Script repository

Force membership update for rule-based groups

Updated on: Jan 18, 2026, Views: 1017

Group membership

The scripts force membership update for rule-based groups. To execute either of the scripts, create a business rule, custom command or scheduled task configured for the required object type. The target object will not affect the script and is only required to execute.

Script 1: Force membership update for all existing rule-based groups

# Search parameters
$searcher = $Context.TargetObject
$searcher.Criteria = New-AdmCriteria "group" {membershipType -eq "rule-based"}
$searcher.SearchScope = "ADS_SCOPE_SUBTREE"
$searcher.PageSize = 500
$searcher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
$searcher.VirtualRoot = $True

try
{
    # Execute search
    $searchResultIterator = $searcher.ExecuteSearch()
    $searchResults = $searchResultIterator.FetchAll()

    foreach ($searchResult in $searchResults)
    {
        # Update group membership
        $group = $Context.BindToObjectBySearchResult($searchResult)
        $group.UpdateMembershipNow()
    }
}
finally
{
    # Release resources
    if ($searchResultIterator){ $searchResultIterator.Dispose() }
}

Script 2: Force membership update for rule-based groups in a specific OU

In the script, the $ouDN variable specifies the distinguished name (DN) of the OU. Only rule-based groups in the OU will be affected by the script. For information on how to get the DN, see Get the DN of a directory object.

$ouDN = "OU=My OU,DC=company,DC=com" # TODO: modify me

# Search parameters
$searcher = $Context.BindToObjectByDN($ouDN)
$searcher.Criteria = New-AdmCriteria "group" {membershipType -eq "rule-based"}
$searcher.SearchScope = "ADS_SCOPE_SUBTREE"
$searcher.PageSize = 500
$searcher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"

try
{
    # Execute search
    $searchResultIterator = $searcher.ExecuteSearch()
    $searchResults = $searchResultIterator.FetchAll()

    foreach ($searchResult in $searchResults)
    {
        # Update group membership
        $group = $Context.BindToObjectBySearchResult($searchResult)
        $group.UpdateMembershipNow()
    }
}
finally
{
    # Release resources
    if ($searchResultIterator){ $searchResultIterator.Dispose() }
}

Comments 0

You must be signed in to comment.

    Got questions?

    Support Questions & Answers

    We use cookies to improve your experience.
    By your continued use of this site you accept such use.
    For more details please see our privacy policy and cookies policy.