The estimated reading time 3 minutes
Some time ago a company named FirstAttribute asked me to write an blogpost about their outcoming software. So here is the result of my decision ;-). At the beginning I had been a little bit incredulous. After testing some things inside my lab, the software worked pretty fine so I’m glad to write these lines.
First of all I’ll describe some functions of “DynamicGroup”. With this software you are able to fill groups dynamically (it can do also much more things). Groups can also be filled by OU or AD attributes selection. One big advantage, if users are assigned dynamically is the fact that their memberships in groups are deleted. This means, if a user is changing department group memberships will move dynamically with him. No need to clean ad groups if you put some intelligence in logic.
NOTE: I ‘dont do any support for this software , here you can find some common information about the basic functions and examples in my lab. Installation is described in FirstWare Manual (included in the download).
Scenario 1:
My company has a folderstructure on a fileserver and wants to set permissions with AGDLP and also wants to automate these permission within special OUs.
Special users in special permissions should have access to the first level of the fileserver (DATA), which is also the share.
In my AD are two groups; domainlocal and global which are encapsulated (global in local)
On my management server I installed the FirstWare Dynamic Group Software (also the service) and set it up for synchronizing every 5 minutes. So every 5 minutes my dynamic groups get filled. Looks like this:
The “preview” Button is very nice so you can see your results quickly.
Inside your normal Active Directory the group looks like a normal group, but will be filled by the FirstWare Service dynamically.
Following screenshot shows my service configration.
Scenario 2:
users inside a special OU structure with a special attribute should be added to an security group. To show this I created some “support users” which have AD attribute “Department” filled with “support”.
Get-ADUser -Filter {Name -like "*supp*"} -Properties * | fl Name,Department,CanonicalName
You can see in the screenshot that support 03 has no department, so this user should not be part of the security group. Also users are in different OUs. Now the screen from FirstWare.
You can find the group also in local AD.
If one user changes department you are able to set the new ad attribute and the switchover of groupmembership will be done by FirstWare and there are no old permission anymore. Isn’t that cool?
This dynamic group also hosts fileserverpermissions, in my case access to the support folder.
cool software, but keep in mind, if you don’t have a good concept it will not help you that much. This software has a lot more functions but this article only describes the basic and simple ones.
Have fun with this tool and if you like this blogpost, please click on helpful and download the 30 days eval version. Please write my blog url in the message window when registering.
Have a look at the brand new “Delegation Mode” which is described in my second part FirstWare DynamicGroup – Part 2: Delegation Mode
This article was created with the kind support of:
software link: https://www.dynamicgroup.net/de/download/
[…] go back to FirstWare DynamicGroup – Part 1: a small tutorial […]