Introduction to Group Security Type
Group security type is a proprietary feature of Imanami GroupID, which lets you set the membership permissions for a group, so that you can control the way users join or leave a group. There are three group security types available in GroupID:
- Public: Anybody can freely join or leave this group.
- Private: Only group owners can add or remove members from this group.
- Semi-Private: Users can request to join or leave a group, which must be approved by the group owner.
By default, GroupID assigns the “Private” (i.e. closed membership) security type to the following groups:
- All the existing groups in Active Directory that were/are created directly in Active Directory.
- All the groups created through GroupID Automate or Self-Service (unless you explicitly change the security type).
Since most of the groups in Active Directory are set to ‘Private’ security type when GroupID is introduced to the system, you might like to bulk change the security type of the groups. However, this bulk change must be contained.
We would like to change the security type of all the groups that meet the following criteria from Private to Semi-Private.
- Groups must be a day old.
- Groups must be in a specific OU.
- Groups must be of the distribution list type.
Here is how it can be achieved.
We wrote a script to achieve the requirement.
The following image explains the commandlets in the scripts and what they accomplish.
The highlighted parameters can be changed to suit the environment and requirement.
Steps to Execute:
First of all, copy the following script to a notepad file and make the desired adjustments.
|$dte = [datetime](Get-Date).ToUniversalTime().AddDays(-1)
$grp=Get-ADGroup -SearchBase "Enter your desired OU here" -Filter 'whencreated -gt $dte -and GroupCategory -eq "Provide Group Type Security/Distribution"'
$grp.("DistinguishedName") | Set-Group -SecurityType "Semi_Private"
stop-process -id $pid
Go to the following location:
|X:\Program Files\Imanami\GroupID 9.0
where x represents the GroupID installation drive
Locate a PowerShell script file called GroupID, create another copy of this file at the same location but with a different name, and open it in notepad. (We called it custom.)
At the bottom of this file, append the above script and save. Now it will look somewhat like this:
Now open the Windows PowerShell as administrator and run the following command.
|C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -PSConsoleFile "C:\Program Files\Imanami\GroupID 9.0\GroupIDShell.psc1" -noexit -command ". 'C:\Program Files\Imanami\GroupID 9.0\custom.ps1'"|
The output after executing the above command will reflect the desired changes. You can also confirm the same by sampling and checking the groups in the Self-Service portal.