Adding People to Groups

Home / Identity Administration / People / Current: Adding People to AD Groups

EmpowerID allows you to add people to groups as needed. When you do so, the user account associated with the person is added to the group. This topic demonstrates how to do this.


Prerequisites

To add an EmpowerID person to an Active Directory group, the person must have an account in Active Directory.


To add people to groups

  1. In the Navigation Sidebar of the EmpowerID Web interface, expand Identities and click People.
  2. From the Actions pane of the Person management page, click Add Person to Groups.



  3. In the Select Person Lookup that appears, search for the person you want to add to a group and click to select the person.



    For immediate processing, leave Wait to See Results selected. If you clear Wait to See Results and click Submit, the process idles and EmpowerID creates a task for it, routing it to any Person with the delegations to continue moving the people.

  4. Click Submit.
  5. In the Groups to Join lookup that appears, search for and select the group to which you want to add the person.



  6. Repeat step 5 for each additional group to which you want to add the person.

    For immediate processing, leave Wait to See Results selected. If you clear Wait to See Results and click Submit, the process idles and EmpowerID creates a task for it, routing it to any Person with the delegations to continue moving the people.

  7. Click Submit.
  8. Click OK to close the Operation Execution Summary.

To verify that the person was added to the group in EmpowerID

  1. In the Navigation Sidebar, expand System Logs and click Audit Log.
  2. In Change Manager, click the Group Membership Changes tab and search for the person you added to the group.

    Verify that there is a record showing that the person's user account was added to the specified group.

To verify that the person's account was added to the group in Active Directory

  1. On a machine with the Active Directory Module for Windows PowerShell installed, run the following cmdlet, substituting the name of the group with your group:

    GET-ADGroupMember "BK-GVR01"
  2. Verify that the person's AD user account is a member of the group.



Related Content