Imanami Community

Identity Management by Group Management = Faster Results
Welcome to Imanami Community Sign in | Join | Help
in Search
Home Forums Photos Downloads
Imanami Community » DTM » Knowledgebase » INFO: Active Directory Primary Group cannot be changed when creating a User using DTM

INFO: Active Directory Primary Group cannot be changed when creating a User using DTM

Last post 09-08-2008, 8:35 PM by Usman Zaheer. 0 replies.
Sort Posts: Previous Next

  •  09-08-2008, 8:35 PM 723

    INFO: Active Directory Primary Group cannot be changed when creating a User using DTM

    This article applies to:

    • DTM 3.0

    Description:

     

    When importing users using DTM, the primary group in Active Directory to which users are added is "Domain Users".  This setting cannot be changed.  As a result, DTM will always add users to the Domain Users group.

     

    The attribute for primary group is "primaryGroupID".  This attribute is owned by System Accounts Manager (SAM), so writing to this attribute is not allowed by Active Directory.

     

    The following is a list of attributes that belong to System Accounts Manager and they cannot be changed when users are created by DTM:

     

    ·         badPasswordTime

    ·         badPwdCount

    ·         lastLogoff

    ·         lastLogon

    ·         logonCount

    ·         memberOf

    ·         objectGUID

    ·         objectSid

    ·         primaryGroupID

    ·         pwdLastSet

    ·         sAMAccountType

     

    Additional Information:  Please review the Microsoft article provided at the following link for more information: http://support.microsoft.com/kb/276382
View as RSS news feed in XML
Copyright 2010 Imanami Corporation. All Rights Reserved.
Powered by Community Server (Personal Edition), by Telligent Systems