Return
-
Title
How to: Temporary add members for 8 hours -
Description
There is a requirement to temporary add members to groups for 8 hours only.
-
Resolution
Workaround
1.- Create a new Script Module and paste below script:
function temporalGroupMembership($Request) { $users = $workflow.SavedObjectProperties("AddedMembers").getEx("member") $groupDN = $Request.Get("distinguishedName") $time = (Get-Date).AddMinutes(480).ToUniversalTime() $hash = @{} $hash.add("ScheduledOperation-SetTime",$time) foreach($userDN in $users) { Remove-QADGroupMember -Identity $groupDN -Member $userDN -Control $hash } }2.- Create a new Change Workflow.
3.- Configure the new created workflow so that it triggers when a user is added in any groups located within a specific OU:
4.- Add a "Save Object Properties" activity under the "Operation execution", set a name:
5.- Under the "Activity target" section leave the default option "Workflow Target". Under the "Target Properties" section select attribute "Members":
6.- Add a "Script" activity under the "Save Object Properties" activity, select the script module name and function name:
function temporalGroupMembership($Request) { $users = $workflow.SavedObjectProperties("AddedMembers").getEx("member") $groupDN = $Request.Get("distinguishedName") $time = (Get-Date).AddMinutes(480).ToUniversalTime() $hash = @{} $hash.add("ScheduledOperation-SetTime",$time) foreach($userDN in $users) { Remove-QADGroupMember -Identity $groupDN -Member $userDN -Control $hash } }