ADSI and group membership - what am I doing wrong

I am trying to commit changes to group membership but nothing seems to happen


can find this in the PSBase:

nadda

What gives?

Cheers :-)
Neil

Here's a version of how I have successfully added a member to a group.

Here's a version of how I have successfully added a member to a group.  I just installed the Quest AD cmdlets yesterday
and am looking at how we might use those to accomplish the task.....

$ADS_PROPERTY_APPEND = 3

$user =   [ADSI]"LDAP://<PATH_TO_USER>"
$group = [ADSI]"LDAP://<PATH_TO_GROUP>"
$group.putEx($ADS_PROPERTY_APPEND,"member",@($user.distinguishedname))
$group.setInfo()

This is a multi-part message in MIME format.------=_NextPart_000_0026_01C7C535.

This is a multi-part message in MIME format.

------=_NextPart_000_0026_01C7C535.BD1E3300
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

If you install the Quest AD cmdlets ( =
http://www.quest.com/activeroles-server/arms.aspx )  You can do =
(something like):

Add-QADGroupMember -identitiy (Get-QADGroup myGrp) -member =
(DOMAIN\username)

For more info:
get-help Add-QADGroupMember

From the documentation:
Detailed Description
Use this cmdlet to add objects to a group in Active Directory. You can =
specify a
list of objects to add, separating the list entries by commas.
The cmdlet can use the connection that is established by the Connect-
QADService cmdlet (see "Connect-QADService" earlier in this document).

Example
Connect to the local Administration Service with the credentials of a =
specific
user, add two objects (the first one specified by Domain\Name, the =
second
one specified by SID) to the group, and then disconnect:

$pw =3D read-host "Enter password" -AsSecureString
connect-QADService -service 'localhost' -proxy
-ConnectionAccount 'company\administrator'
-ConnectionPassword $pw
add-QADGroupMember
-identity 'CN=3Dgroup1,OU=3DcompanyOU,DC=3Dcompany,DC=3Dcom'
-member 'company\jsmith',
'S-1-5-21-1279736177-1630491018-182859109-1215'
disconnect-QADService

happen
but I=20
------=_NextPart_000_0026_01C7C535.BD1E3300
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

charset=3Diso-8859-1">
href=3D"http://www.quest.com/activeroles-server/arms.aspx"><FONT =
face=3DArial=20
size=3D2>http://www.quest.com/activeroles-server/arms.aspx</FONT></A><FON=
T=20
face=3DArial size=3D2> )  You can do (something =
like):</FONT></DIV>
(Get-QADGroup myGrp)=20
-member (DOMAIN\username)</FONT></DIV>
Add-QADGroupMember</FONT></DIV>
Description</FONT></DIV>
objects to a=20
group in Active Directory. You can specify a</FONT></DIV>
separating the=20
list entries by commas.</FONT></DIV>
connection that=20
is established by the Connect-</FONT></DIV>
=93Connect-QADService=94 earlier=20
in this document).</FONT></DIV>
Administration=20
Service with the credentials of a specific</FONT></DIV>
first one=20
specified by Domain\Name, the second</FONT></DIV>
the group, and=20
then disconnect:</FONT></DIV>
password"=20
-AsSecureString</FONT></DIV>
-service 'localhost'=20
-proxy</FONT></DIV>
'company\administrator'</FONT></DIV>
$pw</FONT></DIV>
size=3D2>add-QADGroupMember</FONT></DIV>
'CN=3Dgroup1,OU=3DcompanyOU,DC=3Dcompany,DC=3Dcom'</FONT></DIV>
'company\jsmith',</FONT></DIV>
size=3D2>'S-1-5-21-1279736177-1630491018-182859109-1215'</FONT></DIV>
href=3D"mailto:n3llyb0y@aol.com"><FONT face=3DArial=20
size=3D2>n3llyb0y@aol.com</FONT></A><FONT face=3DArial size=3D2>> =
face=3DArial=20
=20
face=3DArial size=3D2>...</FONT></DIV><FONT face=3DArial size=3D2>> =
I'm trying to=20
commit changes to group membership but nothing seems to happen<BR>> =
-filter=20
$grp.member=20
will show the dn of the user is showing at this point<BR>> ## - now I =
try to=20
save the changes - I can't find a SetInfo() method but I <BR>> can =
find this=20
in the PSBase:<BR>> #>$grp.PSBase.CommitChanges()<BR>> <BR>> =

nadda<BR>> <BR>> What gives?<BR>> <BR>> Cheers :-)<BR>> =
Neil=20

------=_NextPart_000_0026_01C7C535.BD1E3300--

Thanks Chris,As you used the SetInfo() method I thought I would try it even

Thanks Chris,

As you used the SetInfo() method I thought I would try it even though it
is not listed in the member properties of the object??

Anyway - my method now works a treat.

Cheers,
Neil

ADSI and group membership - what am I doing wrong

For a discussion of the invisible methods, see:

http://pathologicalscripter.wordpress.com/2006/09/28/invisible-methods-for-adsi/


Cheers,
Jason


------------------------------------------------------
PowerShell Training at SANS Conferences
http://www.WindowsPowerShellTraining.com
------------------------------------------------------

If at all possible use the cmdlets - they make life so much easier-- Richard

If at all possible use the cmdlets - they make life so much easier
--
Richard Siddaway
Please note that all scripts are supplied "as is" and with no warranty
Blog: http://richardsiddaway.spaces.live.com/
PowerShell User Group: http://www.get-psuguk.org.uk