• Products
    • View all products
    • Free trials
  • Solutions
    • All Solutions
    • All Integrations
  • Resources
    • All Resources
    • Learning Hub
  • Trials
  • Support
    • Support Home
    • By Product
      • All Products
      • Active Roles
      • Authentication Services
      • Cloud Access Manager
      • Defender
      • Identity Manager
      • Password Manager
      • Safeguard
      • Starling Identity Analytics & Risk Intelligence
      • Starling Two-Factor Authentication
      • TPAM Appliance
    • Contact Support
      • Overview
      • Customer Service
      • Licensing Assistance
      • Renewal Assistance
      • Technical Support
    • Download Software
    • Knowledge Base
    • My Account
      • My Products
      • My Service Requests
      • My Licenses
      • My Groups
      • My Profile
    • Policies & Procedures
    • Professional Services
    • Technical Documentation
    • One Identity University
    • User Forums
    • Video Tutorials
  • Partners
    • Overview
    • Partner Circle Log In
    • Become a Partner
    • Find a Partner
    • Partner Community
  • Communities
    • Home
    • Blogs
      • Blogs A to Z
      • One Identity Community
      • AD Account Lifecycle Management
      • Cloud
      • Identity Governance & Administration
      • Privileged Access Management
      • syslog-ng Community
    • Forums
      • All Product Forums
      • Active Roles
      • Identity Manager
      • Password Manager
      • Safeguard
      • Unix Access Management
    • Social Networks
      • Facebook
      • LinkedIn
      • Twitter
      • YouTube
One Identity Community
One Identity Community
  • Site
  • User
  • Site
  • Search
  • User
Active Roles Community
Active Roles Community
Wiki Convert a normal group to a dynamic group - Option 1
  • Forum
  • Ideas
  • Wiki
  • More
  • Cancel
  • New
  • -Active Roles Script Center
    • +Active Roles Script Policy Best Practices
    • Active Roles SDK
    • +C#
    • +JavaScript
    • +PowerShell
    • -VBScript
      • VBScript Library source code
      • -VBScript samples
        • A Managed Unit with users which have not logged on for last 90 days
        • Adjust the case of usernames to title case (first letter of each part of the name)
        • Advanced group creation/provision
        • Advanced shared folder creation
        • Bulk policy incompliance fixing
        • Check unique value of an attribute
        • +Computer management
        • +Exchange management
        • Function that converts regular date into integer8 format
        • Get effective policy info list
        • -Group management
          • Convert a normal group to a dynamic group - Option 1
          • Convert a normal group to a dynamic group - Option 2
          • Create Group Membership AutoProvisioning policy
          • How to convert Query-based Distribution Group to Active Roles Dynamic Group
          • Notify member upon expiration of his membership in group
          • Script Policy to check group members when they are added to or removed from a group
          • Set Group Ownership upon any Modification
        • How to find a request source in script policy
        • How to send emails based on scripts policy parameters and Virtual Attribute values
        • +Permissions Management
        • Policy incompliance reporting & fixing for specified policy
        • Populate values from a SQL database to an AD Attribute
        • Prevent copying an attribute on user copy
        • Prohibite a permission propagation to AD
        • Prohibite an AD native security editing
        • Read large integer date attributes and display them in date and time readable format
        • Read XML Node text or attribute value
        • Read XML Node with Children into DictionaryObject
        • Standalone script that requests built-in password generation policy
        • +User management
        • Validate moving operations
        • +VBScript: Approval

You are currently reviewing an older revision of this page.

  • History View current version

Convert a normal group to dynamic group - Option 1

DESCRIPTION

This script provides the capability to convert a new or existing Group object to a Dynamic Group object with certain information being requested to add query information to the dynamic group object. In Preparation to use this scripted functionality make sure the following Attributes are added as virtual attributes:

edsvaDGConvertTo - mapped to object class group, Syntax is Boolean, Store values - Possible Value: True or False

edsvaDGFilterValue - mapped to object class group, Syntax is Directory String, Store values - Possible value: Anything, it is the searchstring value, which must fit to validate the group membership

edsvaDGScope - mapped to object class group, Syntax is Directory String, Store values - Possible value: the DN of the searchscope, in which the target objects are stored

edsvaDGReferencedAttribute - mapped to object class group, Syntax is Directory String, Store values - Possible value: The objectclass of the target object, which should be included for membership validation


Note This code may use functions from the Active Roles Script Policy Best Practices. Please, follow the link to obtain instructions and code for those functions.


