GroupID 8 - Automate and Self-Service
Business Use Case:
By default, groups that are created outside of GroupID using ADUC or any other mechanism are treated as private groups. You have hundreds of groups with private security type in a particular OU and you would like to modify the security type of these groups from private to semi-private in bulk.
Security type is pseudo to GroupID; security types indicate the access level for joining a group. Private, semi-private, and public are the three security types provided by GroupID.
A private group is one whose membership is determined solely by the group owner. The owner determines who can join and leave the group. Requests for joining or leaving such a group cannot be sent.
Semi-private groups, like private groups, have an owner who determines membership, except that members can request to join and leave the group. The owner and additional owners have the privilege to approve or deny the request. Essentially this is a workflow for joining or leaving a semi-private group.
A public group is open to all users. Users can join and leave a public group without requiring any permission.
Modify GroupID Security Type in Bulk:
Here is the GroupID Management Shell command to mass update the groups' security type. The cmdlet will get all groups from the search container specified and change the security type to semi-private.
|Get-Group -SearchContainer "OU=Corp Groups,OU=Corp,DC=box,DC=com" -SmartFilter "IMGSecurityType=Private" | Set-Group -SecurityType "Semi_Private"|
If you are looking to trigger the process on a schedule; write the following GroupID Management Shell commands in Notepad:
|Get-Group -SearchContainer "OU=Corp Groups,OU=Corp,DC=box,DC=com" -SmartFilter "IMGSecurityType=Private" | Set-Group -SecurityType "Semi_Private"
Get-process powershell | stop-process
Save the file with .ps1 extension on your drive. For reference in this article, let's name the file as Script.ps1.
To create the batch file:
- Write the following line in Notepad and save it as a batch file:
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -PSConsoleFile "C:\Program Files\Imanami\GroupID 8.0\GroupIDShell.psc1" -noexit -command ". 'C:\Script.ps1'"
The above command uses the location of the GroupID Management Shell file and the Script.ps1 file in the end.
- Go to the location where you saved the batch file and double-click it.
- It will first load the GroupID Management Shell in PowerShell snap-in and then execute the commands used in the Script.ps1 file.
- You can schedule the batch file using Windows Scheduler for any time suitable to your requirement.
GroupID Management Shell Guide