Dynamic AD Security groups

Active Directory does not offer any build in Dynamic Security groups, whereas Exchange does offer Dynamic Distribution lists.

So to solve this problem you could run a PowerShell script based on users in an OU.

The script below will scan one or more OU’s and add each user account to the AD Security group you specify and will remove any user objects that have been removed or moved to a different OU.
When running the Get-ADGroupMember you might experience this error: The size limit for this request was exceeded is so follow these instructions on how to change the default limit.

I hope this was informative. For questions or comments you can always give a reaction in the comment section or contact me:

2 thoughts on “Dynamic AD Security groups

  1. Great post. We also thought dynamic security groups would be very beneficial in many cases. That’s why we put it one step further FirstWare DynamicGroup – so that you can create complex filters with a GUI.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.