Adaxes

Allow one department to modify group members who are from another department

0 votes

We have a potentially complicated sitaution and so far I have no found a solution. Any suggestions will be greatly appreciated.

We have specific security groups that currently live in the users OU for Department A, and these groups have members from Department A.

Adaxes users from Department B need to add/remove Department A members from these specific security groups.

Is there a way to give Department B Adaxes users the permissions to add/remove Department A staff to/from the security groups without also giving them access to the user accounts for Department A? We need to make sure that Department B Adaxes users cannot open the user accounts from Department A or see any user details other than the memberships for these specific security groups.

by (20 points)

1 Answer

0 votes
by (288k points)

Hello,

Unfortunately, there is no such possibility. To be able to add an account to a group, a user need to have the permissions to see the group, see the member account and modify the Member property of the group. Lacking any of the permissions will disallow the user to add the member to the group.

Related questions

0 votes
1 answer
Allow person in 'Managed By' field to modify group members?

Hey there, We allow our staff to modify membership to certain AD groups by designating a person in the 'Managed By' field. That person then changes the group' ... to modify group membership' without any object specific configuration. Is this possible? Thanks!

asked Nov 8, 2011 by Kirk (60 points)
0 votes
1 answer
Allow users to remove themselves from groups they are members of

I'd like to allow users to remove themselves from groups that they are already members of. Currently I have a business rule in place thats only allowing the OU Owners ... user is a member of the adm-groupname' then allow then to remove themselves.

asked Apr 30, 2020 by sirslimjim (480 points)
0 votes
1 answer
Powershell: Removing a user from one group and adding to another via Scheduled Task

I have a scheduled task that runs a Powershell script against an AD group, "Group 1". I need to get all of the members of Group 1, and add them to Group 2. The ... identity in the error message start with 'user;'? What is the correct way to accomplish this?

asked Aug 27, 2019 by ngb (290 points)
0 votes
1 answer
Script to copy group membership from one user to another

Hello Back when we first started using Adaxes you created a couple of great scripts which worked together really well, the first one copied one users group membership and put in ... an addition to what groups the second user is already a member of? Thank you.

asked Aug 4, 2015 by CBurn (700 points)
0 votes
1 answer
Report to show users who are members of multiple groups?

If I have 2 Active Directory Security groups in my domain - Group A Group B Is it possible to create a report that shows only users who have membership in both groups? For ... Jane Doe is in Group A AND Group B she would be included in the resulting report.

asked May 11, 2020 by sirslimjim (480 points)
3,541 questions
3,232 answers
8,225 comments
547,802 users