I'm wanting to change group members by writing to the Active Directory using perl Net::LDAP. I noticed that AD groups have the LDAP objects "member" to list the user who is a member of this group. The user object then has the LDAP object "memberOf" to record the groups the user is a member of. I'm wondering if their is a mechanism in Samba AD that sets on of these if the other is set? That is, if I set all user members for a given group, will active directory update the user "memberOf" attribute? Thanks, -- Greg J. Zartman Board Member Koozali SME Server www.koozali.org SME Server user, contributor, and community member since 2000
On 23/12/14 05:41, Greg Zartman wrote:> I'm wanting to change group members by writing to the Active Directory > using perl Net::LDAP. > > I noticed that AD groups have the LDAP objects "member" to list the user > who is a member of this group. The user object then has the LDAP object > "memberOf" to record the groups the user is a member of. > > I'm wondering if their is a mechanism in Samba AD that sets on of these if > the other is set? That is, if I set all user members for a given group, > will active directory update the user "memberOf" attribute? > > Thanks, >Hi Greg, the mechanism is called 'linkid', see here: http://msdn.microsoft.com/en-us/library/ms677270%28v=vs.85%29.aspx Yes, you add the user to the group by adding a member attribute to the groups object containing the users DN and AD will do the rest. Rowland
On Tue, Dec 23, 2014 at 12:01 AM, Rowland Penny <rowlandpenny at googlemail.com> wrote:> Hi Greg, the mechanism is called 'linkid', see here: > http://msdn.microsoft.com/en-us/library/ms677270%28v=vs.85%29.aspx > > Yes, you add the user to the group by adding a member attribute to the > groups object containing the users DN and AD will do the rest.Excellent. Thanks for the great info Rowland. This will make it easy to update group memberships by just passing a list of users to AD. I'm making headway! -- Greg J. Zartman Board Member Koozali SME Server www.koozali.org SME Server user, contributor, and community member since 2000