Adding group membership to a user

[avershave]

Hello!

Was just successful in editing some basic user information (specifically description). I was wondering if it was possible to add group membership to a user using the source code of DSInternals? I see there's setting primary membership ID but I want to expand on it more than just setting that particular ID.

Thanks!

[MichaelGrafnetter]

Adding group membership is tricky. Since Windows Server 2003, it is implemented as linked values.

Only retrieval of linked values is currently implemented in DSInternals.DataStore.
Getting DNTs of member and memberOf can be performed with the LinkResolver class and translation of those DNTs can be performed with DistinguishedNameResolver.

Adding a member to a group would involve modifying a row in link_table, if such a membership existed previously, or adding a new row to this table if such membership never existed. Actually, 2 rows need to be added, one for the link and the other one for the corresponding backlink. You also need to deal with phantom objects in cross-domain scenarios on non-GCs.

If you have the courage to implement this feature, feel free to send a PR.

[avershave]

I appreciate the response. I'll try to see what I can do. I have a ton of free time now so I can dwell on this for a bit.

In the meantime, hope all is well and stay safe!

[MichaelGrafnetter]

THX. If I were you, I would start by retrieving the current group membership. When that's done, I will give you some more detailed hints on the modification part.

[Kurainu]

I also tried to retrieve the group membership from one group and could also retrieve the group DNT's by using the index "backlink_present_active_index" in the Link Resolver.cs and used the GetLinkedDNTags Method and returning the Link_DNT Column to return the DNT of the Group the User is belonging to.

Is there a structure that i should consider when I'm going to implement it to fit it in the DSAccount object and retrieve the groups for the PR (when i have the time to work in it)? Or can i just simply implement it the Way i think it's good?

[MichaelGrafnetter]

Hi @Kurainu , thanks. I did not think about the structure yet. I suppose that a property called MemberOf, containing a list of CNs or DNs of the groups would be sufficient.

[Kurainu]

@MichaelGrafnetter i implemented the feature in the way that the DSAccount has a string[] Memberof Property that contains all DNs of the groups.

But i only implemented it in the C# projects (Common, Datastore) since i only can the absolute basics in c++ and therefore cant really implement it in the Replication projects sadly (because it used the DirectoryObject class and its referenced in the Replication projects) neither i try to implement it or you implement it afterwards. I'm Sorry for the Inconvenience

Then the next part would be the modification of the membersip which is a bit trickier i would suppose.