SCRIPT

'*********************************************************************************

' THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND,

' EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED

' WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.

'

' IF YOU WANT THIS FUNCTIONALITY TO BE CONDITIONALLY SUPPORTED,

' PLEASE CONTACT ONE IDENTITY PROFESSIONAL SERVICES.

'*********************************************************************************

'===========================================================================

' Log

'===========================================================================

Sub Log (ByVal strMessage)

Dim objFSO, objFile

Set objFSO = CreateObject("Scripting.FileSystemObject")

Set objFile = objFSO.OpenTextFile("c:\debug.txt", 8, True)

objFile.WriteLine (CStr(Now()) & " " & strMessage)

objFile.Close

End Sub ' Log

'Your script should be triggered after any modification of edsvaDGConvertTo attribute. Thus we have To add additional condition To Execute subroutine

Sub Execute(Request)

'--- consider that Request.Class can be "group", "Group", or "GROUP"

If (LCase(Request.Class) <> "group") Then Exit Sub

'--- trigger only If edsvaDGConvertTo Is modified

If (Not IsAttributeModified(Request, "edsvaDGConvertTo")) Then Exit Sub

'--- Request for used VAs

On Error Resume Next

strConvertTo = CStr(Request.Get("edsvaDGConvertTo"))

On Error GoTo 0

Call Log("edsvaDGConvertTo = " & strConvertTo)

If (strConvertTo = "False") Then

DirObj.GetInfo

DirObj.ConvertToRegularGroup

DirObj.SetInfo

Else

On Error Resume Next

strDGTargetObjectClass = CStr(Request.Get("edsvaDGTargetObjectClass"))

On Error GoTo 0

Call Log("edsvaDGFilterValue = " & strDGFilterValue)

On Error Resume Next

strDGFilterValue = CStr(Request.Get("edsvaDGFilterValue"))

On Error GoTo 0

Call Log("edsvaDGFilterValue = " & strDGFilterValue)

On Error Resume Next

strDGScope = CStr(Request.Get("edsvaDGScope"))

On Error GoTo 0

Call Log("edsvaDGScope = " & strDGScope)

On Error Resume Next

strDGReferencedAttribute = CStr(Request.Get("edsvaDGReferencedAttribute"))

On Error GoTo 0

Call Log("edsvaDGReferencedAttribute = " & strDGReferencedAttribute)

'--- DirObj is predefined object that refers to newly created group. See ARS SDk for details

DirObj.GetInfo

' Create a new Include by Query rule

Set objRule = CreateObject("EDSIManagedUnitCondition")

objRule.Base = "EDMS://" & strDGScope

objRule.Filter = "(&(objectClass="& strDGTargetObjectClass &")("& strDGReferencedAttribute & "=" & strDGFilterValue & "))"

objRule.Type = 1

DirObj.MembershipRuleCollection.Add objRule

DirObj.SetInfo

End If

End Sub

Sub onPostCreate(Request)

Call Execute(Request)

End Sub

Sub onPostModify(Request)

Call Execute(Request)

End Sub

Function EndsWith(strText, strEnd)

EndsWith = (Right(strText, Len(strEnd)) = strEnd)

End Function ' EndsWith

'***** END OF CODE ***************************************************************

  • Company
    • About Us
    • Buy
    • Careers
    • Contact Us
    • News
  • Resources
    • Blogs
    • Customer Stories
    • Documents
    • Events
    • Videos
  • Support
    • Professional Services
    • Renew Support
    • Technical Support
    • One Identity University
    • Support Service
  • Social Networks
    • Facebook
    • Instagram
    • LinkedIn
    • Twitter
    • YouTube
  • © 2025 One Identity LLC. ALL RIGHTS RESERVED.
  • Legal
  • Terms of Use
  • Privacy
  • Community Feedback & Support
  • Cookie Preference Center