0 votes

We are attempting to use the member property in a powershell script for all groups. We get this error message on certain groups that are used as "primary". If we set another group as primary for a member of the group, the member property will then "show up"

As you can see, this group we are working with as 442 members. image.png

But the 'member' property just shows the single member in the group in which the group is not the primary.

image.png

by (2.1k points)

1 Answer

0 votes
by (228k points)
selected by
Best answer

Hello Mark,

Primary group membership is neither reflected in the Member Of (in the member properties) nor in the Member (in group properties) attributes. Instead, members get the Primary Group ID property populated with the group identifier that is stored in the Primary Group Token attribute of the group. This behavior is by design in Active Directory and is not related to Adaxes.

According to your screenshots, there is only one member of the Domain Contractors group for which the group is not set as primary. For the rest 441 accounts the group is set as primary and thus they are not present in the Member property, but are displayed on the Members tab as they are members of the group according to the Primary Group ID value in their accounts.

For an example on how to get the Primary Group ID of an account and then use it, have a look at the following script from our repository: https://www.adaxes.com/script-repository/remove-all-group-memberships-for-a-user-account-s33.htm. Should you still have issues updating your script to work as desired, please, provide us with all the possible details on the required script and we will help you.

Related questions

0 votes
0 answers

Hi, Not worked with Adaxes before and just as I joined company we've had domain migration in place. After migration, whenever we want to access Exchange properties of a user ... works fine across domain..? Any ideas, however basic they may be?? regards Robert

asked Oct 16, 2019 by roberttryba (70 points)
0 votes
1 answer

In order to add a managed domain does it have to be trusted by the primary domain adaxes is installed an running in? I have set up a domain for testing adaxes and it ... I have set my host file to point the untrusted domain to it's primary Domain Controller.

asked 1 day ago by mightycabal (40 points)
0 votes
0 answers

It would be great if we could run a report on an OU and get the following information: Computer Name Local Accounts Whether or not the account is an administrator ... this is less important. Thanks in advance. Your support team is great and appreciated.

asked Sep 8, 2021 by mikek (80 points)
0 votes
1 answer

Hi, I need to run a schedule task only if a customattribute is not empty. Can I use ConditionIsMet?

asked Oct 7, 2021 by Simone.Vailati (270 points)
0 votes
1 answer

I have 18 domains managed by Adaxes and have noticed that Admin (full access) t all objects acts normally, but for piecemeal scopes like Service Desk that scopes to individual ... role (including 16 denies) and expect it to grow as we add more domains.

asked Sep 20 by DA-symplr (40 points)
2,807 questions
2,541 answers
6,615 comments
65,360 users