0 votes

Howdy!

I'm new to Adaxes.

I followed the tutorial - "Grant rights to modify AD group membership" . When I log in w/ an account that is the owner of a group, there aren't any members listed.
I checked AD to make sure and there are members.

What am I missing?

by (1.7k points)
0

I assigned Authenticated User to the Domain User Security Role and that took care of that.

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello,

When you grant permissions to owners of the groups, you grant the permissions for the group object itself. That is, you can grant the right to read or write the properties of the group etc. To be able to view group members, you need to grant the permissions to read the objects that represent the group members in AD. For example, if you want to grant permissions to view users that are members of the groups, you need to grant permissions to view user accounts.

By default, the permission to view all objects is granted by the Security Role called Domain User. It is assigned to Authenticated Users over All Objects, which means that everyone can view everything. If you don't want to grant everyone the permission to view everything, you can grant each group owner the permissions to view only the objects that are members of the group they own. To do this, you need to modify the assignments of the Domain User Role:

  1. Launch Adaxes Administration Console.
  2. Expand the service node that represents your service.
  3. Navigate to and select the Domain User Security Role.
  4. Right-click the default assignment of the Role and click Delete.
  5. Right-click in the Assignments list and click Add Assignment.
  6. Double-click a user or group that is the owner of another group.
  7. Double-click a group that the user or group owns.
  8. In the Assignment Options dialog, select Members of this group.
  9. Click OK two times.
  10. Repeat steps 5-9 for as many group owners as you need and save the Security Role.
0

Thanks for the explanation!
Worked like a charm

Related questions

0 votes
1 answer

Hi Is there a way to select all members of a group when you click on a group? I know you can do this via the Reports section, but it would be easier to just select them all when viewing the group.

asked Jan 28, 2013 by kjesoo (960 points)
0 votes
1 answer

Hi, I am making business rule which calls powershell script and inside the script I need to check whether account which is added to group is security group. I am using Get- ... , the same command return, that group type is security So what am I doing wrong?

asked Feb 20, 2020 by KIT (910 points)
0 votes
1 answer

We have a 3rd party vendor that we are able to add users based on AD security groups. What I need to do is set a parameter for the number of available licenses and whenever ... the group is 495 I would like an email to trigger telling me to add more licenses.

asked Oct 12, 2022 by A_Pastor (70 points)
0 votes
1 answer

Hi, I'm trying to create a web console only for sending SMS using adaxes 2018.2. The SMS-users that are going to use the console should only be able to view users, not edit ... which removes a lot of OUs that the users should not see or be able to browse to.

asked Sep 2, 2020 by eirikza (120 points)
0 votes
1 answer

Hello, Is it possible to grant members of a business unit permission to run a custom command? I know I'm able to give permission to a user/group to run a cmd on a business ... that can run the command. I've not been successful with any of my attempts to do so.

asked Mar 23, 2017 by JoCCCsa (100 points)
3,070 questions
2,783 answers
7,155 comments
434,042 users