-
Notifications
You must be signed in to change notification settings - Fork 70
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ad_group_membership allows only to replace all members #134
Comments
I just submitted a pull request for this. Please let me know if this change is ok and if the code requires any improvements. |
We faced a similar problem - when adding users by sAMAccountName, resource "ad_group_membership" recoginize existing users by GUID and trying to delete users with GUID and adding same users by sAMAccountName -
This PR #135 would help us with our infrastructure |
This would be helpful for me as well. I use this provider to manage AD users and groups for use with AWS SSO. I have a module against our payer account and against AWS Orgs member accounts to add all groups to a parent group for SCIM provisioning filtering. I need to manage group membership in a common AD group from multiple workspaces/accounts without each account stapping on other accounts. |
I tested this provider and the new resource type ad_group_member works as expected. I was able to easily convert my existing resources of type ad_group_membership to ad_group_member with the desired end result of the various workspaces not conflicting with one another. |
This has been working for me for the last 6 weeks. Any chance this can be merged into the provider? |
@koikonom any chance we could add this resource, the replace all is a real pain to work around as i have to pass around members in vars so that i only have 1 place i define membership |
I also have this issue when managing to many users which results in an |
How long is too long? I'm just about to start using TF to manage some AD groups, is it 100+ or much smaller numbers before it hits the length limits ? |
When using the ad_group_membership resource, I have to always provide the full list of members. This is because the resource replaces the current group members with the ones provided in input.
This is complex to handle if an AD group is shared between multiple Terraform automations, with each automation interested in adding its own users to the group.
I would like to add a reosurce named ad_group_member that allows to add a single member to an ad group. The member is just added as an additional member, without replacing the ones already in the group. If the resource is destroyed, the user is removed from the group membership, but only this user is removed.
If you think this feature is useful, I can contribute a pull request that implements it.
The text was updated successfully, but these errors were encountered: