Osirium Logo

Review Group Memberships

Review Group Memberships Playbook IconReview Group Memberships Playbook Icon

This is an interactive task that allows the operator to review the users with direct memberships to Active Directory groups they manage.

The managedBy Active Directory group attribute is used to establish the groups managed by the operator.

Users are selected/unselected from a table to either certify or decertify their memberships.

Playbook Files

This playbook was built for PPA version 2.12.x

Running this Playbook

  • Click download playbook
  • Import the downloaded file via the Playbooks page on PPA
  • Build the playbook from the Edit & Build tab
  • Run the playbook from the Preview & Deploy tab
* Requires PPA v2.9.x or newer

Running Modes

The task can run in 2 modes:

Reporting Mode (default)

The task will not remove decertified users.

A report email is sent at the end of the task.

Active Mode

The task will remove decertified users.

A report email is sent at the end of the task.

Changing Mode

You can switch between running modes by changing the value of remove on line 343.

Integrations

Required Vault Details

Active Directory

  • IP/DNS address of a Domain Controller
  • Domain FQDN
  • Username
  • Password

As this task can be configured to modify group memberships, the Active Directory credentials may require write permissions.

If you only run this task in Reporting Mode, only read permissions are required.

Vault Configuration Wizard

The first time you run a task built from this playbook, PPA will check the required Vault details exist.

If they don't exist, PPA will ask you to supply the details at the start of the task.

Below you can see a user providing details the first time they run an Active Directory task.

vault-config-wizard

Once the details are added to Vault, the task won't ask for them again.

If you don't know the required details, ask an administrator to run the task or configure Vault manually.

What the Task Does

Once started, this task allows the operator to:

  • Select one or more groups managed by them
  • Review users with a direct membership to each selected group
  • Select or unselect users in a table to certify/decertify their memberships

If the task is running in Active Mode (see Running Modes above), unselected users will be removed from the relevant groups.

Once all groups have been reviewed, the operator should supply an email address that PPA will send a report to.

Product Boot Screen

Get PPA for free!

Start automating your estate with a free 30 day trial today. No signup required!

Get PPA Express

Documentation


Theale Court
11-13 High Street, Theale
Reading, Berkshire, RG7 5AH
United Kingdom
+44 (0) 118 324 2444

Osirium Logo

Copyright 2020 Osirium Ltd.