Overslaan naar hoofdinhoud
Inhoudsopgave overslaan

How to import AD group memberships as manual rights

This guide explains how to import existing user memberships from an Active Directory (AD) group into eADM as manual rights.

This process is useful for managing access that was originally granted through AD groups before eADM was implemented. By converting these memberships to manual rights, support staff and managers can add or remove access for individual users directly within the eADM interface.

Procedure

The process involves three main stages:

  1. Find the sAMAccountName of the AD group in eADM.

  2. Export the group members from AD using a PowerShell script.

  3. Assign the right to the exported users in eADM.

1. Find the group's sAMAccountName

First, you need to find the unique identifier (sAMAccountName) for the group that manages the right.

  1. In eADM, navigate to the Access control module for the relevant system (e.g., Microsoft).

  2. Go to the Rights tab.

  3. Click on the group name associated with the right you want to import. In the example below, we are looking for the group linked to the "Microsoft E3" right. 4. On the group's page, select the Foundation data tab.

  4. Locate the Naam field. The value in this field is the group's sAMAccountName, which you will need for the next step.

2. Export group members from Active Directory

Next, use PowerShell on a server with the Active Directory module installed to create a list of the group's members.

  1. Open PowerShell.

  2. Copy and paste the script below into the PowerShell console.

  3. Replace "11735-GS-Msol-SPE_E3" with the sAMAccountName you found in the previous step.

    CODE 
    PowerShell
    CODE 
    # 1. Define the AD group's sAMAccountName
$identity = "11735-GS-Msol-SPE_E3"

# 2. Define the output file path
$filePath = "C:\temp\members-$($identity).csv"

# 3. Get group members, retrieve their employeeNumber, and save to the file
Get-ADGroupMember -Identity $identity | `
  Get-ADUser -Properties employeeNumber | `
  Select-Object -ExpandProperty employeeNumber | `
  Out-File -FilePath $filePath -Encoding UTF8

Write-Host "Export complete. File saved to: $filePath"

Opmerking: This script exports the werknemerNummer for each user. If your organization uses a different identifier (like userPrincipalName), modify the -Properties en Select-Object parts of the script accordingly.

  1. Run the script. It will create a CSV file (e.g., C:\temp\members-11735-GS-Msol-SPE_E3.csv) containing a list of user IDs.

  2. Open the file and verify that it contains the correct list of identifiers.

3. Assign rights in eADM

Finally, use the exported list to assign the right to the users in eADM.

  1. In the eADM left-hand menu, navigate to Assign rights.

  2. Click the Provide identifiers button.

  3. Select the identifier type that matches the data in your CSV file (e.g., Employee number).

  4. Open your CSV file, copy all the identifiers, and paste them into the text box.

  5. Click Add and verify that the correct users appear in the selection list.

  6. Click Continue.

  7. Select the right you want to assign to these users (e.g., Microsoft E3).

  8. Follow the prompts and click Continue until you see a confirmation that the rights have been successfully assigned.

The process is now complete. The users from the AD group now have the corresponding right assigned manually in eADM.

JavaScript-fouten gedetecteerd

Let op: deze fouten kunnen afhankelijk zijn van de instellingen van je browser.

Als dit probleem zich blijft voordoen, neem dan contact op met onze supportafdeling.

Contact Ondersteuning Sluit