Menu
Modifying member attribute of a group in Active Directory (let's say with asdiedit), automatically modifies memberOf property of corresponding user?
And as secondary question, setting member in the allowedAttributesEffective of a group automatically adds the memberof in the allowedAttributesEffective attribute of all users?
I have no permission yet to modify member property, so I cannot test by myself.
821
Yes, if you modify member attribute of a group. It will automatically update the memberOf attribute.
memberOf attribute is called computed back-link attribute or constructed attribute. It's maintained and calculated by Active Directory. You cannot modify this attribute.
Similarly, allowedAttributesEffective is a computed attribute, reflecting the actual ACLs set on the AD object. You cannot set this attribute directly but you can modify the ACLs on the AD object. This attribute will reflect the fact.
There is no relationship between group's allowedAttributesEffective attribute and user's allowedAttributesEffective. They are independent. Setting ACL on group object won't affect the ACL on user object that the group contains.
75
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
