Cant be too sure about the answer but To my knowledge there is no way of websense automatically adding/removing users from directory groups as this is solely controlled in the directory itself. I'm not 100% with V7 yet but with V6.x.x if the user is not a member of a group the default policy automatically applies, therefore if you want to change the standard policy that applies to all users (unless in another policy group) then simply amend the default policy.Please refer this link hope you will get your answer.
I'm not 100% sure that this would work or not but you would have to approach this from one of two direction.
Active Directory
Theoretically you could build a custom AD filter that is fired whenever a specific condition is met. For instance, many people run password change filters to capture the password and when it was changed. You could build a logon filter and then try to decipher the additional information that is provided to then execute some other logic to add the user to a group.
Not exactly confident that this would be easy or even doable
Exchange
Let Exchange handle this logic. Build some add-on to Exchange that handles the ActiveSync connection and then performs the same logic as above to add the user to the group.
Obviously this is all theoretical and may or may not work properly, it will certainly be a custom solution.
Not 'automatic', but a PowerShell script or equivalent scheduled task could query for objectCategory=person objects that are Exchange users (such as homeMDB=*), and have child objects located under ExchangeActiveSyncDevices, then refresh a distribution group membership with the results.
Objects with a parent DN that includes user object and a child CN=ExchangeActiveSyncDevices are a reasonably accurate indication of an ActiveSync device.
The objectCategory would be 'msExchActiveSyncDevice'.
You may also want to refine the query by specifying that the whenChanged attribute is recent. Stale devices tend to stay in AD and are not removed.
Here is a sample ldifde output of an ActiveSync device:
Cant be too sure about the answer but To my knowledge there is no way of websense automatically adding/removing users from directory groups as this is solely controlled in the directory itself. I'm not 100% with V7 yet but with V6.x.x if the user is not a member of a group the default policy automatically applies, therefore if you want to change the standard policy that applies to all users (unless in another policy group) then simply amend the default policy.Please refer this link hope you will get your answer.
http://www.activedirectorytutorial.net/
I'm not 100% sure that this would work or not but you would have to approach this from one of two direction.
Theoretically you could build a custom AD filter that is fired whenever a specific condition is met. For instance, many people run password change filters to capture the password and when it was changed. You could build a logon filter and then try to decipher the additional information that is provided to then execute some other logic to add the user to a group.
Not exactly confident that this would be easy or even doable
Let Exchange handle this logic. Build some add-on to Exchange that handles the ActiveSync connection and then performs the same logic as above to add the user to the group.
Obviously this is all theoretical and may or may not work properly, it will certainly be a custom solution.
Not 'automatic', but a PowerShell script or equivalent scheduled task could query for objectCategory=person objects that are Exchange users (such as homeMDB=*), and have child objects located under ExchangeActiveSyncDevices, then refresh a distribution group membership with the results.
Objects with a parent DN that includes user object and a child CN=ExchangeActiveSyncDevices are a reasonably accurate indication of an ActiveSync device.
The objectCategory would be 'msExchActiveSyncDevice'.
You may also want to refine the query by specifying that the whenChanged attribute is recent. Stale devices tend to stay in AD and are not removed.
Here is a sample ldifde output of an ActiveSync device: