0 votes

We have a potentially complicated sitaution and so far I have no found a solution. Any suggestions will be greatly appreciated.

We have specific security groups that currently live in the users OU for Department A, and these groups have members from Department A.

Adaxes users from Department B need to add/remove Department A members from these specific security groups.

Is there a way to give Department B Adaxes users the permissions to add/remove Department A staff to/from the security groups without also giving them access to the user accounts for Department A? We need to make sure that Department B Adaxes users cannot open the user accounts from Department A or see any user details other than the memberships for these specific security groups.

by (20 points)

1 Answer

0 votes
by (294k points)

Hello,

Unfortunately, there is no such possibility. To be able to add an account to a group, a user need to have the permissions to see the group, see the member account and modify the Member property of the group. Lacking any of the permissions will disallow the user to add the member to the group.

Related questions

0 votes
1 answer

Hey there, We allow our staff to modify membership to certain AD groups by designating a person in the 'Managed By' field. That person then changes the group' ... to modify group membership' without any object specific configuration. Is this possible? Thanks!

asked Nov 8, 2011 by Kirk (60 points)
0 votes
1 answer

I'd like to allow users to remove themselves from groups that they are already members of. Currently I have a business rule in place thats only allowing the OU Owners ... user is a member of the adm-groupname' then allow then to remove themselves.

asked Apr 30, 2020 by sirslimjim (480 points)
0 votes
1 answer

I have a scheduled task that runs a Powershell script against an AD group, "Group 1". I need to get all of the members of Group 1, and add them to Group 2. The ... identity in the error message start with 'user;'? What is the correct way to accomplish this?

asked Aug 27, 2019 by ngb (290 points)
0 votes
1 answer

Hello Back when we first started using Adaxes you created a couple of great scripts which worked together really well, the first one copied one users group membership and put in ... an addition to what groups the second user is already a member of? Thank you.

asked Aug 4, 2015 by CBurn (700 points)
0 votes
1 answer

If I have 2 Active Directory Security groups in my domain - Group A Group B Is it possible to create a report that shows only users who have membership in both groups? For ... Jane Doe is in Group A AND Group B she would be included in the resulting report.

asked May 11, 2020 by sirslimjim (480 points)
3,588 questions
3,277 answers
8,303 comments
548,082 users