0 votes

I'm adding members to groups through a custom web portal but they don't show up in the "Members" property of the group unless I select "Show Indirect Members". The group membership also does not appear when viewing the user "Member of" properties unless I select "Show Indirect Membership". I have verified direct member/membership through the objects in AD. How can I rectify this issue?

by (350 points)

1 Answer

0 votes
by (216k points)

Hello,

We cannot reproduce such behavior in our testing environment. Can you answer a couple of questions to help us troubleshoot the issue?

  1. What type of objects are you trying to add to group members (e.g. users, contacts)?

  2. Are the objects that you are trying to add to members and the groups, to which you are trying to add them, located in the same domain or different domains?

  3. Also, this may be a replication issue. Can you do the following?

    • Add members to a group and verify that the issue is reproduced.
    • Wait for some time (say, 5-10 minutes).
    • View the membership of the group again. Can you see the members added to the group on step 1 without ticking the Show Indirect Members option?
0

1.What type of objects are you trying to add to group members (e.g. users, contacts)?
User Objects
2.Are the objects that you are trying to add to members and the groups, to which you are trying to add them, located in the same domain or different domains?
They are in the same domain
3.Also, this may be a replication issue. Can you do the following?
1.Add members to a group and verify that the issue is reproduced.
I was able to reproduce
2.Wait for some time (say, 5-10 minutes).
Waited for 15 mins
3.View the membership of the group again. Can you see the members added to the group on step 1 without ticking the Show Indirect Members option?
Still having the same issue, wether viewing the Members of the Group in question, or viewing the membership of the User in question. I'm also noticing that Domain Users does not appear in the Member Of properties of the User, with or without Show indirect membership selected.

0

Can you do the following to verify this is not a Security Roles issue?

  1. Log in to your custom Web Interface with the credentials of Adaxes default service administrator (the account that you specified during Adaxes installation).
  2. Add users to a group and check whether the issue is reproduced.
0

By doing that I can see all membership without selecting Show inderect membership.

0

Hello,

The thing is that if a user cannot read the MembersGuid and DirectMembersGuid properties of group objects, the Members section of groups will not function normally. Also, if a user cannot read the MemberOfGuid and DirectMemberOfGuid properties of user objects, the Member Of section of user objects will not function normally as well. This is a bug that will be fixed in our next version.

As a workaround for now, you can grant your users the permissions to read these properties. For this purpose you need to create a new Security Role that grants the necessary permissions or modify an existing Security Role and add the necessary permissions to it. To do this:

  1. Launch Adaxes Administration Console.

  2. Expand the service node that represents your service.

  3. Right-click any object under the expanded service node, point to New, and then click Security Role.
    or
    Expand Configuration / Security Roles and select the Security Role you want to modify.

  4. On the 2nd step of the Create Security Role wizard, click Add.

    or
    Click the Add button above the list of permissions.

  5. In the Add Permissions dialog that appears, select the Group object type.

  6. Select the Show all properties option.

  7. Select the Read 'MembersGuid' Property and Read 'DirectMembersGuid' Property permissions in the Property-specific permissions section.

  8. Click OK.

  9. Click Add again.

  10. In the Add Permissions dialog that appears, select the User object type.

  11. Select the Show all properties option.

  12. Select the Read 'MemberOfGuid' Property and Read 'DirectMemberOfGuid' Property permissions in the Property-specific permissions section.

  13. Click OK.

  14. Finish creation of the Security Role.
    or
    Save the modified Security Role.

0

Problem solved! Thanks for your assistance!!

0

The issue was fixed in Adaxes 2013.1.

Now, the permission to read the MembersGuid and DirectMembersGuid properties of Group objects is not required for the Members section to function normally. Also, the permission to read the MemberOfGuid and DirectMemberOfGuid properties of User objects is no longer needed for the Member Of section to function.

Related questions

0 votes
1 answer

I would like to show a couple of Adaxes Virtual Attributes in the Web Portal. I've added them in the Configuration, see the 1st screenshot below. I've ... . Any help? Virtual Attributes added Security Role has permissions Virtual Attributes not showing up

asked Jul 29, 2020 by nate2 (90 points)
0 votes
0 answers

Hi all Primary objective is to manage cloud only group membership but in a future include cloud only accounts. I've registered a Azure domain which is managed by ... /www.adaxes.com/questions/12293/add-to-365-group-automation-for-new-account-creations Thanks

asked May 31 by MinorDruid (20 points)
0 votes
1 answer

Hi again : ) I would like to restrict adding members to specific groups only via Custom Command / Executed via PowerShell. Why? We need information from Helpdesk like Ticket ID ... me know if you need more clarification and I am happy to share details. Thanks!

asked May 21 by wintec01 (1.5k points)
0 votes
1 answer

I'm lost as to why "Create User" doesn't show up. I made a new dashboard, mirroring the default Help Desk. Under Actions, I enabled Create User. On the web interface, the option to create a user is not showing. Am I missing a step?

asked May 15 by tromanko (330 points)
0 votes
1 answer

I created an entry in the AttributeFriendlyNames2.eng.xml file, but the real name still shows instead of the friendly name in both the Web Console ... ;/ldapName> <friendlyName>FAX Coversheet</friendlyName> </friendlyNameItem> Any ideas?

asked Jan 5, 2017 by Kikaida (1.1k points)
3,572 questions
3,261 answers
8,277 comments
547,994 users