How do
you feel about VBScript, JScript, Perl, etc? This looks like a pretty good
application for it, though the hard part might be that you don't know WHO the
user is going to be until the user logs on, and by that time you are bound by
the permissions that the user that is logging on has to be able to add a user to
a group.
Hmmmm..... Seems that one would have to escalate the privilege of the
logging on user during eh execution of the logon script through the GPO.
Though, this might not be a sfe place to do this, as other things that might be
out of your control could also be put into the logon script that normally would
not be run at an escalated privlege.
Robbie, Richard, Gil - either of you have an idea here? I've talked
myself out of the ease and security of this approach. Might you have
another?
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active
Directory
Associate Expert
Expert Zone -
www.microsoft.com/windowsxp/expertzone
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Molloy, Gene S.
Sent: Tuesday, November 05, 2002 10:47 AM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] Adding Users to Security Group based on a PolicyI would like to create a Policy that will automatically add users to a security group based on a user attribute.
For example if user has an email address ending in abc.com put them in a group call abc users.
Any assistance on this would be greatly appreciate.
Gene Molloy
