0 votes

Howdy!

I'm new to Adaxes.

I followed the tutorial - "Grant rights to modify AD group membership" . When I log in w/ an account that is the owner of a group, there aren't any members listed.
I checked AD to make sure and there are members.

What am I missing?

by (1.7k points)
0

I assigned Authenticated User to the Domain User Security Role and that took care of that.

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello,

When you grant permissions to owners of the groups, you grant the permissions for the group object itself. That is, you can grant the right to read or write the properties of the group etc. To be able to view group members, you need to grant the permissions to read the objects that represent the group members in AD. For example, if you want to grant permissions to view users that are members of the groups, you need to grant permissions to view user accounts.

By default, the permission to view all objects is granted by the Security Role called Domain User. It is assigned to Authenticated Users over All Objects, which means that everyone can view everything. If you don't want to grant everyone the permission to view everything, you can grant each group owner the permissions to view only the objects that are members of the group they own. To do this, you need to modify the assignments of the Domain User Role:

  1. Launch Adaxes Administration Console.
  2. Expand the service node that represents your service.
  3. Navigate to and select the Domain User Security Role.
  4. Right-click the default assignment of the Role and click Delete.
  5. Right-click in the Assignments list and click Add Assignment.
  6. Double-click a user or group that is the owner of another group.
  7. Double-click a group that the user or group owns.
  8. In the Assignment Options dialog, select Members of this group.
  9. Click OK two times.
  10. Repeat steps 5-9 for as many group owners as you need and save the Security Role.
0

Thanks for the explanation!
Worked like a charm

Related questions

0 votes
1 answer

I am trying to make a custom report that is basically the "Members of Groups" default report but instead of selecting Directory Objects, I want to select groups. The Members of ... will not work in Adaxes 2023 and later. I am running 2023.2 -- Suggestions?

asked Aug 13 by AvenuesRecovery (20 points)
0 votes
1 answer

I need to send an e-mail to the owner ("managed by") for each group. The e-mail should contain a list of group members. What is the best way to do that?

asked May 9 by akindy (40 points)
0 votes
1 answer

Hi, I am making business rule which calls powershell script and inside the script I need to check whether account which is added to group is security group. I am using Get- ... , the same command return, that group type is security So what am I doing wrong?

asked Feb 20, 2020 by KIT (960 points)
0 votes
1 answer

Hi Is there a way to select all members of a group when you click on a group? I know you can do this via the Reports section, but it would be easier to just select them all when viewing the group.

asked Jan 28, 2013 by kjesoo (960 points)
0 votes
1 answer

I've searched the forum and not found an answer. I think other people could use this tool also. We need a way for group owners to audit the membership of the groups they ... If you have any part of this, like existing powershell code, I'd appreciate seeing it.

asked May 1, 2015 by theckel (520 points)
3,588 questions
3,277 answers
8,303 comments
548,091 users