Testimonial: The User Management tool is great for organizations with limited staff to allow user creation and Exchange mailbox creation without having to worry about giving staff members too much access to critical systems. Not to mention it is easy to use for the end users. James Seymour Industrial Distribution Group http://idg-corp.com read more...

Update member attribute of group

When the user account is added to a group, two Active Directory items are updated:

1. The user account is now a member of the group. In LDAP: the memberOf attribute of the user account contains an extra value: the distinguished name of the group.
2. The group now has an extra member. In LDAP: the member attribute of the group contains an extra value: the distinguished name of the user account.

In Active Directory, the update must be performed by changing the member attribute of the group. The memberOf attribute of the user account is a so called computed back-link attribute and cannot be used to update user account group memberships.

When the membership is updated, the memberOf attribute of the user account is updated automatically.

Figure 79: Script action to setup LDAP modification data for the group.

So the LDAP modification data must specify the new value for the member attribute of the group: the distinguished name of the user accounts. In the example project, the distinguished name of the user account is

cn=%GivenName% %SurName%,ou=Sales,dc=tools4ever,dc=local3

The variables %GivenName% and %SurName% are taken from the input file.

The LDAP modification data is stored in variable %LdapData% that is used by the next action.