Adaxes

Add MemberOf on Create User Form

+1 vote

I've added the MemberOf attribute to the create user form, but it gives an error when creating a user. Is there a way to do this?

Property 'Member Of' is system-only and is not intended to be modified by a user. Access to the attribute is not permitted because the attribute is owned by the Security Accounts Manager (SAM). (Server: example.com)
by (540 points)

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello,

The issue is that when you add a user to a group, you actually modify the group, not the user. In particular, you need to add the user's Distinguished Name (DN) to the Member property of the group. The Member Of property is just a back link in AD.

Since on the Create User Form the new user account is not actually created in AD yet, the user doesn't have a DN, and there is nothing to add to the Member property of a group.

We have a similar request in our product backlog. In the future, we'll think on some sort of a way of specifying the groups a new user needs to be added to. Currently, you can, for example, add new users to appropriate groups automatically. For examples on how to do this, see Automatically Add Users to Groups by Department and Automatically Change Group Membership Using Scripts.

Alternatively, if the above methods don't work for you, we can suggest the following workaround. On the Create User Form, you can make available a certain AD attribute of a user account that supports the DN syntax and allows multiple values. If you use an attribute that supports the DN syntax, users will be able to click on a Browse button associated with the attribute and select an object directly in AD. Also, you can configure the attribute to show groups only. Thus, users will be able to click on the Browse button and select a necessary group. If the attribute supports multiple values, they will be able to add multiple groups. For this purpose, we suggest using attribute See Also (LDAP name seeAlso), if you don't use it for other purposes.

Then, a Business Rule triggered after creating a user will add the new user account to the groups whose DNs are specified via the attribute. The Business Rule will need to run a PowerShell script. For information on how to run a PowerShell script automatically after creating a user, see the following tutorial: http://www.adaxes.com/tutorials_Automat ... ngUser.htm. Managing group membership with the help of PowerShell scripts is described in the following tutorial: http://www.adaxes.com/tutorials_Automat ... cripts.htm. If you need, we can help you with the actual script.

0

I didn't see it specifically mentioned in the release notes, but has this functionality been added in the 2018 version in some capacity?

by (540 points)
0

Hello,

No, there were no changes in this functionality.

by (272k points)

Related questions

0 votes
1 answer
Note field on create user form

Hello, Is there a way to add a note field on the create user form for additional information. This info would not go into Active Directory but just in the ... etc instead of sending a separate email to IT with additional information. Thanks in advance.

asked Nov 3, 2015 by nturner (100 points)
0 votes
1 answer
Add Multiple MemberOf in Single Step

I've created a custom web form for our help desk to use to create users and everything is working great but a number of our users belong to quite a long list ... form besides using the Member Of section field. Thanks in advance. Absolutely love this product!

asked Feb 7, 2013 by bemho (520 points)
0 votes
1 answer
Create custom form for new user account creation

We have a business need for automating and controlling the creation of service accounts in our AD. For example, we want all new service accounts to start with "svc_" for ... customize the "New User" form to create a "New Service Account" workflow in Adaxes?

asked Sep 10, 2021 by joshua.lapchuk (60 points)
0 votes
1 answer
Modify web form dynamically based on user input?

I am relatively new, so please be patient if this has already been asked and answered - I have started looking for this information and have not yet found it in this ... patterns based on the values being entered into the form. Is that in any way achievable?

asked Apr 2, 2014 by hms.scott (220 points)
0 votes
1 answer
Start Date on new user form

Hello- How can I add a field that will allow HR to enter a start date when creating new users? I added under the additional properties-custom attribute time stamp but don ... new hires. especially if you want to create and notify the team ahead of time. thanks

asked Oct 2, 2013 by MeliOnTheJob (1.7k points)
3,346 questions
3,047 answers
7,772 comments
544,972 users