• Products
    • View all products
    • Free trials
  • Solutions
    • All Solutions
    • All Integrations
  • Resources
    • All Resources
    • Learning Hub
  • Trials
  • Support
    • Support Home
    • By Product
      • All Products
      • Active Roles
      • Authentication Services
      • Cloud Access Manager
      • Defender
      • Identity Manager
      • Password Manager
      • Safeguard
      • Starling Identity Analytics & Risk Intelligence
      • Starling Two-Factor Authentication
      • TPAM Appliance
    • Contact Support
      • Overview
      • Customer Service
      • Licensing Assistance
      • Renewal Assistance
      • Technical Support
    • Download Software
    • Knowledge Base
    • My Account
      • My Products
      • My Service Requests
      • My Licenses
      • My Groups
      • My Profile
    • Policies & Procedures
    • Professional Services
    • Technical Documentation
    • One Identity University
    • User Forums
    • Video Tutorials
  • Partners
    • Overview
    • Partner Circle Log In
    • Become a Partner
    • Find a Partner
    • Partner Community
  • Communities
    • Home
    • Blogs
      • Blogs A to Z
      • One Identity Community
      • AD Account Lifecycle Management
      • Cloud
      • Identity Governance & Administration
      • Privileged Access Management
      • syslog-ng Community
    • Forums
      • All Product Forums
      • Active Roles
      • Identity Manager
      • Password Manager
      • Safeguard
      • Unix Access Management
    • Social Networks
      • Facebook
      • LinkedIn
      • Twitter
      • YouTube
One Identity Community
One Identity Community
  • Site
  • User
  • Site
  • Search
  • User
Active Roles Community
Active Roles Community
Wiki Create Group Membership AutoProvisioning policy
  • Forum
  • Ideas
  • Wiki
  • More
  • Cancel
  • New
  • -Active Roles Script Center
    • +Active Roles Script Policy Best Practices
    • Active Roles SDK
    • +C#
    • +JavaScript
    • +PowerShell
    • -VBScript
      • VBScript Library source code
      • -VBScript samples
        • A Managed Unit with users which have not logged on for last 90 days
        • Adjust the case of usernames to title case (first letter of each part of the name)
        • Advanced group creation/provision
        • Advanced shared folder creation
        • Bulk policy incompliance fixing
        • Check unique value of an attribute
        • +Computer management
        • +Exchange management
        • Function that converts regular date into integer8 format
        • Get effective policy info list
        • -Group management
          • Convert a normal group to a dynamic group - Option 1
          • Convert a normal group to a dynamic group - Option 2
          • Create Group Membership AutoProvisioning policy
          • How to convert Query-based Distribution Group to Active Roles Dynamic Group
          • Notify member upon expiration of his membership in group
          • Script Policy to check group members when they are added to or removed from a group
          • Set Group Ownership upon any Modification
        • How to find a request source in script policy
        • How to send emails based on scripts policy parameters and Virtual Attribute values
        • +Permissions Management
        • Policy incompliance reporting & fixing for specified policy
        • Populate values from a SQL database to an AD Attribute
        • Prevent copying an attribute on user copy
        • Prohibite a permission propagation to AD
        • Prohibite an AD native security editing
        • Read large integer date attributes and display them in date and time readable format
        • Read XML Node text or attribute value
        • Read XML Node with Children into DictionaryObject
        • Standalone script that requests built-in password generation policy
        • +User management
        • Validate moving operations
        • +VBScript: Approval

Create Group Membership AutoProvisioning policy

DESCRIPTION

This script demonstrates how to create a Group Membership AutoProvisioning policy. The Group Membership AutoProvisioning policy adds members to groups when member attributes satisfy policy condition.

The script contains the AddGroupMembershipPolicy function. This function accepts these parameters:

  • strPolicyObjectDN - The DN of policy object to add Group Membership AutoProvisioning policy to
  • strAttributeLDAPName - The LDAP name of attribute to define policy condition of <attribute> <equals> true. For more conditions please refer to the EDS_APE_PARAM_CONDITION article in the Active Roles SDK
  • strGroupDN - The DN of a group to add user objects when they match a policy condition.

