The script creates a brand new Group and converts it to Dynamic upon setting the Membership rules.
If the group already exists, remove the "New-QADGroup" command.
This was tested in Active Roles 7.4.1.
NOTE: This is provided "AS IS" and is not supported via One Identity Support.
SCRIPT:
'*********************************************************************************
' THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND,
' EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED
' WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.
'
' IF YOU WANT THIS FUNCTIONALITY TO BE CONDITIONALLY SUPPORTED,
' PLEASE CONTACT ONE IDENTITY PROFESSIONAL SERVICES.
'*********************************************************************************
# First create the group
$GroupName = (New-QADGroup -Name <name> -ParentContainer "<DN of target OU>")
# Grab the DN from the newly created Group
$DN = $GroupName.DN
# Connect to Active Roles object
$objGroup = [ADSI] "EDMS://$DN"
$objRuleCollection = $objGroup.MembershipRuleCollection
$rule1 = New-Object -ComObject "EDSIManagedUnitCondition"
# Change to your Domain
$rule1.Base = "EDMS://DC=domain,DC=com"
#
# Set the Dynamic Group Membership rules here. Note that this must be a valid LDAP filter
#
$rule1.Filter = "(&(objectCategory=computer)(objectClass=computer))"
$rule1.Type=1
$objRuleCollection.Add($rule1)
$objGroup.SetInfo()
'***** END OF CODE ***************************************************************