Add AD security group to collection

Dear Exprt,
i have added AD security group to collection via Add resource but nothing receive by client its user base group.
how can i configure correctly.
note: i dont want query base what i am try is add security DL to collection for software deployment
[email protected]

Sorry - this is the same for 2007. You cannot import distribution lists. You can create a security group in AD and nest the DL into. Then add the security group into the collection with a direct rule.
Cheers
Paul | sccmentor.wordpress.com

Similar Messages

  • Powrshell to add Multiple security groups to shares

    Um, are you adding the security groups to the share? That makes no sense. You should just add "everyone, full" to the share permissions and then use NTFS permissions to limit what people can actually do.
    If you really need that I'll go look some more but I won't promise anythign as, again, this is not the way epople generally do this. This code is 1 possible way of managing the NTFS permissions, from some code I collected :)
    Powershell

    Hi People,IVe been using SW for sometime as a bit of a Lurk, Im scratching my head now at something that seems so basic but i cannot for the life of me figure it out, so any help would be great.ScernarioWe currently have a Powershell script that creates a list of folders on a Path that you give it, it will then proceed to add the security groups to the shares, this creating about 250 SG for the share - not too sure why this is used as its a pretty bad way to do thing.What i need to do is create a script that will ask for a list of security groups to add to a folder, I have already created the script to add the folders and add certain domain admin groups to the folders, the problem i am having is the name of the groupsSo for instance we have one call SG COMPANYNAME C - This is the change group allowing users to change files etc, we have...
    This topic first appeared in the Spiceworks Community

  • Add new Security Groups

    Hi Dear;
    is there a way to add new security groups in
    Document Numbering
    Price List
    Query Manager
    best regards;

    Hello Gordon;
    in the document numbering and the price list, you have to define a group, it's very clear
    it's a security group and you have to give authorization to the user
    is there a way to add more groups
    regards;

  • Trying to use a task sequence to add a computer to a security group

    I am using the following code to try to add a security group to a computer account when I am imaging using MDT 2012.  I get the following errors after the imaging process has completed.  
    Any help would be greatly appreciated.
    Thanks,
    Andy
    Exception calling "InvokeMember" with "5" argument(s): "Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))"
    TaskSequencePSHost 03/24/2015 8:45:29 AM
    0 (0x0000)
    At \\AOTWDS01V\DeploymentShare$\Scripts\dagroup.ps1:26 char:2
    +     $UserDN = $SysInfo.GetType().InvokeMember("ComputerName", "GetProperty", $Null, ...
    +    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    TaskSequencePSHost 03/24/2015 8:45:29 AM
    0 (0x0000)
    NotSpecified: (:) [], MethodInvocationException
    TaskSequencePSHost 03/24/2015 8:45:29 AM
    0 (0x0000)
    The following exception occurred while retrieving member "Get": "The specified domain either does not exist or could not be contacted.
    " TaskSequencePSHost
    03/24/2015 8:45:31 AM 0 (0x0000)
    At \\AOTWDS01V\DeploymentShare$\Scripts\dagroup.ps1:30 char:2
    +     $strDomainPath = $ORoot.Get("defaultNamingContext")
    +     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    TaskSequencePSHost 03/24/2015 8:45:31 AM
    0 (0x0000)
    NotSpecified: (:) [], ExtendedTypeSystemException
    TaskSequencePSHost 03/24/2015 8:45:31 AM
    0 (0x0000)
    Exception calling "Execute" with "1" argument(s): "An invalid directory pathname was passed
    " TaskSequencePSHost
    03/24/2015 8:45:32 AM 0 (0x0000)
    At \\AOTWDS01V\DeploymentShare$\Scripts\dagroup.ps1:38 char:3
    +         $oRs = $oConnection.Execute("SELECT adspath FROM 'LDAP://$strDomainPath' WHERE ...
    +    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    TaskSequencePSHost 03/24/2015 8:45:32 AM
    0 (0x0000)
    NotSpecified: (:) [], MethodInvocationException
    TaskSequencePSHost 03/24/2015 8:45:32 AM
    0 (0x0000)
    Param(
    [string[]]$GroupNames,
    [String]$Admin,
    [String]$Password
    if($GroupNames)
    [int] $ADS_PROPERTY_APPEND = 3
    #Get the computer DN
    $SysInfo = New-Object -ComObject "ADSystemInfo"
    $UserDN = $SysInfo.GetType().InvokeMember("ComputerName", "GetProperty", $Null, $SysInfo, $Null)
    $ComputerDN = "LDAP://$UserDN"
    #Get the Domain DN
    $ORoot = [ADSI]"LDAP://rootDSE"
    $strDomainPath = $ORoot.Get("defaultNamingContext")
    #Create ADODB connection
    $oConnection = New-Object -ComObject "ADODB.Connection"
    $oConnection.Provider= "ADsDSOObject"
    $oConnection.Open("Active Directory Provider")
    foreach($groupname in $GroupNames)
    #Get the specefied group
    $oRs = $oConnection.Execute("SELECT adspath FROM 'LDAP://$strDomainPath' WHERE objectCategory='group' AND  Name='$groupname'")
    If (!$oRs.EOF)
    $strAdsPath = ($oRs.Fields |  Select value ).value
    If($strAdsPath)
    If($Admin -and $Password)
    $objGroup = New-Object DirectoryServices.DirectoryEntry($strAdsPath,$Admin,$Password)
    Else
    $objGroup = [ADSI]$strAdsPath
    $objComputer = [ADSI]$ComputerDN
    #verify if the computer is a member of the Group
    If ($objGroup.ismember($objComputer.adspath) -eq $false) 
    #Add the the computer to the specefied group
    $objGroup.PutEx($ADS_PROPERTY_APPEND,"member",@("$UserDN"))
    $objGroup.setinfo()

