MemberOf Approval Workflow?

Would like to initiate an approval if a large group (like domain users) is being added as a member of a group (limit certain group nesting conditions).

Parents
  • Was thinking about this - you could populate a virtual attribute on groups that you consider large and look for the contents of attribute in the start conditions of your workflow that is reacting to a group being added to a group.  For example,  edsvaIsLargeGroup = TRUE.

    If you wanted to get really elaborate, you could even have a scheduled Automation Workflow that goes out periodically and "scans" your AD groups to find the ones that meet your criteria of large - for example, those with more than 100 members and automatically "tags" them as I have suggested above.   You would just need a little bit of Powershell code to supply the member counts to the Automation Workflow but the rest could be codeless - i.e. relying only on built-in workflow Activities.

    Just some food for thought.

Reply
  • Was thinking about this - you could populate a virtual attribute on groups that you consider large and look for the contents of attribute in the start conditions of your workflow that is reacting to a group being added to a group.  For example,  edsvaIsLargeGroup = TRUE.

    If you wanted to get really elaborate, you could even have a scheduled Automation Workflow that goes out periodically and "scans" your AD groups to find the ones that meet your criteria of large - for example, those with more than 100 members and automatically "tags" them as I have suggested above.   You would just need a little bit of Powershell code to supply the member counts to the Automation Workflow but the rest could be codeless - i.e. relying only on built-in workflow Activities.

    Just some food for thought.

Children
No Data