Dynamic security group

Similar Messages

• Dynamic Distribution Groups - Message Delivery Restrict to Security Group

  Hi,
  I have created a dynamic distribution group and want to restrict mail delivery to only accept messages from members of a security group.  How do I achieve this?
  The idea is the DDG's are set with their criteria and if anyone leaves/joins the relevant SG then they will have permission to send to those DDG's.
  Thanks in advance.

  Hi ,
  In exchange management console it is very simple to provide the access.Please follow steps.
  1.Open the Exchange Management Console (EMC)
  2.Locate the distribution list .
  3.Right-click on it and select Properties
  4.Open the Mail Flow Settings tab
  4.Select Message Delivery Restrictions
  5.Then select the option only senders in the following list and add the DL that you would like to provide access to send email to that group.
  Thanks & Regards S.Nithyanandham

• Dynamic AD Security Groups (a la Exchange)

  Has the Active Directory team ever thought of making Dynamic AD Security groups like the ones in Exchange? i think it would be a good idea for the release or the next version.

  In Exchange 2013, the only groups that you can enable for mail distribution (using Exchange Management Shell - Enable-DistributionGroup cmdlet) must be configured as Universal group. They can be created in Active Directory as a security group or distribution
  group, but scope must be set to universal.
  Then use
  http://technet.microsoft.com/en-us/library/aa998916(v=exchg.150).aspx to allow it to receive email from Exchange 2013 recipients. Once you run the enable-distributiongroup against that group, all of the appropriate fields should be automatically added to
  the group.

• Dynamic security in Cube having many to many relationship

  I have multiple dimensions (around 20) and 4 fact tables in my cube.  I am implementing dynamic security in my cube, so only logged in user will see his information.
   I have a person dimension, which stores user information.
  I have a shipper dimension , which stores shipper information.
  Person dimension is connected to Fact table  A and Shipper is also connected to Fact table A.
  Shipper Dimension is also connected to Fact Table B.
  Now in dimension usage tab i connected Person dimension to FACT table B measure group using many to many relation via Fact Table A measure group.
  I wrote below code block in Shipper dimension to implement security , under Dimension data tab -
  exists ({[Shipper].[SHR Number].members},  strtoset("[Person].[Person number].[" + username() +"]"), "Fact Table A")
  Its is working fine when  run it as mdx query, using select command. I can see all measures (both from fact A and fact B) based on my ID permisisons.
  But the issue is when I browse cube, I can see only Fact Table A measures and NOT FACT B measure.
  FACT B measures comes as NULL.
  I referred below link -
  http://bifuture.blogspot.com.au/2011/09/ssas-setup-dynamic-security-in-analysis.html
  PLEASE HELP

  I got the issue, it is related to dimension security. Its working fine

• Dynamic Distribution Group - RecipientContainer ignored

  When i set the container in powershell and confirm that the setting took I then run the preview filter. It is for sure pulling from out side the OU that I set in the container parm. 
  Any help on this issue?
  Proactive security not reactive, lets make it happen.

  Hi,
  From your description, you set the RecipientContainer when you create the dynamic distribution group, but actually it doesn't work. If I have misunderstood your concern, please let me know. In your case, I recommend you take your time to post the cmdlet
  you use for my further research.
  Best regards,
  Amy Wang
  TechNet Community Support

• Powershell script: to get the AD Security Group Name

  I need PowerShell script that takes input: AD Security Group Name and loop
  through all web applications and their content in the farm to know where this particular group is used.

  hi
  AD groups are represented in Sharepoint as SPUser object with
  SPUser.IsDomainGroup set to true. I.e. you may use the same script which is used for users:
  Powershell script to find permissions for a specific user.
  Blog - http://sadomovalex.blogspot.com
  Dynamic CAML queries via C# - http://camlex.codeplex.com

• Nested Security Groups in Device Collections

  Hi all,
  Is it possible to create a device collection with a dynamic query containing nested Security Groups(Active directory).
  Following is the a sample-
  Security Group 'A' has the following members-
  1) Security Group 'C'
  2) Security Group 'D'
  3) User 'John'
  4) User 'Dave'
  I'm trying to create a device-collection in SCCM 2012 referencing this Security Group 'A' and my intent is to have all members of SG 'C' & 'D' to be part of it along with John & Dave.
  thanks in advance.

