0 votes


I'm new to Adaxes.

I followed the tutorial - "Grant rights to modify AD group membership" . When I log in w/ an account that is the owner of a group, there aren't any members listed.
I checked AD to make sure and there are members.

What am I missing?

by (1.7k points)

I assigned Authenticated User to the Domain User Security Role and that took care of that.

1 Answer

0 votes
by (216k points)
selected by
Best answer


When you grant permissions to owners of the groups, you grant the permissions for the group object itself. That is, you can grant the right to read or write the properties of the group etc. To be able to view group members, you need to grant the permissions to read the objects that represent the group members in AD. For example, if you want to grant permissions to view users that are members of the groups, you need to grant permissions to view user accounts.

By default, the permission to view all objects is granted by the Security Role called Domain User. It is assigned to Authenticated Users over All Objects, which means that everyone can view everything. If you don't want to grant everyone the permission to view everything, you can grant each group owner the permissions to view only the objects that are members of the group they own. To do this, you need to modify the assignments of the Domain User Role:

  1. Launch Adaxes Administration Console.
  2. Expand the service node that represents your service.
  3. Navigate to and select the Domain User Security Role.
  4. Right-click the default assignment of the Role and click Delete.
  5. Right-click in the Assignments list and click Add Assignment.
  6. Double-click a user or group that is the owner of another group.
  7. Double-click a group that the user or group owns.
  8. In the Assignment Options dialog, select Members of this group.
  9. Click OK two times.
  10. Repeat steps 5-9 for as many group owners as you need and save the Security Role.

Thanks for the explanation!
Worked like a charm

Related questions

0 votes
1 answer

I need to send an e-mail to the owner ("managed by") for each group. The e-mail should contain a list of group members. What is the best way to do that?

asked May 9 by akindy (20 points)
0 votes
1 answer

Hi, I am making business rule which calls powershell script and inside the script I need to check whether account which is added to group is security group. I am using Get- ... , the same command return, that group type is security So what am I doing wrong?

asked Feb 20, 2020 by KIT (910 points)
0 votes
1 answer

Hi Is there a way to select all members of a group when you click on a group? I know you can do this via the Reports section, but it would be easier to just select them all when viewing the group.

asked Jan 28, 2013 by kjesoo (960 points)
0 votes
0 answers

Hi all Primary objective is to manage cloud only group membership but in a future include cloud only accounts. I've registered a Azure domain which is managed by ... /www.adaxes.com/questions/12293/add-to-365-group-automation-for-new-account-creations Thanks

asked May 31 by MinorDruid (20 points)
0 votes
1 answer

We have a 3rd party vendor that we are able to add users based on AD security groups. What I need to do is set a parameter for the number of available licenses and whenever ... the group is 495 I would like an email to trigger telling me to add more licenses.

asked Oct 12, 2022 by A_Pastor (70 points)
3,408 questions
3,105 answers
545,793 users