Add domain users to a group of security groups via group policy

Question

Is there a way to add domain users to a collection of security groups via group policy? We have some SSO groups that all employees share. Instead of tech support person having to manually add new user to each of these groups, we'd like to push them via GP. The reason is that sometime, our tech person would miss adding one or more of the groups during user creation.

1. This is a training problem, and a failure of automation. The tech shouldn't be in a position to make this mistake. 2. Group Policy is not meant to (nor will it) directly modify Active Directory (or its Objects). -- It could certainly be used to deploy scripts or tasks that in turn modify AD Objects. — Semicolon, Jul 30 '21 at 20:37

score 0 · Answer 1 · answered Aug 02 '21 at 12:48

0

You can nest security groups.

So, for example, if all of Department A's users need to be in 4 different groups you can add DepartmentA to Group1, Group2, Group3, and Group4.

Now all you have to do is add a user to DepartmentA and they will also be in Group1-Group4.

answered Aug 02 '21 at 12:48

AutoGnome

161
6

Thank you. I'll give it a go and see if that works. – KMote Aug 03 '21 at 16:19

score 0 · Answer 2 · answered Aug 19 '21 at 19:39

You should really take a look at Role Based Access Control concept. You can create security groups for certain jobs/roles and then nest those groups in hierarchy of nested groups where the top groups have access to resources, internet access, shared folders, VPN access, mail groups, access to various services and software and target to specific GPO policies. It is hard to initially set this up but later management of users is extremely simplified.

Add domain users to a group of security groups via group policy

2 Answers2