• State Suggested Answer
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 96 subscribers
  • Views 48 views
  • Users 0 members are here
Options
Related

Different Primary group on insert ADSaccount

m joosen

Hi,

It seems that when creating an ADS account, the Primary Group is always 'Domain Users' 

We now have a case where this group should not be the Domain Users but an other Group 

In IT data, the option to set an other Primary Group is not there so now we update the account with our group after the insert of the account. 

This works but the Domain users group is now changed to an directly assigned group. The next could be the remove this direct assignment. 

But is there an other option to do this? so can i set a different primary group on ADSaccount Creation?

Thanks in advance 

Martijn 

  • 0

    Hi Martijn,

    it is not possible to set another primary group on insert user objects. The reason is a group membership has to exist before you are allowed to declare this group to primary group. There is one exception from the rule: "Domain Users". The group has a well known primary group token (513) an it is set by default on account creation to property "primaryGroupID". If you create a new user using "Active Directory Users and Computers" you cannot configure the primary group at all. If you try to create a user using ADSIEdit and set the property "primaryGroupID" to "550" (this is primary group token of "Print Operators") you will run into exception saying the user is not member of this group.

    Regards,

       Tino