0 votes

We are attempting to use the member property in a powershell script for all groups. We get this error message on certain groups that are used as "primary". If we set another group as primary for a member of the group, the member property will then "show up"

As you can see, this group we are working with as 442 members. image.png

But the 'member' property just shows the single member in the group in which the group is not the primary.

image.png

by (1.7k points)

1 Answer

0 votes
by (210k points)
selected by
Best answer

Hello Mark,

Primary group membership is neither reflected in the Member Of (in the member properties) nor in the Member (in group properties) attributes. Instead, members get the Primary Group ID property populated with the group identifier that is stored in the Primary Group Token attribute of the group. This behavior is by design in Active Directory and is not related to Adaxes.

According to your screenshots, there is only one member of the Domain Contractors group for which the group is not set as primary. For the rest 441 accounts the group is set as primary and thus they are not present in the Member property, but are displayed on the Members tab as they are members of the group according to the Primary Group ID value in their accounts.

For an example on how to get the Primary Group ID of an account and then use it, have a look at the following script from our repository: https://www.adaxes.com/script-repository/remove-all-group-memberships-for-a-user-account-s33.htm. Should you still have issues updating your script to work as desired, please, provide us with all the possible details on the required script and we will help you.

Related questions

0 votes
0 answers

Hi, Not worked with Adaxes before and just as I joined company we've had domain migration in place. After migration, whenever we want to access Exchange properties of a user ... works fine across domain..? Any ideas, however basic they may be?? regards Robert

asked Oct 16, 2019 by roberttryba (70 points)
0 votes
0 answers

It would be great if we could run a report on an OU and get the following information: Computer Name Local Accounts Whether or not the account is an administrator ... this is less important. Thanks in advance. Your support team is great and appreciated.

asked Sep 8 by mikek (80 points)
0 votes
1 answer

Hi, I need to run a schedule task only if a customattribute is not empty. Can I use ConditionIsMet?

asked Oct 7 by Simone.Vailati (130 points)
0 votes
1 answer

I would like users to use Adaxes to add themselves or others to a group, but instead of it just working, it has to go thru an approval process and be approved by the group owner before they are added. Thanks!

asked Jun 30 by RayBilyk (180 points)
0 votes
1 answer

Hello, Is there a way to send an email notification when a user is added to a group dynamically (with LDAP filter) , it's work only when i add the user manually Thank you

asked Jun 30 by GG (70 points)
2,599 questions
2,338 answers
6,212 comments
843,646 users