Adding People to AD Groups

EmpowerID allows you to add people to groups as needed. When you do so, the user account associated with the person is added to the group. This topic demonstrates how to do so and is divided into the following activities:

To add EmpoweID people to Active Directory groups, those people must have an account in Active Directory.

To add people to groups

  1. From the Navigation Sidebar of the EmpowerID Web interface, navigate to the Person management page by expanding Identities and clicking People.
  2. From the Actions pane of the Person management page, click the Add Person to Groups action.
  3. In the Select Person Lookup that appears, search for the person you want to add to a group and then click the record for that person to select the person.
  4. To allow the process to continue leave Wait to See Resultsselected. If you deselect Wait to See Results on this screen and then click Submit, the creation process will idle and EmpowerID will create a task for it, routing it to any Person with the delegations to continue creating the Person.
  5. Click Submit.
  6. In the Groups to Join lookup that appears, search for and select the group to which you want to add the person.
  7. Repeat step 5 for each additional group to which you want to add the person.
  8. To allow the process to continue leave Wait to See Resultsselected. If you deselect Wait to See Results on this screen and then click Submit, the creation process will idle and EmpowerID will create a task for it, routing it to any Person with the delegations to continue the process.
  9. Click Submit.
  10. Click OK to close the Operation Execution Summary.

To verify the person was added to the group in EmpowerID

  1. From the Navigation Sidebar, navigate to Change Manager by expanding System Logs and clicking Audit Log.
  2. In Change Manager, click the Group Membership Changes tab and then search for the person you just added to the group.
  3. You should see a record showing that the person's user account was added to the specified group.

To verify the person's account was added to the group in Active Directory

  1. On a machine with the Active Directory Module for Windows PowerShell installed, run the following cmdlet, substituting the name of the group with your group:
  2. GET-ADGroupMember "BK-GVR01"

    You should see the person's AD user account is a member of the group.