Adaxes

Add MemberOf on Create User Form

+1 vote

I've added the MemberOf attribute to the create user form, but it gives an error when creating a user. Is there a way to do this?

Property 'Member Of' is system-only and is not intended to be modified by a user. Access to the attribute is not permitted because the attribute is owned by the Security Accounts Manager (SAM). (Server: example.com)
by (540 points)

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello,

The issue is that when you add a user to a group, you actually modify the group, not the user. In particular, you need to add the user's Distinguished Name (DN) to the Member property of the group. The Member Of property is just a back link in AD.

Since on the Create User Form the new user account is not actually created in AD yet, the user doesn't have a DN, and there is nothing to add to the Member property of a group.

We have a similar request in our product backlog. In the future, we'll think on some sort of a way of specifying the groups a new user needs to be added to. Currently, you can, for example, add new users to appropriate groups automatically. For examples on how to do this, see Automatically Add Users to Groups by Department and Automatically Change Group Membership Using Scripts.

Alternatively, if the above methods don't work for you, we can suggest the following workaround. On the Create User Form, you can make available a certain AD attribute of a user account that supports the DN syntax and allows multiple values. If you use an attribute that supports the DN syntax, users will be able to click on a Browse button associated with the attribute and select an object directly in AD. Also, you can configure the attribute to show groups only. Thus, users will be able to click on the Browse button and select a necessary group. If the attribute supports multiple values, they will be able to add multiple groups. For this purpose, we suggest using attribute See Also (LDAP name seeAlso), if you don't use it for other purposes.

Then, a Business Rule triggered after creating a user will add the new user account to the groups whose DNs are specified via the attribute. The Business Rule will need to run a PowerShell script. For information on how to run a PowerShell script automatically after creating a user, see the following tutorial: http://www.adaxes.com/tutorials_Automat ... ngUser.htm. Managing group membership with the help of PowerShell scripts is described in the following tutorial: http://www.adaxes.com/tutorials_Automat ... cripts.htm. If you need, we can help you with the actual script.

0

I didn't see it specifically mentioned in the release notes, but has this functionality been added in the 2018 version in some capacity?

by (540 points)
0

Hello,

No, there were no changes in this functionality.

by (288k points)

Related questions

0 votes
1 answer
Create user form additional property only if user selcets yes on a specific property

Hello, On the "create user" form i have a custom Field "Sophos VIP User". Would it be possible to only show another property, where the user is asked to enter a ... . Or is it only possible to add a non required additional date property? Kind regards, Fabian

asked Jun 6 by fabian.p (380 points)
0 votes
1 answer
Note field on create user form

Hello, Is there a way to add a note field on the create user form for additional information. This info would not go into Active Directory but just in the ... etc instead of sending a separate email to IT with additional information. Thanks in advance.

asked Nov 3, 2015 by nturner (100 points)
0 votes
1 answer
Add Multiple MemberOf in Single Step

I've created a custom web form for our help desk to use to create users and everything is working great but a number of our users belong to quite a long list ... form besides using the Member Of section field. Thanks in advance. Absolutely love this product!

asked Feb 7, 2013 by bemho (520 points)
0 votes
1 answer
Get Approval for "Create User"-Form from a Weboverlay

Hello I try to create a form that lets HR create a user themself, but they need the approval from the IT-Department, so the IT-Department can check the new employees personal data and configure their pc. Or do you have an alternative idea for this process?

asked May 2 by Baul (130 points)
0 votes
1 answer
Create custom form for new user account creation

We have a business need for automating and controlling the creation of service accounts in our AD. For example, we want all new service accounts to start with "svc_" for ... customize the "New User" form to create a "New Service Account" workflow in Adaxes?

asked Sep 10, 2021 by joshua.lapchuk (60 points)
3,538 questions
3,229 answers
8,224 comments
547,749 users