Applies To:
GroupID 8, 9, 10 - Synchronize
Business Scenario:
We use GroupID to create users and place them in OUs according to their departments. Later, when their department changes, we would like to move those users to their respective new departmental OUs. Is there a way to achieve this with Synchronize?
Environment:
In my Active Directory environment, all users are located under: OU=Department_Name,OU=Corp Users,OU=Corp,DC=ca,DC=loc
More Information:
This is very much doable using the power tool, Imanami.Synchronize.ActiveDirectoryTool. For this article, department is our criterion; GroupID Synchronize will sync the new value of department and move a user to his or her new department OU.
Steps:
-
In GroupID Management Console, expand the Synchronize node, right-click All Jobs, and then click New Job. This launches the New Job wizard.
-
On the Select Source page, select the required source provider from the Select a provider for the source list. This is where the new department value will be consumed.
-
On the Select Destination page, select Microsoft Active Directory (LDAP) from the Select a provider for the destination list.
-
On the Sync Object page, select User as the object type and the Skip option. Click Next.
-
On the Select Fields page, move the Department attribute to the Selected Fields list and click Next.
-
On the Field Map(s) page, select the Key checkbox.
-
Click Edit Global Script.
-
In Global Script Editor, click Tools and then Add/Remove Reference. On the Add Reference dialog box, click Browse and go to the following location (for GroupID 10):
X:\Program Files\Imanami\GroupID 10.0\Synchronize\PowerTools
where X is the GroupID installation directory. -
Select Imanami.Synchronize.ActiveDirectoryTool.dll and click OK on the Add Reference dialog box.
-
In the code, go to DTM_RowChanged method and paste the following code. Then click Build > Compile Script.
LDAP://OU=Department_Name,OU=Corp Users,DC=ca,DC=local"
Here, the later part of the Distinguished Name is constant and only the Department value is the variable.ActiveDirectoryTool.ConfigureFromDestination()
ActiveDirectoryTool.MoveObject("LDAP://OU="& DTM.Source("Department") & "," & "OU=Corp Users,OU=Corp,DC=ca,DC=loc")If your department structure is not as simple or there are exceptions, utilize the script below after customizing it accordingly. Each case statement will represent an exception while the generic criteria will be under 'else'.
ActiveDirectoryTool.ConfigureFromDestination()
'Exceptions
select case DTM.Source("Department")
Case "Finance"
ActiveDirectoryTool.MoveObject("LDAP://OU=Finance,OU=AICorp,DC=ai,DC=lab")
Case "Engineering"
ActiveDirectoryTool.MoveObject("LDAP://OU=Engineering,OU=AICorp,DC=ai,DC=lab")
Case "Sales"
ActiveDirectoryTool.MoveObject("LDAP://OU=Sales,OU=AICorp,DC=ai,DC=lab")
Case "Operations"
ActiveDirectoryTool.MoveObject("LDAP://OU=Operations,OU=AICorp,DC=ai,DC=lab")
Case "Accounts"
ActiveDirectoryTool.MoveObject("LDAP://OU=Account,OU=AICorp,DC=ai,DC=lab")
Case "Marketing"
ActiveDirectoryTool.MoveObject("LDAP://OU=Marketing,OU=AICorp,DC=ai,DC=lab")
'Generic Crieteria
Case else
ActiveDirectoryTool.MoveObject("LDAP://OU=UnassignedUsers,OU=AICorp,DC=ai,DC=lab")
End Select -
Click Build > Compile Script. After successful compilation, click Save and then Exit.
-
Go through the remaining pages of the wizard to complete the job. Run the job to move users.
This code will check the value of the Department attribute against all users in Active Directory and will move them to their respective OUs.Note: Before running this job, please ensure that the organizational unit already exists in Active Directory.
Reference:
GroupID Online Help topic: Creating a Job (Synchronize)