    If you are using UserID UserDomain UserPassword those variables are base64 encoded.  You could decode them via something similar to this:
    https://social.technet.microsoft.com/Forums/en-US/6c11827f-982d-4fa1-a76d-70a615912d62/mdt-2012-automation-example-of-how-to-use-userdomainuserid-userpassword-in-a-script-move-ou?forum=mdt
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

  • SCCM 2007 database query for AD security group for machines

    dear,
    I am had created security DL in AD for machine to deploy software  and trying to link in SCCM 2007 with collection but could not
    i have tried query base following below link but its does not help
    http://www.windows-noob.com/forums/index.php?/topic/892-deploy-software-through-ad-groups-linked-to-collections-in-sccm/
    type all query but could not find in table (SystemGroupName).
    [email protected]

    Go to properties of you collection and add a new membership rule to add the security group
    SCCM use discovery methods to get information from AD. Make sure AD system discovery and AD security group discovery are enabled for the SCCM site. Once you add machines to the security group, you need to wait till the next discovery cycle is completed.
    The discovery cycle runs on a schedule set by SCCM administrator.

  • Error while adding new security group in content server

    Hi,
    When i am trying to add new security group in UCM using User Admin applet i am getting following error:
    Event generated by user 'weblogic' at host 'vpunvfpctnsz-07.ad.infosys.com:16200'. Unable to execute service ADD_GROUP and function insertGroupRow.
    Unable to execute query 'IroleDefinition(INSERT INTO RoleDefinition (dGroupName, dRoleName, dPrivilege, dRoleDisplayName)
    values ('Test_111', 'admin', 0, ''))'. ORA-00001: unique constraint (DEV_OCS.PK_ROLEDEFINITION) violated
    java.sql.SQLIntegrityConstraintViolationException: ORA-00001: unique constraint (DEV_OCS.PK_ROLEDEFINITION) violated. [ Details ]
    An error has occurred. The stack trace below shows more information.
    !csUserEventMessage,weblogic,vpunvfpctnsz-07.ad.infosys.com:16200!$!csServiceDataException,ADD_GROUP,insertGroupRow!$!csDbUnableToExecuteQuery,IroleDefinition(INSERT INTO RoleDefinition (dGroupName\, dRoleName\, dPrivilege\, dRoleDisplayName)<br>          values ('Test_111'\, 'admin'\, 0\, ''))!$ORA-00001: unique constraint (DEV_OCS.PK_ROLEDEFINITION) violated<br>!syJavaExceptionWrapper,java.sql.SQLIntegrityConstraintViolationException: ORA-00001: unique constraint (DEV_OCS.PK_ROLEDEFINITION) violated<br>
    intradoc.common.ServiceException: !csServiceDataException,ADD_GROUP,insertGroupRow!$
    at intradoc.server.ServiceRequestImplementor.buildServiceException(ServiceRequestImplementor.java:2071)
    at intradoc.server.Service.buildServiceException(Service.java:2207)
    at intradoc.server.Service.createServiceExceptionEx(Service.java:2201)
    at intradoc.server.Service.createServiceException(Service.java:2196)
    at intradoc.server.ServiceRequestImplementor.handleActionException(ServiceRequestImplementor.java:1736)
    at intradoc.server.ServiceRequestImplementor.doAction(ServiceRequestImplementor.java:1691)
    at intradoc.server.Service.doAction(Service.java:476)
    at intradoc.server.ServiceRequestImplementor.doActions(ServiceRequestImplementor.java:1439)
    at intradoc.server.Service.doActions(Service.java:471)
    at intradoc.server.ServiceRequestImplementor.executeActions(ServiceRequestImplementor.java:1371)
    at intradoc.server.Service.executeActions(Service.java:457)
    at intradoc.server.ServiceRequestImplementor.doRequest(ServiceRequestImplementor.java:723)
    at intradoc.server.Service.doRequest(Service.java:1865)
    at intradoc.server.ServiceManager.processCommand(ServiceManager.java:435)
    at intradoc.server.IdcServerThread.processRequest(IdcServerThread.java:265)
    at intradoc.idcwls.IdcServletRequestUtils.doRequest(IdcServletRequestUtils.java:1332)
    at intradoc.idcwls.IdcServletRequestUtils.processFilterEvent(IdcServletRequestUtils.java:1678)
