Add user to group in AD

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Can somebody help me with this
Have tested a few different samples, and they work
The problem is that all existing users in the group is removed, and then added again, and last of all, the user I wanted to add to the group is added
In groups with a few members there is no big problem, but in my case, with groups containing up to 9000 members it's no good if the code fails when some or all members have been removed from the group (it's happened once

There has to be some way to just add the user to the group, without first removing all existing membesr?

/Sanmi
 
In groups with a few members there is no big problem, but in my case, with groups containing up to 9000 members it's no good if the code fails when some or all members have been removed from the group (it's happened once)
There has to be some way to just add the user to the group, without first removing all existing membesr??
Click to expand...

Of course - are you working in VB/C++ or a .NET language??

In .NET (vb.net or C#), you can easily do this:

DirectoryEntry deGroup = new
DirectoryEntry("LDAP://cn=Mygroup,dc=yourcompany,dc=com");

string sUserLDAP = "cn=JoeSample,cn=Users,dc=yourcompany,dc=com";

deGroup.Properties["member"].Add(sUserLDAP);


If you're using a legacy programming language, or a scripting
language, you'd have to bind to the group object, and then call the
IADsGroup.Add() method to add the user specified by his DN to the
group.

No need to first delete all members and then adding them all again!!

Marc
 
Hi and thanks for the answer!

I'm using exactly that code, but in VB.NET
Anyway, this will cause every member in the group to first be removed, then added again.
To see this you have to look in the security log on the server.
Event ID 633
Here is a sample from security event log
--------------
Security Enabled Global Group Member Removed:
member name: CN=xxx,OU=yyy,DC=domain,DC=com
member ID: DOMAIN\xxx
target account name: groupname
target domain: DOMAIN
....
....

When this is done, the members are all added again =)
Event ID 632
Security Enabled Global Group Member Added
.....
.....
.....

Any suggestions??
I'm a bit confused....

/Sanmic
 
Anyway, this will cause every member in the group to first be removed, then added again.

There appears to be a problem in the System.DirectoryServices classes,
indeed - check out this KB article:

http://support.microsoft.com/?id=818031

It includes a possible workaround.

Marc
================================================================
Marc Scheuner May The Source Be With You!
Bern, Switzerland m.scheuner(at)inova.ch
 
Thanks a lot Marc!

I'll test the ADSI workaround right away =)
Can I send you a private mail if I steps into more trouble in the future?

/Sanmic
 
Thanks a lot Marc!

I'll test the ADSI workaround right away =)
Can I send you a private mail if I steps into more trouble in the future?

/Sanmic
 
Back
Top