Applies To:

GroupID 10 – GroupID Management Shell

Business Requirement:

We have a requirement to convert some static groups to Smart Groups. Smart Groups have an LDAP criterion specified, that is used to fetch group membership. Simply setting LDAP criteria for static groups would convert them to Smart Groups. We want to convert groups in bulk.


We can use GroupID Management Shell to bulk convert static groups to Smart Groups. Firstly, we need a CSV file with the names of the static groups we want to convert; then add LDAP criteria for those groups in the file. After that, we can import that CSV file and use the convert-group cmdlet to convert static groups to Smart Groups.


  1. Firstly, you need a CSV file with the names of the groups you want to convert. For testing purposes, let’s pick groups by SAMAccountName. You can choose any attribute for picking groups, provided that it uniquely identifes the groups. Let’s use the following command in GroupID Management Shell to extract the groups to a CSV file:

    Get-Group -LdapFilter "(DisplayName=test_static*)"| Select SAMaccountName |Export-Csv -Path C:\Groups.csv

    This command picks all the groups that have their displayname starting with test_static. It creates a CSV file named Groups.csv at the root C drive and adds groups to it with their SAMAccountName.

  2. Create a new column named Criteria in the CSV file and specify an LDAP filter for each group.
    To create an LDAP filter, you can use the Query Designer in GroupID Automate. Define a query in the Query Designer and copy it by navigating to View > LDAP Query.

  3. After adding the criteria for all groups, import the CSV to GroupID. Use the following command in GroupID Management Shell for import:

    $g=Import-Csv "Path of the CSV” (Example "C:\New folder\Groups.csv")
    $g | ForEach-Object {Convert-Group -Identity $_.SAMaccountName -LdapFilter $_.Criteria -ObjectTypes "Users" -SearchContainers "OU=Test_Users,DC=DC1,DC=local" }

    This command imports the CSV file as per the value of the $g variable, setting the LDAP criteria for the respective groups and setting the object type in the query to Users. It also sets the search scope of the LDAP query to the OU specified for SearchContainers.

  4. The above command does not update the groups after conversion, so the group will have no members. To update the groups as soon as they are converted, use the following command:

    $g | ForEach-Object {Convert-Group -Identity $_.SAMaccountName -LdapFilter $_.Criteria -ObjectTypes "Users"|Update-Group}"
Note: Apply this method to some test groups first and if the results are to your satisfaction, apply it to production groups.