• State Suggested Answer
  • Replies 21 replies
  • Answers 1 answer
  • Subscribers 64 subscribers
  • Views 3818 views
  • Users 0 members are here
Options
Related

Dynamic Group - Temp Membership

craig mcfarlane
over 1 year ago

Hi Team. 

Just looking for some suggestions or ideas. We use Dynamic groups based on a VA being set. Our Service Desk select this from the WI. 

We have a couple of Dynamic groups where we want the membership to be removed after 48 hours after the account was added to the group. Now i know i could use a standard group and use the temp membership route but we then loose the ability of our Service Desk team just ticking a box. 

So what i was thinking was that i could have a script that checks the group every few hours and then set the VA back to false. But is there any attribute that tracks when the user was added? or is there a way i could add a time stamp attribute?

Open to other suggestions or ideas?

Parents
  • 0 10 months ago

    Try setting up an "additive" group.  "<GroupName> (Additive)" and set the dynamic group to include members of this "additive" group.  Then setup a change WF that for users added to the additive group that their membership becomes temporal.

    function temporalGroupMembership($request)
    {
    $users = $workflow.SavedObjectProperties("AddedMembers").getEx("member")
    $groupDN = $Request.Get("distinguishedName")

    $time = (Get-Date).AddDays(2).ToUniversalTime() # Modify here for the amount of time.
    $hash = @{}
    $hash.add("ScheduledOperation-SetTime",$time)

    foreach($userDN in $users){
    Remove-QADGroupMember -Identity $groupDN -Member $userDN -Control $hash
    }
    }

  • 0 10 months ago in reply to rob.hager

    This is a good idea and takes advantage of the fact that the membership rules for a dynamic group can include "fixed" (or explicit) members - in this case the "additive" group as suggested.


Reply Children
No Data