I recently watched a demonstration of Forefront Identity Manager’s implementation of dynamic security groups, a feature that GroupID Automate has had since its inception. The FIM query designer appeared to do a pretty good job and I was beginning to see where it would fit into the marketplace when at the 45 minute mark, the speaker dropped the bombshell.
The speaker says, “this group is something that is defined within Forefront Identity Manager; it is not an Active Directory group but of course we can use the connector for Active Directory.” Going through the rest of the presentation, they show a flowchart of FIM that makes it appear that FIM creates the group in an object store that has to be synchronized with the metadirectory which is then synchronized with Active Directory.
In my experience in IT and life in general, moving parts are bad. The fewer moving parts the less that can break. That’s why I titled this post, “Dynamic security groups in Active Directory.” Because that’s the key part, put the darned group where you want it to be in the first place.
I have done a chalktalk on creating a dynamic security group in Active Directory using GroupID and it couldn’t be simpler. And the group is created directly into Active Directory, exactly where you want your Active Directory groups.
Take GroupID Automate for a test run and see how simple this is.
Jonathan Blackwell
View ProfileSince 2012, Jonathan Blackwell, an engineer and innovator, has provided engineering leadership that has put GroupID at the forefront of group and user management for Active Directory and Azure AD environments. His experience in development, marketing, and sales allows Jonathan to fully understand the Identity market and how buyers think.