Do you already have the department names in a list? Or is that something that you have to gather first?
If you have to gather, then I assume you'll have to iterate each user object and determine the department value. Then, you'll create a group for every single unique instance of department value. After those are created, you'd then create the section sg's and make them members of the relevant department sg. Is there a clean way? I don't think it's something that you can do on a single command line, although I throw that out there mostly as a challenge to joe. He likes that kind of challenge I suspect ;) Couple of options come to mind: You could build a table and based on that table you can create/populate. ADMOD and ADFIND could be useful to you there. You could build a script that uses dictionary objects and creates the unique instances for you and correlates that information to the sections and then creates/populates. It's slightly complex, but... Building the tables, you could then execute manually. Depends on the scope of course. Of course, .NET is an option as well. Same logic depending on language though. And you will want to do this in passes most likely so you can ensure that the department group is created when it comes time to add an object to it. It's helpful to do it that way... Does that help, or ?? Al On 1/22/07, WATSON, BEN <[EMAIL PROTECTED]> wrote:
Hey guys, I'm trying to wrap my brain around how best to accomplish this and need a little help. I need to create a security group for each department in our company, and then a security group for each section. At our company sections fall underneath departments. So we may have a department #24, and then sections #241, #242, #243, etc… Right now, we have made some schema extensions to allow Active Directory to contain relevant user data, such as what Department and Section the user is a part of. So the data is already in our Active Directory. I imagine there should be a relatively easy way to take each unique value of Department and Section and turn that into the security groups I need. So if it were to find Departments 24 and 25. It would turn that into two security groups named Dept24 and Dept25. Furthermore, if it found sections 241, 242, 251, 252, it would create four security groups named Sec241, Sec242, Sec251, and Sec252. It would also be "nice" if I could create the Department security groups first, and then not only create the proper Section security groups, but make them a member of the appropriate Department security groups as well. Any ideas on how best to accomplish this in a relatively pain-free fashion? Or if there is an alternative way to do this rather than Admod, then please suggest it. I just figured that Admod would probably be my best choice. Thanks, ~Ben
