Views:

Applies To:

GroupID 10 - GroupID Management Shell

Problem Statement:

Group security type is a proprietary feature of Imanami GroupID that lets you set the membership permissions for a group, so that you can control the way users join or leave a group. There are three group security types available in GroupID:

  • Public: Users can freely join or leave this group.
  • Private: Only group owners can add and remove members from this group.
  • Semi-Private: Users can request to join or leave this group, which must be approved by the group owner.

By default, GroupID assigns the Private (i.e. closed membership) security type to the following groups:

  • All groups created directly in Active Directory
  • All groups created through GroupID Automate or Self-Service (unless you explicitly change the security type)

Since most of the groups in Active Directory are set to the ‘Private’ security type when GroupID is introduced to the system, you might want to bulk change the security type.

Methodology:

We can get the required groups in a CSV file using the Get-Group command. Then add a column for group security in the file and specify a security type for groups. Next, import the CSV back and use the Set-Group command to change the security type in bulk.

Steps:

  1. Firstly, we need a CSV file with the names of the groups you want to change the security type for. In GroupID Management Shell, use the following command to extract those groups:

    Get-Group -SearchContainer "OU=Groups,DC=DC1,DC=local" |Select SAMAccountName |Export-Csv "C:/groups.csv"-NoTypeInformation

    This command extracts all the groups in the specified OU and selects their SAMAccountNames to add to a CSV file named Groups.csv in the root C drive. You can extract any group attribute, provided that it should uniquely identify the groups. Here is an example of the extracted CSV:

  2. Add a column for security type in the file and set it to Semi-Private for all groups.

  3. Now import this CSV file into GroupID to update the security type in bulk. To do that, use the following command in GroupID Management Shell:

    $g=Import-Csv "Path of the CSV file" (Example "C:\New folder\Groups.csv")
    $g | ForEach-Object {Set-Group -Identity $_.SAMaccountName -SecurityType $_.Security}

    This command imports the CSV file as per the value of the $g variable and sets the security type of the specified groups to Semi-Private.
Note: Please apply this method to some test groups before applying it to production groups.
Keywords: Security, bulk, shell, groups