  Within ConfigMgr, "Security Group A" will be listed as a Security Group Name with all the direct members of "Security Group A" and the members of "Security Group B" and "Security Group C".
  So, simply querying for "Security Group A" should be sufficient.
  My Blog: http://www.petervanderwoude.nl/
  Follow me on twitter: pvanderwoude

• ISE Security Group Mapping download to ASA

  We are implementing Security Tags with an ASA and ISE.  We have generated the PAC and imported it into the ASA and they in sync.  The Security Groups are present in the ASA, but the IP to Security Group Mapping that was manually placed in ISE aren't downloaded.  We have configured the WLC as a speaker and these mappings are dynamically updated on the ASA.  Does the ASA need to additional configuration, ie does ISE need to be configured as a peer for the static mappings to be downloaded?
  Please advise,
  Joe

  Update:
  I am testing with a username and enable password to see if this makes a difference.  It appears it now tries to deploy and says it is Updated but I don't see anything in the ASA.  All the ISE Diagnostic tests result in an invalid enable password.  I am logging into the ASA with the same creds without issue.  I have attempted several times with a copy and paste but it won't validate.
  Any suggestions?
  Thanks,
  Joe

• Dynamic Security in a denormalized Parent-Child dimension Table

  Hi guys, I need your priceless help again:
  I have a parent child relationship in a table with a fixed depth, let´s say Region-->Area-->Country
  I denormalized the table to have something like this
  Then, to implement dynamic security, I think in a bridge table with the userId
  and the CountryId, then with a measure group and a measure which count the combination of user/country I can proof the security using the non empty function.
  My question is how can I also set security for the levels above the leaf members, let´s say, I want to assign an user to the Area level or Region Level. I don't know exactly which key could I include in the bridge table.
  I may want to keep the id´s of the original table in the different levels.
  Any comment will be appreciated.
  Kind Regards,

  Hi Paul,
  According to your description, you want to apply dynamic security on parent-child hierarchy. Right?
  In Analysis Services, when a dimension contains a parent-child hierarchy, we can't set up security directly on the key attribute. Because it will not appear on the dropdown list of Dimension Data Security in Role editor.
  In this scenario, we need to filter on key attribute and not the parent-child hierarchy. Then use Linkmember() to find the equivalent members on the parent-child hierarchy. Please refer to the expression below based on a employee dimension with parent-child
  hierarchy.
  Generate(
   NonEmpty(
    [Employee].[Employee].[Employee].Members,
     [Measures].[Employee Count],
     StrToMember('[User].[User].[' + UserName() + ']')
               LinkMember(
                   [Employee].[Employee].CurrentMember,
                   [Employee].[Employees]
  Also I suggest an excellent book:
  Expert Cube Development with Microsoft SQL Server 2008 Analysis Services. It talks about this scenario in chap 9.
  Reference:
  SSAS
  Dynamic security - Bridge table (factless) between User dimension and Parent-Child (PC) dimension
  If you have any question, please feel free to ask.
  Best Regards,
  Simon Hou
  TechNet Community Support

• Is there a way for an end user to see who has membership in a security group

  Windows Server 2008 R2
  Active Directory Domain
  Windows 7 workstations
  I am looking for a way that my end users can look at a folder security tab and then discover who has membership in the security groups listed.
  Is that possible? Any drawbacks or concerns?

  Hi Tod,
  Based on my research, other than viewing group membership in ADUC, we can use this PowerShell cmdlet
  Get-ADGroupMember GroupName and Net Group GroupName to view members in a group:
  However, these commands can only be used on Domain Controllers or when connecting to DCs remotely. That’s because accounts and account membership are stored on Domain Controllers, therefore we can only view group membership on DCs.
  More information for you:
  Viewing the Direct Members of a Group
  http://technet.microsoft.com/en-us/library/dd391915(v=WS.10).aspx
  Net group
  http://technet.microsoft.com/en-us/library/cc754051.aspx
  Best Regards,
  Amy

• Not able to set security group without mail enabled as site collection admin using powershell in sharepoint online site - office 365

  not able to set security group without mail enabled as site collection admin using powershell in sharepoint online site - office 365?
  Any idea?

