• State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 93 subscribers
  • Views 13691 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

AD group managed by a group not an account

Jonathan M
over 11 years ago

Hi,

I am working with a customer to put their AD groups into IT Shop & have come across an issue that I had not considered before.   In AD users and groups I can see that some groups are managed by other AD groups rather than an AD user account.

This is perfectly legal in AD.   However, our mapping connects the managedBy AD property to uid_ADSAccountManager (via a search of the FK table ADSAccount for the DN) so, when the managedBy is a group, our Manager parameter in the ADSGroup object is NULL

The knock on effect is that the product owner is not set in IT Shop.

This must have been encountered before.   Has anyone got any suggestions as to the best way to handle this ?

Thanks

Jon.

Parents
  • 0 over 5 years ago

    Using PowerShell:

     

    Create an adsisearcher object: - you would have to filter on the specific object or could use this code for a bulk import:

     

    #assumes the service account has appropriate rights and thread is running on a domain joined system

    $IDMsearcher=[adsisearcher]'objectcategory=group'

    #add more properties if needed, basic is fine

    $IDMsearcher.PropertiesToLoad.Add('')

    #you will get multiple paged results – hence the do loop

    $IDMsearcher.PageSize = 512

     

    Do {

       $res = $searcher.FindAll()

       $res | %{

       $group=$_.GetDirectoryEntry()

     

    #data needed in: (insert your logic here)

          

    $group.sAMAccountName

    $group.ObjectSecurity.Owner

     

           }  

       } while ( $results.count > 0 )

Reply
  • 0 over 5 years ago

    Using PowerShell:

     

    Create an adsisearcher object: - you would have to filter on the specific object or could use this code for a bulk import:

     

    #assumes the service account has appropriate rights and thread is running on a domain joined system

    $IDMsearcher=[adsisearcher]'objectcategory=group'

    #add more properties if needed, basic is fine

    $IDMsearcher.PropertiesToLoad.Add('')

    #you will get multiple paged results – hence the do loop

    $IDMsearcher.PageSize = 512

     

    Do {

       $res = $searcher.FindAll()

       $res | %{

       $group=$_.GetDirectoryEntry()

     

    #data needed in: (insert your logic here)

          

    $group.sAMAccountName

    $group.ObjectSecurity.Owner

     

           }  

       } while ( $results.count > 0 )

Children
No Data