Group Members only showing as Indirect Members in Web Portal

Question

I'm adding members to groups through a custom web portal but they don't show up in the "Members" property of the group unless I select "Show Indirect Members". The group membership also does not appear when viewing the user "Member of" properties unless I select "Show Indirect Membership". I have verified direct member/membership through the objects in AD. How can I rectify this issue?

Answer 1

Hello,

We cannot reproduce such behavior in our testing environment. Can you answer a couple of questions to help us troubleshoot the issue?

1. What type of objects are you trying to add to group members (e.g. users, contacts)?

2. Are the objects that you are trying to add to members and the groups, to which you are trying to add them, located in the same domain or different domains?

3. Also, this may be a replication issue. Can you do the following?

   • Add members to a group and verify that the issue is reproduced.
   • Wait for some time (say, 5-10 minutes).
   • View the membership of the group again. Can you see the members added to the group on step 1 without ticking the Show Indirect Members option?

Comments

1.What type of objects are you trying to add to group members (e.g. users, contacts)?
User Objects
2.Are the objects that you are trying to add to members and the groups, to which you are trying to add them, located in the same domain or different domains?
They are in the same domain
3.Also, this may be a replication issue. Can you do the following?
1.Add members to a group and verify that the issue is reproduced.
I was able to reproduce
2.Wait for some time (say, 5-10 minutes).
Waited for 15 mins
3.View the membership of the group again. Can you see the members added to the group on step 1 without ticking the Show Indirect Members option?
Still having the same issue, wether viewing the Members of the Group in question, or viewing the membership of the User in question. I'm also noticing that Domain Users does not appear in the Member Of properties of the User, with or without Show indirect membership selected.

---

Can you do the following to verify this is not a Security Roles issue?

1. Log in to your custom Web Interface with the credentials of Adaxes default service administrator (the account that you specified during Adaxes installation).
2. Add users to a group and check whether the issue is reproduced.

---

By doing that I can see all membership without selecting Show inderect membership.

---

Hello,

The thing is that if a user cannot read the MembersGuid and DirectMembersGuid properties of group objects, the Members section of groups will not function normally. Also, if a user cannot read the MemberOfGuid and DirectMemberOfGuid properties of user objects, the Member Of section of user objects will not function normally as well. This is a bug that will be fixed in our next version.

As a workaround for now, you can grant your users the permissions to read these properties. For this purpose you need to create a new Security Role that grants the necessary permissions or modify an existing Security Role and add the necessary permissions to it. To do this:

1. Launch Adaxes Administration Console.

2. Expand the service node that represents your service.

3. Right-click any object under the expanded service node, point to New, and then click Security Role.
   or
   Expand Configuration / Security Roles and select the Security Role you want to modify.

4. On the 2nd step of the Create Security Role wizard, click Add.
   
   or
   Click the Add button above the list of permissions.
   

5. In the Add Permissions dialog that appears, select the Group object type.
   

6. Select the Show all properties option.

7. Select the Read 'MembersGuid' Property and Read 'DirectMembersGuid' Property permissions in the Property-specific permissions section.
   

   

8. Click OK.

9. Click Add again.

10. In the Add Permissions dialog that appears, select the User object type.
    

11. Select the Show all properties option.

12. Select the Read 'MemberOfGuid' Property and Read 'DirectMemberOfGuid' Property permissions in the Property-specific permissions section.
    

    

13. Click OK.

14. Finish creation of the Security Role.
    or
    Save the modified Security Role.

---

Problem solved! Thanks for your assistance!!

---

The issue was fixed in Adaxes 2013.1.

Now, the permission to read the MembersGuid and DirectMembersGuid properties of Group objects is not required for the Members section to function normally. Also, the permission to read the MemberOfGuid and DirectMemberOfGuid properties of User objects is no longer needed for the Member Of section to function.