I am trying to find a way to make sure that everyone who is in specific OU is always added to the same Domain level security group or distribution list. There are many articles that show how to add a domain user to a local group but none that I can find that allow you to add users to domain level groups using Group Policy.
Ex. I create an OU called accounting and want to be sure that everyone added to this OU is in the Acct_Sec security group. Rather than have to remember to add this group wouldn't it be more reliable to have the group automatically assigned when someone is added to the OU?
I have found articles with PowerShell scripts that may or may not reliably add group membership but it is only one user at a time. Also these need to be run manually.
I also know that you can copy existing existing AD accounts or templates to create users. This is not practical in our particular situation. We have an Exchange Hybrid environment. This requires that new users are created on the Exchange Management Console which then creates a new AD account on the domain. This means that we don't have the option to copy an existing AD user for Group Memberships and that group memberships have to be added manually for each new account. This can result in groups being forgotten of the wrong groups being added.
Group Policy is so powerful, something simple like this should be built-in.