Re: Add AD user to ADAM-group

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: "Lee Flight" <lef@xxxxxxxxxxxxxxx>
Date: Thu, 2 Jun 2005 22:02:35 +0100

Hi

Yes. If you choose an AD user and substitute the string SID in the
script below you should get an idea how it works.

Lee Flight

"pez" <pez@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:98469B08-AF9C-4905-B8AD-CADC049B23BE@xxxxxxxxxxxxxxxx
> Ok. So i need to bind to the ad account, get the sid of that object, and
> at
> last. Add the account as i normally would in adam, only using the ldap
> with
> the sid-form instead?
>
> "Lee Flight" wrote:
>
>> Hi
>>
>> you need the SID of the AD user in either of the two SID string forms
>> given
>> in the MSDN link below. So if you are starting with an AD user name you
>> will need to bind to that object in AD and retrieve the SID, if you
>> google
>> you might find some VBScript functions that will format the SID in the
>> form
>> you need.
>>
>> Lee Flight
>>
>>
>> "pez" <pez@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:1B77A8E9-DB87-4E6E-9C54-47E119D09CA4@xxxxxxxxxxxxxxxx
>> > How do I get this part(SID) right?
>> >
>> > memberPath ="LDAP://<SID=S-1-5-21-xxxxxx-yyyyy-zzzz>"
>> >
>> > Big thank you for your help
>> >
>> >
>> > "Lee Flight" wrote:
>> >
>> >> Hi
>> >>
>> >> as the AD user is a Foreign Security Principal in ADAM you will
>> >> need to add the AD user as a member in SID binding format:
>> >>
>> >> http://msdn.microsoft.com/library/en-us/adsi/adsi/iadsgroup_add.asp
>> >>
>> >> and that should create the required FSP if it does not exist already:
>> >>
>> >> groupPath = "LDAP://localhost:389/CN=Mygrp,OU=Groups,DC=Mydom,DC=com";
>> >> memberPath ="LDAP://<SID=S-1-5-21-xxxxxx-yyyyy-zzzz>"
>> >> Set objGroup = GetObject(groupPath)
>> >> objGroup.Add(memberPath)
>> >>
>> >>
>> >> Lee Flight
>> >>
>> >> "pez" <pez@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> >> news:97FC624B-57FF-496D-96EC-300A39CA97D1@xxxxxxxxxxxxxxxx
>> >> > I'm trying to add an AD user to an ADAM group with vbscript but I
>> >> > can't
>> >> > get
>> >> > it to work. Anybody got an example of this?
>> >> >
>> >> > Thanks
>> >>
>> >>
>> >>
>>
>>
>>

.

References:
- Add AD user to ADAM-group
  - From: pez
- Re: Add AD user to ADAM-group
  - From: Lee Flight
- Re: Add AD user to ADAM-group
  - From: pez
- Re: Add AD user to ADAM-group
  - From: Lee Flight
- Re: Add AD user to ADAM-group
  - From: pez

Prev by Date: AD migration from one domain to another
Next by Date: Re: Long time loging to the domain behind the firewall
Previous by thread: Re: Add AD user to ADAM-group
Next by thread: Setting rights to shared folders by members of a User OU
Index(es):
- Date
- Thread

Relevant Pages

Re: Foreign principal for ADAM
... 'AD user referenced by SID ... >> ADAM allows you to add group members by specifying the ... >> Lee Flight ... >> principal I must add new value to the attribute member of the entry ...
(microsoft.public.windows.server.active_directory)
Re: Bind Redirection in ADAM
... I know I can insert these with admod with a straight SID or by telling admod to convert to a binary sid structure ... Using server: sfmxp32.test.loc ... Lee Flight wrote: ...
(microsoft.public.windows.server.active_directory)
Re: Add AD user to ADAM-group
... So i need to bind to the ad account, get the sid of that object, and at ... "Lee Flight" wrote: ...
(microsoft.public.windows.server.active_directory)
Re: Bind Redirection in ADAM
... This is <string SID>. ... Lee Flight ... Error 0x57 The parameter is incorrect. ...
(microsoft.public.windows.server.active_directory)
Re: Add AD user to ADAM-group
... you need the SID of the AD user in either of the two SID string forms given ... >> need to add the AD user as a member in SID binding format: ... >> Lee Flight ... >>> I'm trying to add an AD user to an ADAM group with vbscript but I can't ...
(microsoft.public.windows.server.active_directory)