    at intradoc.idcwls.IdcIntegrateWrapper.processFilterEvent(IdcIntegrateWrapper.java:221)
    at sun.reflect.GeneratedMethodAccessor120.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at idcservlet.common.IdcMethodHolder.invokeMethod(IdcMethodHolder.java:87)
    at idcservlet.common.ClassHelperUtils.executeMethodEx(ClassHelperUtils.java:305)
    at idcservlet.common.ClassHelperUtils.executeMethodWithArgs(ClassHelperUtils.java:278)
    at idcservlet.ServletUtils.executeContentServerIntegrateMethodOnConfig(ServletUtils.java:1592)
    at idcservlet.IdcFilter.doFilter(IdcFilter.java:330)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:94)
    at java.security.AccessController.doPrivileged(Native Method)
    at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
    at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:414)
    at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:138)
    at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.dms.wls.DMSServletFilter.doFilter(DMSServletFilter.java:330)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.doIt(WebAppServletContext.java:3684)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3650)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
    at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2268)
    at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2174)
    at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1446)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
    Caused by: intradoc.data.DataException: !csDbUnableToExecuteQuery,IroleDefinition(INSERT INTO RoleDefinition (dGroupName\, dRoleName\, dPrivilege\, dRoleDisplayName)
    *          values ('Test_111'\, 'admin'\, 0\, ''))!$ORA-00001: unique constraint (DEV_OCS.PK_ROLEDEFINITION) violated* at intradoc.jdbc.JdbcWorkspace.handleSQLException(JdbcWorkspace.java:2441)
    at intradoc.jdbc.JdbcWorkspace.execute(JdbcWorkspace.java:584)
    at intradoc.server.UserService.insertGroupRow(UserService.java:1201)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at intradoc.common.IdcMethodHolder.invokeMethod(IdcMethodHolder.java:86)
    at intradoc.common.ClassHelperUtils.executeMethodEx(ClassHelperUtils.java:310)
    at intradoc.common.ClassHelperUtils.executeMethod(ClassHelperUtils.java:295)
    at intradoc.server.Service.doCodeEx(Service.java:549)
    at intradoc.server.Service.doCode(Service.java:504)
    at intradoc.server.ServiceRequestImplementor.doAction(ServiceRequestImplementor.java:1622)
    ... 39 more
    Caused by: java.sql.SQLIntegrityConstraintViolationException: ORA-00001: unique constraint (DEV_OCS.PK_ROLEDEFINITION) violated
    at oracle.jdbc.driver.SQLStateMapping.newSQLException(SQLStateMapping.java:89)
    at oracle.jdbc.driver.DatabaseError.newSQLException(DatabaseError.java:135)
    at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:210)
    at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:473)
    at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:423)
    at oracle.jdbc.driver.T4C8Oall.receive(T4C8Oall.java:1095)
    at oracle.jdbc.driver.T4CStatement.doOall8(T4CStatement.java:193)
    at oracle.jdbc.driver.T4CStatement.executeForRows(T4CStatement.java:1028)
    at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:1379)
    at oracle.jdbc.driver.OracleStatement.doScrollExecuteCommon(OracleStatement.java:5846)
    at oracle.jdbc.driver.OracleStatement.doScrollStmtExecuteQuery(OracleStatement.java:5989)
    at oracle.jdbc.driver.OracleStatement.executeUpdateInternal(OracleStatement.java:2012)
    at oracle.jdbc.driver.OracleStatement.executeUpdate(OracleStatement.java:1958)
    at oracle.jdbc.driver.OracleStatementWrapper.executeUpdate(OracleStatementWrapper.java:301)
    at weblogic.jdbc.wrapper.Statement.executeUpdate(Statement.java:503)
    at intradoc.jdbc.JdbcWorkspace.execute(JdbcWorkspace.java:564)
    ... 50 more
    I checked in database , the security group Test_111 is not present in ROLEDEFINITION table.
    What could be the issue?
    Regards,
    Minal

