0 votes

I'm adding members to groups through a custom web portal but they don't show up in the "Members" property of the group unless I select "Show Indirect Members". The group membership also does not appear when viewing the user "Member of" properties unless I select "Show Indirect Membership". I have verified direct member/membership through the objects in AD. How can I rectify this issue?

by (350 points)

1 Answer

0 votes
by (216k points)

Hello,

We cannot reproduce such behavior in our testing environment. Can you answer a couple of questions to help us troubleshoot the issue?

  1. What type of objects are you trying to add to group members (e.g. users, contacts)?

  2. Are the objects that you are trying to add to members and the groups, to which you are trying to add them, located in the same domain or different domains?

  3. Also, this may be a replication issue. Can you do the following?

    • Add members to a group and verify that the issue is reproduced.
    • Wait for some time (say, 5-10 minutes).
    • View the membership of the group again. Can you see the members added to the group on step 1 without ticking the Show Indirect Members option?
0

1.What type of objects are you trying to add to group members (e.g. users, contacts)?
User Objects
2.Are the objects that you are trying to add to members and the groups, to which you are trying to add them, located in the same domain or different domains?
They are in the same domain
3.Also, this may be a replication issue. Can you do the following?
1.Add members to a group and verify that the issue is reproduced.
I was able to reproduce
2.Wait for some time (say, 5-10 minutes).
Waited for 15 mins
3.View the membership of the group again. Can you see the members added to the group on step 1 without ticking the Show Indirect Members option?
Still having the same issue, wether viewing the Members of the Group in question, or viewing the membership of the User in question. I'm also noticing that Domain Users does not appear in the Member Of properties of the User, with or without Show indirect membership selected.

0

Can you do the following to verify this is not a Security Roles issue?

  1. Log in to your custom Web Interface with the credentials of Adaxes default service administrator (the account that you specified during Adaxes installation).
  2. Add users to a group and check whether the issue is reproduced.
0

By doing that I can see all membership without selecting Show inderect membership.

0

Hello,

The thing is that if a user cannot read the MembersGuid and DirectMembersGuid properties of group objects, the Members section of groups will not function normally. Also, if a user cannot read the MemberOfGuid and DirectMemberOfGuid properties of user objects, the Member Of section of user objects will not function normally as well. This is a bug that will be fixed in our next version.

As a workaround for now, you can grant your users the permissions to read these properties. For this purpose you need to create a new Security Role that grants the necessary permissions or modify an existing Security Role and add the necessary permissions to it. To do this:

  1. Launch Adaxes Administration Console.

  2. Expand the service node that represents your service.

  3. Right-click any object under the expanded service node, point to New, and then click Security Role.
    or
    Expand Configuration / Security Roles and select the Security Role you want to modify.

  4. On the 2nd step of the Create Security Role wizard, click Add.

    or
    Click the Add button above the list of permissions.

  5. In the Add Permissions dialog that appears, select the Group object type.

  6. Select the Show all properties option.

  7. Select the Read 'MembersGuid' Property and Read 'DirectMembersGuid' Property permissions in the Property-specific permissions section.

  8. Click OK.

  9. Click Add again.

  10. In the Add Permissions dialog that appears, select the User object type.

  11. Select the Show all properties option.

  12. Select the Read 'MemberOfGuid' Property and Read 'DirectMemberOfGuid' Property permissions in the Property-specific permissions section.

  13. Click OK.

  14. Finish creation of the Security Role.
    or
    Save the modified Security Role.

0

Problem solved! Thanks for your assistance!!

0

The issue was fixed in Adaxes 2013.1.

Now, the permission to read the MembersGuid and DirectMembersGuid properties of Group objects is not required for the Members section to function normally. Also, the permission to read the MemberOfGuid and DirectMemberOfGuid properties of User objects is no longer needed for the Member Of section to function.

Related questions

0 votes
1 answer

I would like to show a couple of Adaxes Virtual Attributes in the Web Portal. I've added them in the Configuration, see the 1st screenshot below. I've ... . Any help? Virtual Attributes added Security Role has permissions Virtual Attributes not showing up

asked Jul 29, 2020 by nate2 (90 points)
0 votes
1 answer

I created an entry in the AttributeFriendlyNames2.eng.xml file, but the real name still shows instead of the friendly name in both the Web Console ... ;/ldapName> <friendlyName>FAX Coversheet</friendlyName> </friendlyNameItem> Any ideas?

asked Jan 5, 2017 by Kikaida (1.1k points)
0 votes
1 answer

Hello, I have 3 groups in my AD environment and want to show all the users that belong to each group. For example - Group 1 Group 2 Group 3 The existing report in the Adaxes ... -Usser D etc. Is there a way to create a report like this? Thank you in advance!

asked Nov 6, 2020 by sirslimjim (480 points)
0 votes
1 answer

would like to know the method to provide a button to security Q&A reset for enrolled users to Adaxes Admins via Web UI

asked Mar 21, 2023 by Vish539 (310 points)
0 votes
1 answer

We are in the process of implementing LAPS in our environment. Is there an option / way to get the password from the Adaxes web portal?

asked Jun 15, 2020 by peggleg (110 points)
3,326 questions
3,025 answers
7,724 comments
544,675 users