  after few days test in my lab, I can see that only email enabled group can be added as site collection admin using POWERSHELL.
  hope this helps who stuck like me!! :-)

• Project Server 2010: PWA Removing Default Project Site Security Groups When Creating a New Project

  I looked for this specific issue with Project Server 2010/PWA/SharePoint and could not find an exact answer... hopefully someone can help.
  We are currently using Project Server 2010 and have a number of project site templates that are used dependent upon the enterprise project type selected. Each of these project site templates have unique permissions which should create the default security
  groups on the project site upon publishing/syncing:
  <Project Name> Members
  <Project Name> Owners
  <Project Name> Visitors
  <Project Name> Project Managers (Project Web App Synchronized)
  <Project Name> Team Members (Project Web App Synchronized)
  Web Administrators (Project Web App Synchronized)
  Whether a user creates a project through PWA or Project Pro 2010 and imports the project into PWA, we get a weird result in the Site Permissions of the newly created project site. PWA will remove all default security groups from the project site template
  and add a whole list of users in the Site Permissions list without groups. 
  Once the project is published and the project site is created, we can then go back and add those default security groups back in the project Site Permissions and even add a couple of custom groups without them being removed on all subsequent project syncs
  or publishing. 
  How do we get PWA to not overwrite the project site templates' security groups and place each user in the proper default security groups? At the same time, how is PWA adding a number of users into the Project Site Permissions?
  Thanks in advance.

  Paul,
  Thanks for that information. Right now we are using the Test environment to turn the Auto-sync feature back on. I suspect that the reason this is happening is due to PWA groups/categories/security templates. There may be more than one PWA group that is "overwriting"
  the default project site groups upon initial creation of the project. We will look further into the security settings to tighten up the policies. 

• Dynamic Distribution Group set conditions by importing text file?

  Exchange 2010 SP2.
  I created a dynamic distribution group via the EMC.  We have populated AD with ExtenstionAttribute1 and ExtensionAttribute2.  I have created the ddg with custom attribute1 value = employee.  What I need to do now is  populate custom attribute
  2 = 00-0001, 00-0002, and so on.  There are about 300 of these numbers I need to add.  I have them in a text file or csv file.  Instead of adding them one by one in the EMC, is there a way to import them via powershell to the existing ddg? 
  The ddg is called All Management Employees.

  If they go from 00-0001 to 00-0300, you could just add them as follows:
  Set-DynamicDistributionGroup <group name> -RecipientFilter "(CustomAttribute1 -eq 'employee') -and (CustomAttribute2 -like '00-0*')"
  However, if you have additional items like this (such as 00-0350, etc), you may need to use the following:
  Set-DynamicDistributionGroup <group name> -RecipientFilter "(CustomAttribute1 -eq 'employee') -and ((CustomAttribute2 -like '00-00*') -or (CustomAttribute2 -like '00-01*') -or (CustomAttribute2 -like '00-02*') -or (CustomAttribute2 -eq '00-00300')"
  Now, if your numbering isn't sequential and it can't be, you would need to add them individually - which may make your search filter unusable, in which case, you may need to create several dynamic groups and add them to a parent group.

• Security Group for SharePoint 2013 Online Enterprise 3

  I need to copy all the user account names from one SharePoint Security group to a different SharePoint Security group in the same single tenant.
  I can not figure out how to do this.
  Thanks.
  Dawn

  Call your local Microsoft office (any office may due, but info from your local office will be more accurate), and ask for the
  Account Manager for SMB (small to medium businesses) in the
  education sector.
  Scott Brickey
  MCTS, MCPD, MCITP
  www.sbrickey.com
  Strategic Data Systems - for all your SharePoint needs

• Using a security group to add members to the collection question

  Hi,
  I have a collection created in SCCM 2007 that is using a security group for membership. So I added a computer to the security group in AD but when I go to SCCM and click on the collection I dont see the computer in the collection. Should it show here or
  because it is a security group based membership will it not show the members?
  THanks!

  Details from Active directory are added to SCCM database through discovery methods. Please ensure that AD security group discovery and AD system discovery are enabled in the primary site. If they are enabled, check the frequency set for these discovery
  methods. Once you added these computers to the AD group, you need to wait till the next discovery cycle before it appears in SCCM collections. Till that point, SCCM database will not have information about the group memberships of these computers