    1) Try importing CMU bundle with 'Overwrite Duplicates' option unchecked .
    2) In the CMU bundle, open file roles_guest.hda and see if 'guest' role has access to any group that start with special character or group you haven't created in the system..
    Eg: guest
    #AppsGroup
    0
    Also open securitygroups folder in CMU bundle, and see if you can find any groups that starts with special character or group you haven't created in the system.
    3) Identify that group and execute below query in the UCM database.
    select * from roledefinition where dgroupname= '#AppsGroup';
    Replace '#AppsGroup' with the groupname you identified.
    4) Solution would be to delete all the rows with dgroupname= '#AppsGroup' from the 'roledefinition' table.
    delete from roledefinition where dgroupname= '#AppsGroup';
    Replace '#AppsGroup' with the groupname you identified.

  • Using a security group to add members to the collection question

    Hi,
    I have a collection created in SCCM 2007 that is using a security group for membership. So I added a computer to the security group in AD but when I go to SCCM and click on the collection I dont see the computer in the collection. Should it show here or
    because it is a security group based membership will it not show the members?
    THanks!

    Details from Active directory are added to SCCM database through discovery methods. Please ensure that AD security group discovery and AD system discovery are enabled in the primary site. If they are enabled, check the frequency set for these discovery
    methods. Once you added these computers to the AD group, you need to wait till the next discovery cycle before it appears in SCCM collections. Till that point, SCCM database will not have information about the group memberships of these computers

  • How to create a site and add security groups through code: scripts, csom, ... ?

    Hi,
    I'm new to CSOM and are looking for a way to create sites in SharePoint Office365 and especially add user to it with a specific role eg. 'visitor' or 'owner'.
    I use this code to add sites from a csv file, so far so good.
    But now I want to add security groups based on the csv file and assign a role. The security groups allready exists.
    and also how to add a user with a 'owner' role for some sites.
    That would make my life easier :-)
    so thank you in advance!
    # load assemblies
    #[System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Client")
    #[System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Client.Runtime")
    Add-Type -Path "c:\Program Files\Common Files\microsoft shared\Web Server Extensions\15\ISAPI\Microsoft.SharePoint.Client.dll"
    Add-Type -Path "c:\Program Files\Common Files\microsoft shared\Web Server Extensions\15\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
    # site collection
    $siteUrl = “https://mysharepoint.com”
    # admin
    $username = "[email protected]"
    $password = Read-Host -Prompt "Enter password" -AsSecureString
    # get clientcontext as object
    $ctx = New-Object Microsoft.SharePoint.Client.ClientContext($siteUrl)
    # assign credentials to clientcontext object
    $credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($username, $password)
    $ctx.Credentials = $credentials
    # create site from template 'teamsite' => STS#0
    $data = Import-Csv "c:\tools\CSOM\vakwerking_test.csv"
    foreach ($row in $data) {
    $webCreationInformation = New-Object Microsoft.SharePoint.Client.WebCreationInformation
    $webCreationInformation.Url = $row.vakwerkingurl
    $webCreationInformation.Title = $row.vakwerkingnaam
    $webCreationInformation.WebTemplate = "STS#0"
    $webCreationInformation.UseSamePermissionsAsParentSite = $false
    $newWeb = $ctx.Web.Webs.Add($webCreationInformation)
    Write-Host "Title" $newWeb.Title
    #send to sharepoint
    $ctx.Load($newWeb)
    $ctx.ExecuteQuery()

    Hi,
    The command above about creating a group only works for the root site of the site collection, because the scope of the user group is site collection level, these groups
    can be used in all the sites in this site collection.
    With the existing groups in the root site, we can add users into them and grant specific permissions of a specific sub site to these groups.
    Here is a demo about how to assign permission to a group using Client Object Model(though in C#) for your reference:
    http://www.c-sharpcorner.com/UploadFile/54db21/set-permission-to-group-in-sharepoint-2010-programmatically/
    Best regards,
    Patrick
    Patrick Liang
    TechNet Community Support

  • Not able to set security group without mail enabled as site collection admin using powershell in sharepoint online site - office 365

    not able to set security group without mail enabled as site collection admin using powershell in sharepoint online site - office 365?
    Any idea?

    after few days test in my lab, I can see that only email enabled group can be added as site collection admin using POWERSHELL.
    hope this helps who stuck like me!! :-)

  • How to set security group as primary site collection admin and secondary site collection admin using powershell in sharepoint online site - office 365?

