Adding menmber to a group in AD

vijaydeepak33 · ‎2015-09-01

Hi,

I have to test a scenario where i wanted to add a user to a group in AD
and then i wanted my AD driver to pick the event.My driver is picking up
the event only for the *group class*, but i also want to trigger an
event for the user class so that i can update the *"memberOf"* attribute
on the user object.

I have configured my filter with this atribute as well but still I am
not getting any event for user class.
Can anyone help me out on this issue.

Thanks,
Vijay Deepak

--
vijaydeepak33
------------------------------------------------------------------------
vijaydeepak33's Profile: https://forums.netiq.com/member.php?userid=3319
View this thread: https://forums.netiq.com/showthread.php?t=54206

Alex McHugh · ‎2015-09-01

vijaydeepak33 wrote:

>
> I have to test a scenario where i wanted to add a user to a group in AD
> and then i wanted my AD driver to pick the event.My driver is picking up
> the event only for the *group class*, but i also want to trigger an
> event for the user class so that i can update the *"memberOf"* attribute
> on the user object.
>
> I have configured my filter with this atribute as well but still I am
> not getting any event for user class.
> Can anyone help me out on this issue.

In AD group membership can only be set on the group object.
You can't trigger on the memberOf user attribute as it is a fake/pseudo attribute in AD.

Alex McHugh - Knowledge Partner - Stavanger, Norway
Who are the Knowledge Partners
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.

vijaydeepak33 · ‎2015-09-01

Adding a user to a group is triggering an event which will have all the
existing users in it.
I mean to say that if a user say "X" is added to a group and the users
say "a" and "b" are already in the group then the event will contain 3
users "x","a" and "b".

I am not able to find the current user.

Thanks,
Vijay Deepak

--
vijaydeepak33
------------------------------------------------------------------------
vijaydeepak33's Profile: https://forums.netiq.com/member.php?userid=3319
View this thread: https://forums.netiq.com/showthread.php?t=54206

Alex McHugh · ‎2015-09-01

vijaydeepak33 wrote:

> Adding a user to a group is triggering an event which will have all the
> existing users in it.
> I mean to say that if a user say "X" is added to a group and the users
> say "a" and "b" are already in the group then the event will contain 3
> users "x","a" and "b".
>
>
> I am not able to find the current user.

Under driver parameters look for an option "Enable DirSync Incremental Values" and set this to "yes"

Alex McHugh - Knowledge Partner - Stavanger, Norway
Who are the Knowledge Partners
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.

dgersic · ‎2015-09-01

On Tue, 01 Sep 2015 10:54:52 +0000, Alex McHugh wrote:

> vijaydeepak33 wrote:
>
>> Adding a user to a group is triggering an event which will have all the
>> existing users in it.
>> I mean to say that if a user say "X" is added to a group and the users
>> say "a" and "b" are already in the group then the event will contain 3
>> users "x","a" and "b".
>>
>>
>> I am not able to find the current user.
>
> Under driver parameters look for an option "Enable DirSync Incremental
> Values" and set this to "yes"

Note that this parameter may be hidden.

--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.microfocus.com

Please post questions in the forums. No support provided via email.
If you find this post helpful, please click on the star below.

geoffc · ‎2015-09-01

On 9/1/2015 10:30 AM, David Gersic wrote:
> On Tue, 01 Sep 2015 10:54:52 +0000, Alex McHugh wrote:
>
>> vijaydeepak33 wrote:
>>
>>> Adding a user to a group is triggering an event which will have all the
>>> existing users in it.
>>> I mean to say that if a user say "X" is added to a group and the users
>>> say "a" and "b" are already in the group then the event will contain 3
>>> users "x","a" and "b".
>>>
>>>
>>> I am not able to find the current user.
>>
>> Under driver parameters look for an option "Enable DirSync Incremental
>> Values" and set this to "yes"
>
> Note that this parameter may be hidden.

Which means, Edit XML, search for hide="true" and remove all of
hide="true" (might be single ticks, whatever).

Then it will show in the GUI.

aburgemeister · ‎2015-09-01

I've never seen it hidden in that way, though it may be under an Advanced
options section where you need to change a drop-down hiding it from 'hide'
to 'show'.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...

geoffc · ‎2015-09-01

On 9/1/2015 12:31 PM, ab wrote:
> I've never seen it hidden in that way, though it may be under an Advanced
> options section where you need to change a drop-down hiding it from 'hide'
> to 'show'.

Look again. 🙂 Look at a 3.61 config or earlu 4.0 packages to see an
example.

al_b · ‎2015-09-03

alexmchugh;260429 Wrote:
> vijaydeepak33 wrote:
>
> >
> > I have to test a scenario where i wanted to add a user to a group in
> AD
> > and then i wanted my AD driver to pick the event.My driver is picking
> up
> > the event only for the *group class*, but i also want to trigger an
> > event for the user class so that i can update the *"memberOf"*
> attribute
> > on the user object.
> >
> > I have configured my filter with this atribute as well but still I am
> > not getting any event for user class.
> > Can anyone help me out on this issue.
>
> In AD group membership can only be set on the group object.
> You can't trigger on the memberOf user attribute as it is a fake/pseudo
> attribute in AD.
Alex right: *memberOf* user attribute is called -computed back-link-
attribute or -constructed- attribute. It's maintained and calculated by
Active Directory.

> The memberOf attribute is a multi-valued attribute that contains groups
> of which the user is a direct member, except for the primary group,
> which is represented by the primaryGroupId. Group membership is
> dependent on the domain controller (DC) from which this attribute is
> retrieved:
>
> > > >
- At a DC for the domain that contains the user, memberOf for the
> user is complete with respect to membership for groups in that
> domain; however, memberOf does not contain the user's membership in
> domain local and global groups in other domains.
- At a GC server, memberOf for the user is complete with respect to
> all universal group memberships.
> > >
> If both conditions are true for the DC, both sets of data are
> contained in memberOf.
>
> Be aware that this attribute lists the groups that contain the user in
> their member attribute—it does not contain the recursive list of
> nested predecessors. For example, if user O is a member of group C and
> group B and group B were nested in group A, the memberOf attribute of
> user O would list group C and group B, but not group A.
>
> This attribute is not stored—it is a computed back-link
> attribute.

--
If you find this post helpful, please show your appreciation by clicking
on the star below :cool:
------------------------------------------------------------------------
al_b's Profile: https://forums.netiq.com/member.php?userid=209
View this thread: https://forums.netiq.com/showthread.php?t=54206

Engine-Drivers