Discussion:
ADAM -- How to add a group to be a member of another group
(too old to reply)
cameron
2009-05-29 19:29:32 UTC
Permalink
ADAM -- How to add a group to be a member of another group

I am using Microsoft Active Directory Application Mode (ADAM) for a
directory service.

I have created several users and groups in ADAM. I have assigned
users to their respective groups. Now I want to assign several of the
"sub-groups" to a "main-group"... How do I do this?

I have created users and groups as specified in the Microsoft
ADAM_Step-by-Step_Guide.doc document. However, using the ADAM ADSI
Edit Administration Tool, I cannot figure out how to make a group a
member of another group. When I go to modify a group, and edit the
"member" attribute, there is an option to add users from either ADAM
or Windows, but not to add a group to be a member of the group. Is
this possible?

Thank you,

Cameron
Lee Flight
2009-06-01 08:11:46 UTC
Permalink
Hi,
when editing the member attribute in Windows 2003 ADSIedit if you select
"Add ADAM Account"
you can enter the distinguishedName of a group in the same way that you
would
add an ADAM user.

In WS08 ADSIedit the "Add ADAM Account" label becomes "Add DN".

Lee Flight
Post by cameron
ADAM -- How to add a group to be a member of another group
I am using Microsoft Active Directory Application Mode (ADAM) for a
directory service.
I have created several users and groups in ADAM. I have assigned
users to their respective groups. Now I want to assign several of the
"sub-groups" to a "main-group"... How do I do this?
I have created users and groups as specified in the Microsoft
ADAM_Step-by-Step_Guide.doc document. However, using the ADAM ADSI
Edit Administration Tool, I cannot figure out how to make a group a
member of another group. When I go to modify a group, and edit the
"member" attribute, there is an option to add users from either ADAM
or Windows, but not to add a group to be a member of the group. Is
this possible?
Thank you,
Cameron
cameron
2009-06-01 12:56:52 UTC
Permalink
Hello Lee,

Thank you for your reply.

I actually have already tried that. And even though I can add a group
as a member to another group this way, it does not appear that the
members of the "sub-group" inherit the group ownership of the main-
group.

I will experiment a little more.

Thanks,

Cameron
Joe Kaplan
2009-06-01 14:44:28 UTC
Permalink
What are you expecting to have happen with nested grouping? The memberOf
attribute of a user will only have the direct membership of the user, not
the full transitive membership. You need to either use an attribute like
tokenGroups to get transitive membership calculated or you need to calculate
the membership recursively.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
Post by cameron
Hello Lee,
Thank you for your reply.
I actually have already tried that. And even though I can add a group
as a member to another group this way, it does not appear that the
members of the "sub-group" inherit the group ownership of the main-
group.
I will experiment a little more.
Thanks,
Cameron
Continue reading on narkive:
Loading...