The script creates a brand new Group and converts it to Dynamic upon setting the MemberShip rules.
If the group already exists, remove the "New-QADGroup" command.
This was tested in Active Roles 7.4.1.
NOTE: This is provided "AS IS" and is not supported via One Identity Support.
# First create the group
$GroupName = (New-QADGroup -Name <name> -ParentContainer "<DN of target OU>")
# Grab the DN from the newly created Group
$DN = $GroupName.DN
# Connect to ARS object
$objGroup = [ADSI] "EDMS://$DN"
$objRuleCollection = $objGroup.MembershipRuleCollection
$rule1 = New-Object -ComObject "EDSIManagedUnitCondition"
# Change to your Domain
$rule1.Base = "EDMS://DC=domain,DC=com"
# Set the Dynamic Group Membership rules here. Note that this must be a valid LDAP filter
$rule1.Filter = "(&(objectCategory=computer)(objectClass=computer))"