    How to set security group as primary site collection admin and secondary site collection admin using powershell in sharepoint online site - office 365?

    Hi,
    According to your description, my understanding is that you want to set security group as admin of primary and secondary site collection using PowerShell command in office 365.
    I suggest you can use the command below to set the group to site owner, then it will have the site collection admin permission.
    Set-SPOSite -Identity https://contoso.sharepoint.com/sites/site1 -Owner [email protected] -NoWait
    Here are some detailed articles for your reference:
    https://technet.microsoft.com/en-us/library/fp161394(v=office.15)
    http://blogs.realdolmen.com/experts/2013/08/16/managing-sharepoint-online-with-powershell/
    Thanks
    Best Regards
    Jerry Guo
    TechNet Community Support

  • Grant access to help desk users to add members to distribution and security groups

    Hello,
    I am trying to create a set of help desk users that has full access to add or remove members from distribution and security groups as well as update users.  We want it to bypass owner approval and essentially allow this group to add or remove members
    in the FIM Portal and flow it down to ADS.
    This obviously works fine if one is a member of the Administrators set, but we want a second tier of power users with limitied rights compared to FIM Admins.  We have added the help desk team to the  Security Group Users and Group Users set as
    well as MPR "Security group management: Users can read selected attributes of group resources".
    The help desk users can update users in the Portal with no issue.  The can search groups with no issue but when they try to add members to a group they get the error "Access Denied".
    Any help is greatly appreciated.
    Thanks!

    I'm having very similar problem - I have users with delegated right to modify group membership only. User can add someone to group and it works fine, but when the same user is trying to remove and user from a group (even if this is the same user
    which was added a minute ago) he gets Access Denied:
    The
    request included members which the requestor is not authorized
    to add and/or remove from this group."
    It is caused by default MPR:
    Group management workflow: Validate requestor on remove member
    Question is how this activity validates this request - any insight?

  • PowerShell Command / Script to add additional Global Administrator as an Owner to a Security Group In Office 365

    Hi There,
    I have a requirement as the Office 365 Administrator with the following:
    Anyone, know if there is a command in Power Shell (Script) for Office 365 to add an additional Global Administrator as an Owner to a particular
    Security Group or all Security Groups or to a Security Group that contains a certain word or phrase.
    1. Add a Global Administrator to ALL Security Groups:
    2. Add a Global Administrator to a Specific Security Group:
    3. Add a Global Administrator to ALL Security Groups that contain a specific Word / Phrase:
    Any suggestions would be helpful.  This has become a necessity for my organisation.
    Thank You in advance.
    Shenil

    #Add a Global Administrator to ALL Security Groups:
    $GlobalAdminID = Get-MsolRoleMember -RoleObjectId "62e90394-69f5-4237-9190-012177145e10" | Select EmailAddress
    #$GlobalAdminID
    foreach($id in $GlobalAdminID.EmailAddress)
    Get-DistributionGroup | ? {$_.GroupType -eq "Security"}| %{Add-DistributionGroupMember -Identity $_.DisplayName -Member $id }
    #Add a Global Administrator to a Specific Security Group:
    $GlobalAdminID = Get-MsolRoleMember -RoleObjectId "62e90394-69f5-4237-9190-012177145e10" | Select EmailAddress
    foreach($id in $GlobalAdminID.ObjectId)
    Get-DistributionGroup | ? {$_.GroupType -eq "Security" -and $_.DisplayName -eq 'Name1'}| %{Add-DistributionGroupMember -Identity $_.DisplayName -Member $id }
    #Add a Global Administrator to ALL Security Groups that contain a specific Word / Phrase:
    $GlobalAdminID = Get-MsolRoleMember -RoleObjectId "62e90394-69f5-4237-9190-012177145e10" | Select EmailAddress
    foreach($id in $GlobalAdminID.ObjectId)
    Get-DistributionGroup | ? {$_.GroupType -eq "Security" -and $_.DisplayName -like '*Some Phrase*'}| %{Add-DistributionGroupMember -Identity $_.DisplayName -Member $id }
    Note: I didn't test this - Please test or use -Whatif
    Change RoleObjectID as applicable
    Get-MSOLRole will give company administrator GUID that;s Global Admin ID
    Regards Chen V [MCTS SharePoint 2010]