SCRIPT

'*********************************************************************************

' THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND,

' EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED

' WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.

'

' IF YOU WANT THIS FUNCTIONALITY TO BE CONDITIONALLY SUPPORTED,

' PLEASE CONTACT ONE IDENTITY PROFESSIONAL SERVICES.

'*********************************************************************************

Sub AddGroupMembershipPolicy (strPolicyObjectDN, strAttributeLDAPName, strGroupDN)

' Function adds policy entry of type "member of policy" to policy object referenced by strPolicyObjectDN

' Policy condition is set to "strAttributeLDAPName <equals> True"

' Group to add objects to is referenced by strGroupDN

Dim oGroup: Set oGroup = GetArsObject(strGroupDN) ' GetObject("EDMS://" & strGroupDN)

Dim oOctet: Set oOctet = CreateObject("AelitaEDM.EDMOctetString")

oOctet.Set oGroup.GUID

Dim guid: guid = oOctet.GetGuidString()

Dim oPolicy: Set oPolicy = GetArsObject(strPolicyObjectDN) ' GetObject("EDMS://" & strPolicyObjectDN)

Dim oApe: Set oApe = oPolicy.CreatePolicyEntry

oApe.Type = 51 ' 0x33 Group Membership AutoProvisioning

AddPolicySetting oApe, 1, "Provisioning policy failure. The 'Group Membership AutoProvisioning' policy encountered an error."

AddPolicySetting oApe, 50, "user"

AddPolicySetting oApe, 57, "Automatically adds or removes specified objects from specified groups"

AddPolicySetting oApe, 68, 1

AddPolicySetting oApe, 83, guid

AddPolicySetting oApe, 84, 0

AddPolicySetting oApe, 85, "<PolicyCondition Version=""1.0""><Item attrName=""" & _

strAttributeLDAPName & """ operator=""=="" linkID=""and"">True</Item></PolicyCondition>"

AddPolicySetting oApe, 203, 0

oPolicy.AddPolicyEntry oApe

oPolicy.SetInfo

Set oApe = Nothing

Set oPolicy = Nothing

Set oOctet = Nothing

Set oGroup = Nothing

End Sub

Sub AddPolicySetting (oApe, SettingID, Value)

' WScript.Echo("SET: " & SettingID)

Dim apeSet: Set apeSet = oApe.CreatePolicySetting

apeSet.SettingID = SettingID

apeSet.Value = Value

oApe.AddPolicySetting apeSet

Set apeSet = Nothing

End Sub

Function GetArsObject(dn)

Dim server: server = "ME64-ars.ME64.msk.qsft"

Dim login: login = "ME64\Administrator"

Dim password: password = "kuku01"

Dim EDMS: Set EDMS = GetObject("EDMS:")

Dim path: path = "EDMS://" & server & "/" & dn

' WScript.Echo path

Set GetArsObject = EDMS.OpenDSObject(path, login, password, 32768)

Set EDMS = Nothing

End Function

'***** END OF CODE ***************************************************************

  • Script Center
  • Script Center: VBScript
  • Share
  • History
  • More
  • Cancel
Related
Recommended
  • Company
    • About Us
    • Buy
    • Careers
    • Contact Us
    • News
  • Resources
    • Blogs
    • Customer Stories
    • Documents
    • Events
    • Videos
  • Support
    • Professional Services
    • Renew Support
    • Technical Support
    • One Identity University
    • Support Service
  • Social Networks
    • Facebook
    • Instagram
    • LinkedIn
    • Twitter
    • YouTube
  • © 2025 One Identity LLC. ALL RIGHTS RESERVED.
  • Legal
  • Terms of Use
  • Privacy
  • Community Feedback & Support
  • Cookie Preference Center