Taking action based on Active Directory Users or User groups

Hi,

I am pretty sure the answer is “No”, but i’ll ask anyway.
is there a way to target an action based on Active Directory Users or User groups?
just to clarify - not AD computers, not AD OU’s, but AD users and user groups.

Thanks!

When you Take Action, one of the options is “Run only when a use is logged on” and you can select groups there. Does that help?
You can also target users and user groups, but you’ll only see that user/group options when there is actually someone logged on.

You know @JasonWalker, i’ve been using Bigfix for 14 years and have NEVER thought about using this option :joy::joy:
ill give it a try today. my guess is that the action will be in “Waiting” status until the user logs in.

Thanks!

so i spoke with the client again, apparently this is not exactly what he wanted (go figure…)
he wanted to run an action, but exclude it from running on members of a specific AD group…
i ended up doing the following:

  1. using GPP, members of that group get a dummy registry entry (on HKCU)
  2. Bigfix will run the action, unless said reg key exists for current user keys (logged on user) of registry

problem solved…

Thanks!

You can target based on AD group membership by adding the following relevance to your task/fixlet

(((exists value whose(it as lowercase = “INSERT_GROUP_NAME” as lowercase ) of components whose(type of it=“CN”) of distinguished names ((distinguished names of groups of it; distinguished names of it) of logged on users of it))) of active directory)

Obviously the user would have to be logged in for this to work.

1 Like

Hi @nicksberger, sounds sweet, ill give it a try!

thanks!