Hey everyone! I recently put together a tutorial on how to dynamically assign users to Active Directory groups based on their preferred language attribute, similar to what you can do with dynamic groups in Entra ID. The tutorial covers how to set up a dynamic security group system, leverage PowerShell scripts to evaluate and assign group memberships, and automate everything with a scheduled task. I've included all the relevant code and a sample script to help you get started quickly. I'd love to get your feedback or hear how you all are handling this kind of automation! Check out the tutorial here: https://mylemans.online/posts/Active-Directory-DynamicUserGroups/
2 Answers
This method sounds really interesting! I usually prefer using the format operator and ditching quotes around hashtable keys if they’re not necessary. For example, I would write a logging function like this:
```powershell
function Log-Message {
param ([string]$Message)
'{0:yyyy-MM-dd HH:mm:ss} - {1}' -f (Get-Date), $Message | Out-File -FilePath $logFile -Append
}
```
Also, consider using an LDAP filter to speed up recursive searches. It significantly reduces execution time compared to using Get-ADGroupMember. Here’s a snippet that really cuts down the time:
```powershell
$ldapFilter = '((distinguishedName={0})(memberof:1.2.840.113556.1.4.1941:={1}))' -f $user.DistinguishedName, $targetGroupDN
Get-ADUser -LDAPFilter $ldapFilter
```
I believe these tweaks could optimize your script a lot!
Where are you getting that preferred language data? I can’t imagine it’s just manually entered in a CSV. If it’s in AD’s custom property, why use CSVs at all?
Thanks for the tips! I’ll definitely try it out in my lab first and tweak the blog post. If you want, you can drop these suggestions in the comments section of the blog too!