Views:

Applies To:

GroupID 8, 9, 10 - Automate

Use Case:

We want to create a group of all expired users in Active Directory. Is there a criterion to create such a group?

Explanation:

We can achieve the above by comparing the value of the Active Directory attribute, accountExpires with the current date using a script.

Steps for GroupID 8:

  1. In GroupID Management Console, select Automate > right-click All Groups > New > Smart Group.
  2. Go through the pages of the New Smart Group wizard until you reach the Query Options page.
  3. Click Modify to launch the Query Designer dialog box.
  4. On the Identity Store tab of the Query Designer, add the following query:
     
    accountExpires          LessThan (<=)         {0}


     
  5. Click OK to close the Query Designer and continue with the New Smart Group wizard.
  6. On the Update Options page, select the Update Later and then the Choose Later option buttons.


     
  7. Complete the wizard to create the Smart Group.
  8. Now right-click this new Smart Group and select Modify Query on the shortcut menu.    

    • On the Smart Script tab of the Query Designer dialog box, click the Edit Script button.
    • In the Script Editor, scroll down to 'Sub ATM_BuildQuery' and add the following line:
      args.Criteria = String.Format (args.Criteria, DateTime.Now.ToFileTimeUtc().ToString())
    • Click Build Compile Script on the menu.


       
    • Click File Exit; then click Yes to save the changes.
    • Click OK to close the Query Designer.
  9. Right-click the group and select Update on the shortcut menu to get all expired users as group members.
  10. Conversely, if you want to get all users that are not expired, use the following query on the Query Designer:
     
    accountExpires         GreaterThan (>=)          {0}


       

Steps for GroupID 9 and 10:

  1. In GroupID Management Console, select Automate > right-click All Groups > New Smart Group.
  2. Go through the pages of the New Smart Group wizard until you reach the Query Options page.
  3. Click Modify to launch the Query Designer dialog box.
  4. On the Identity Store tab of the Query Designer, add the following query:
     
    accountExpires          LessThan (<=)         {0}
    accountExpires         Is Not                        0


     
  5. Click OK to close the Query Designer and continue with the New Smart Group wizard.
  6. On the Update Options page, select the Update Later and then the Choose Later option buttons.
  7. Complete the wizard to create the Smart Group.
  8. Now right-click this new Smart Group and select Modify Query on the shortcut menu.
    • On the Smart Script tab of the Query Designer dialog box, click the Edit Script button.
    • In the Script Editor, scroll down to 'Sub ATM_BuildQuery' and add the following line:
      args.Criteria = String.Format (args.Criteria, DateTime.Now.Ticks)
    • Click Build Compile Script on the menu.

    • Click File Exit; then click Yes to save the changes.
    • Click OK to close the Query Designer.
  9. Right-click the group and select Update on the shortcut menu to get all expired users as group members.
  10. Conversely, if you want to get all users that are not expired, use the following query on the Query Designer:
    accountExpires         GreaterThan (>=)          {0}

 

Known Issue: When we apply a script, the results cannot be previewed using the Query Designer's Preview button.

Reference:

GroupID Online Help topic: Query Designer dialog box

Keywords: accountExpires, Smart Group, expired users