Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

dsadd with -memberof parameter

3,042 views
Skip to first unread message

Bryan

unread,
Aug 17, 2004, 3:11:21 PM8/17/04
to
I am able to use the dsadd command to do everything I need
except assign the user to multiple groups. The user
account is created, but there is a problem with the
account and the group membership is not applied. One of
my groups has spaces in the group name. What is the
correct syntax to assign the user to multiple groups? TIA

Joe Kaplan (MVP - ADSI)

unread,
Aug 17, 2004, 3:19:33 PM8/17/04
to
You can't write to memberOf. It is a backlink attribute which is
calcualated by AD. Instead, you must write to the member attribute of each
group.

Joe K.

"Bryan" <bc...@taylor.k12.ky.us> wrote in message
news:7d9001c4848d$fb469aa0$a401...@phx.gbl...

anon...@discussions.microsoft.com

unread,
Aug 17, 2004, 3:29:34 PM8/17/04
to
Joe,
So I can use dsadd to create the accounts and then use
dsmod to modify the group membership. Is this correct?
Is there a better way to perform a bulk import of users?
Thanks,
Bryan
>.
>

Joe Kaplan (MVP - ADSI)

unread,
Aug 17, 2004, 4:11:10 PM8/17/04
to
I don't do bulk adds this way, so I'm probably not the best person to ask as
to what tool you should use. The stuff we use internally is all a custom
process that handles all identity lifecycle processes by integrating with
our HR system directly.

I know that using LDIF files is also a viable option, but dsadd and dsmod
should be viable. You might also want to check out the tools at
http://www.joeware.net if you prefer command line interfaces. Joe has a
cool new mod tool in his arsenal as well as his highly regarded ADFind and a
bunch of other helpful stuff.

Joe K.

<anon...@discussions.microsoft.com> wrote in message
news:7db901c48490$86dbdf10$a401...@phx.gbl...

Marc

unread,
Sep 1, 2004, 10:25:56 AM9/1/04
to
DSADD User UserDN -memberof GroupDN GroupDN2 GroupDN3 ...
(i.e. dsadd "cn=joe schmo,ou=my ou,dc=my domain,dc=com" -memberof "cn=group
1,ou=groups ou,dc=my domain,dc=com" "cn=group 2,ou=groups ou,dc=my
domain,dc=com"

DSMOD Group GroupDN -addmbr UserDN UserDN2 UserDN3 ...

Bulk import: use CSVDE (multivalue attributes are separated with semicolons)
Bulk import with all attribs (passwords, enabed, etc): use vbscript

I hope this helps,
Marc
MCSE NT/2000/2003, MCDBA, MCT


"Bryan" <bc...@taylor.k12.ky.us> wrote in message
news:7d9001c4848d$fb469aa0$a401...@phx.gbl...

Marc

unread,
Sep 1, 2004, 10:31:22 AM9/1/04
to
oops, I meant:
(i.e. dsadd user "cn=joe schmo,ou=my ou,dc=my domain,dc=com" -memberof
"cn=group
1,ou=groups ou,dc=my domain,dc=com" "cn=group 2,ou=groups ou,dc=my
domain,dc=com")

"Marc" <tint...@nospam.optonline.net> wrote in message
news:eyIUf$CkEHA...@TK2MSFTNGP15.phx.gbl...

0 new messages