• State Suggested Answer
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 62 subscribers
  • Views 1428 views
  • Users 0 members are here
Options
Related

Most efficient way exclude dynamic groups from policy script

mpemba
over 3 years ago

I'm trying to figure out the easiest way to exclude dynamic groups from my policy scripts.

My goal is to exclude dynamic groups from policy scripts I have in place that restrict access.

I tried this first:

#Close out if dynamic group
$groupName = $DirObj.Get("Name")
dynamicGroup = (get-qadgroup $groupName -DontUseDefaultIncludedProperties -IncludedProperties edsadgconditionslist).edsadgconditionslist
if ($dynamicGroup) {return}

I thought this would be less expensive

#Close out if dynamic group
$DirObj.GetInfoEx(@("accountNameHistory"), 0)
$dynamicGroup = $DirObj.Get("accountNameHistory")
if ($dynamicGroup){return}

At the beginning of my script I have:

if($Request.Class -ne "group"){return}

I'd like the next line to be

if (group is dynamic group){return}

Parents
  • 0 over 3 years ago

    Man I'm a big believer in naming conventions so a prefix (or suffix) like "DG".  That way you don't have to worry about whether the property you are examining is in the default property set or not (and a result, you get better performance because you aren't making any secondary calls to get some other property).

    My two cents...

Reply
  • 0 over 3 years ago

    Man I'm a big believer in naming conventions so a prefix (or suffix) like "DG".  That way you don't have to worry about whether the property you are examining is in the default property set or not (and a result, you get better performance because you aren't making any secondary calls to get some other property).

    My two cents...

Children