    1) removes all user trust domain in a certain domain security Group;

    2) makes a comparison between system date and domain trust users membership expiration day, according to his authorization, reading a database (or file) ;

    3) adds domain trust users to a domain security Group if the above comparison works.

    I remember that i can't manage trust user domain in a full way (i can insert a trust user domain in a domain security Group and i can only read SID by AD Users and Computers ).

    If you have a better idea...

    Can you suggest any examples that helps me to create powershell script.

    My Script must able to read information about user membership from a database (o file) that stores users, services, expiration day of users membership authorization.

    Thanks in advance.

    Guido

     

    • Tipo modificato Anca Popa martedì 25 marzo 2014 14:50 thread inattivo
    mercoledì 19 marzo 2014 18:38

Tutte le risposte

  • Ciao,

    Qui siamo in una community italiana e, come anche le linee guida del nostro forum lo consigliano, scrivendo in italiano ci si capisce meglio. 

    Se preferisci l'inglese puoi aprire una domanda a partire da questa pagina.

    Saluti,


    Anca Popa Follow ForumTechNetIt on Twitter

    Microsoft offre questo servizio gratuitamente, per aiutare gli utenti e aumentare il database dei prodotti e delle tecnologie. Il contenuto viene fornito “così come è” e non comporta alcuna responsabilità da parte dell'azienda.

    giovedì 20 marzo 2014 14:38
  • Ciao Guido,

    dai un'occhiata qui

    http://www.energizedtech.com/2010/02/powershell-adding-users-to-dom.html

    e qui

    http://portal.sivarajan.com/2011/07/add-users-to-grouppowershell-script.html

    Fai sapere.


    Edoardo Benussi
    Microsoft MVP - Directory Services
    edo[at]mvps[dot]org

    lunedì 24 marzo 2014 14:31
    Moderatore