Two options come to mind, I'm sure there are
others...
1) Build a set of scripts and put a web front-end on
them, which would allow others to move the user account and as part of the
move, the OUone groups would get stripped and the OUtwo groups would get
added.
2) Directly delegate the object move (or like above,
stick it in a web page). Then have a scheduled task that periodically runs and
looks at all user objects in OUone and sets the group membership correctly,
same for OUtwo.
Option 1 has a more immediate effect, and that may be an
important point. Option 2 has the advantage of consistently enforcing group
membership, so even if someone makes an inadvertant change it will get
corrected on the next pass of the script. It also makes it easier to change
the groups and have all users get updated.
I am almost looking for a
query based Security Group, similar to Distribution
Groups.
It would save me a ton of
time if when I moved a user from OUone to OUtwo if it would/could strip that
user of all their old groups and drop them into the new groups, based upon
what OU the user account currently resides in.
15 schools, students
moving from school to school all year long....it would save us a ton of time.
In fact I could delegate the move and have others do it. It would be the last
part of the puzzle to making these moves near zero administrative
overhead.
Any
ideas?
Jim
Kennedy
