How to change membership in groups based on attributes of users in AD automatically
If your company has a complicated structure, you may need to filter members of your security or distribution groups automatically based on changes to some attribute of users in Active Directory – let's say Department.
There is a simple way how to do it: create a grp.txt file whose content would be names of departments, and second a changemembership.bat file in the same path, where inside would be:
FOR /F %%i in (grp.txt) do dsquery * domainroot -filter "(&(objectCategory=user)(department=%%i))" | dsmod group "CN=%%i,ou=Distribution Lists,dc=company,dc=com"
chmbr Prerequisities: your group name must be the same as name of your department (customize rest of CN path as you require), or you need to think another way to associate your users with groups. I want just to show you the capability of AD in right usage.