  • Filter AD Security Group and add member through visual webpart

    Hi All,
    I want to know how to Filter AD Security Group and add members to it from SharePoint 2013 Visual webpart, where i have multiple domains as well.
    Regards
    Rathanavel
    Rathanavel

    SP doesn't interrogate AD groups (DL's or SG's)... you'll need to query AD directly (ADSI).
    Scott Brickey
    MCTS, MCPD, MCITP
    www.sbrickey.com
    Strategic Data Systems - for all your SharePoint needs

  • User won't add to an AD security group

    Hello,
         I've been scouring around the last few days and I've come up empty handed with an issue I'm having on a personal domain and I'm hoping someone here can point me in the right direction.
         I have a domain controller set up in a lab environment running Server 2012 RU with three computers and three users joined to the domain.  I'm currently attempting to apply group policy via AD security groups but I've hit a dead
    end.  I've created the users and moved them to a nested OU, we'll call it SiteA>Users.  I then created a global security group called Control Panel Restriction and placed it in a nested OU in SiteA>Groups, and joined one of the users to the
    security group.  I then created a group policy and configured it to restrict all access to the control panel and linked it to the SiteA OU.  In security filtering I've removed the authenticated users group and added the Control Panel Restriction
    group.
         The first time the user is joined to a security group it seems to work fine.  If I remove the user from the group and run gpupdate /force, the user can once again access the control panel.  From that point going forward,
    however, it's as if the user is never added to a security group again.  I can add the user directly to the security filtering section of the GPO and it works, but it's like security group membership will not update anymore for that user.
         Troubleshooting:  I've verified the permissions of the security group for the GPO and made sure it has read and apply group policy access, I've created a test user and placed it in the Control Panel Restriction security group
    and policy applied successfully (once), so I know the group works.  I ran a gpresult /r for the user and found the group policy IS being applied, but it's being denied through security filtering.  In the group membership section of the gpresult report
    it indicates the user is only a member of the default security groups in AD, not the custom made security group, even though a quick inspection of AD proves otherwise.
         Any advice?

    After you add, or remove, a user from a group, ensure that the changes have replicated/propagated across the DC's (waiting for your replication cycle time is usually enough), then, ensure that the user logs off, and then log the user on again.
    The logoff/logon cycle is typically important, since the user's security token is constructed at logon, and the token is constructed based on group memberships at the time of logon.
    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

  • Unable to resolve name in add user to security group screen

    Hello Everybody,
        Today I come to ask for advice from the FIM experts, it was just brought to my attention that when somebody tries to add a user to a security group by using the browse option they are able to search for the member and select them but when they
    click on "Ok" the account isnt shown in the Members to add box. However if the person types in the full display name into the "members to add box" the user is successfully resolved. 

    After some intense research this issue is caused by an recent Microsoft update KB3008923. I have opened an microsoft support case after being informed of this issue. This is caused not by an FIM patch but by and internet explorer update. Please uninstall KB3008923
    and your issue will be resolved. Or you can suggest to your users to use chrome with IE tab addon enabled as a walk around solution
    I am awaiting microsoft to provide an hotfix for this issue but until then I have just instructed my users to do one of the listed tempory solutions above

Maybe you are looking for

  • How to create a prompt with default value as current_date?

    Hello I'd like to create a prompt on the dashboard that has current_date as the default value. Is it possible to achieve so? Please provide any pointers.. Thank you

  • BAPI , BADI , USER EXIT , FUNCTION MODULE

    Hi Experts Can any body pls explain me abt BAPI , BADI , USER EXIT , FUNCTION MODULE  and its uses in details . Thanks Devashish

  • Nokia 3110 classic...Themes corrupted

    Hi, I have a problem with my nokia 3110 classic phone. When I go to the themes sec it says themes corrupted. Also my phone switches off itself and all my messages , themes, wallpapers, tones, graphics, games, etc disappear... Please help me solve thi

  • Password setting for web gallery

    Plz can some one let me know how I can set password for viewing/downloading pics in web gallery? Thank VVN

  • CM6040mfp Color copy quality issues

    I posted this problem a couple of weeks ago and thought it was solved, but it turned out it was not (I could not find that post for some reason, so I started another one).  This machine puts out excellent quality prints when doing an internal test pa