Database Search
If you can't find the information using the categories below, post a question over in our WinBatch Tech Support Forum.
TechHome
ADSI
 |
- !!!NEWSFLASH!!!
- !Reading List
- 1063 Object Doesnt Exist
- 1068 Error trying to duplicate user groups
- 1073 Cannot Contact the LDAP Server
- 234 Unable to Parse ADSI Path on WinPE
- 275 Search Return Too Many Object Paths
- Active Directory - Force Replication
- ACTIVEDS.dll could not be Found in the Specified Path
- AD Account Creation Date
- AD Event Monitoring Issues
- AD Locked Account Problem
- AD MachineRole Property
- AD OU Membership
- AD Password Expires Date
- Add a user to a OU
- Add more then one Othermailbox to Account
- Add New Mail Account to users that do not have one
- Adding a Machine to an AD Domain
- Adding a workstation (NT4 and W2k) to the domain
- Adding a Workstation to AD in Correct OU
- Adding NT4 Global Group to a Windows 2000 Domain Local Group
- ADSI and COM
- ADSI Function Equivalent to wntMemberSet
- ADSI IIS related bug in Win2k3 sp1
- ADSI Scriptomatic
- ADSI Special Characters
- ADSI Support on Windows PE
- Attributes - Property Names - of an AD Account
- Bad Path Error on NT4
- Binding to the Global Catalog
- BitLocker Recovery Key
- Check for Admin Access
- Check if a Computer Belongs to a Certain OU
- Check if User Account Object Exists
- Check to see if Print Services are Running
- COM - Active Directory Published Certificates Info
- Convert Qword
- Converting Properties to a Human Readable Form
- Copy User or Computer account in AD
- Create a Mailbox and NT-Security-Descriptor property
- Create an OU in ADSI
- Create Virtual Directory
- Creating Computer Accounts
- Creating IIS 5 FTP Users
- Date AD account was modified last
- Delete Mailbox in Exchange
- Detect Disabled Accounts
- Disable Computer Accounts
- Display list of OUs
- Distribution List and Members
- Dont Expire Password
- dsAddtoGrp 1063 Object Does Not Exist
- dsAddToGrp and What is TESTECH
- dsDeleteObj Issue
- dsFindPath Limitation
- dsFindPath Search Request Slow
- dsfindpath Syntax Error
- dsFindPath with NULL Criteria
- dsGetMemGrp Sample
- dsGetProperty Error 1001 Using Slash in Path
- dsGetUsersGrps Error 1001
- dsGetUsersGrps Problem
- dsMoveObj error 1068
- dssetcredentx Error - The Requested Object does not Exist
- dsSetPassword and Blank Passwords
- dsSetProperty Error 246 Custom Attribute
- dsSetProperty userAccountControl
- dsSetSecProp Set Security Permission
- Editing IIS Properties in 2003 SP1
- Enumerating computers in a Win2k AD domain
- Error 1026 - the specified domain either does not exist or could not be contacted
- Error 1045 Operation is not Allowed on RDN
- Error 1047 Creating Exchange 5.5 Mailbox
- Error 1047 Operations Error Occured
- Error 1047 with dsCreateObj on Exchange 2K
- Error 1062 Constraint Violation Setting pwdLastSet Property
- Error 1063 using dsObjCreate
- Error 1068 The server is unwilling to Perform
- Error 1068 with dsSetObj on New User Account
- Error 212
- Error 222 with dsGetChildPath
- Error 234 Unable to parse ADSI path on NT4
- Error 239 Attempting to Rename an Account
- Error 241 when trying to remove a user from group
- Error 243 - Not a property of the object.
- Error 246 - Propertys syntax not supported
- Errors 1001 and 1026
- Examples for ADSI not working
- Exchange with ADSI
- Extract SMTP address in Exch 5 5
- Find DHCP
- Find Exchange Servers
- Finding a Users Exchange Server
- Force Password Change for ADSI User
- ForeignSecurityPrincipals Issue
- Get Computer Names
- Get Current User Path
- Get Effective Permissions
- Get Exchange Server a Users Mailbox is On
- Get List of all Exchange Aliases from Active Directory
- Get Logged In User
- Get User Properties
- Get Users Full Mame from their Logon ID
- Getting LastLoginTimestamp Value in ADSI
- Group Membership Checking
- How do I set the Password and Other Properties
- How to Get at Virtual Dirs
- How to Interpret UserFlags
- How to Pull all ObjectClass Items
- How to Rename an Account
- How to Specify ADSI Paths
- Instantiating Application Objects with ADSI
- LDAP Path with Comma
- LDAP Query Syntax
- List and Retrieve Groups in an OU
- List Computer Objects
- List Disabled User Accounts on the Domain
- List Groups a User is a Direct Member Of
- List Groups Computer is Member Of
- List Groups in OU
- List OU Objects
- List Users that Belong to an OU W2k AD
- List Users with Multiple Attributes
- Lookup Hidden Mailboxes in Exchange 5.5
- Member of Nested Group
- Modify UserAccountControl Attribute
- Move computer between containers
- MsExchMailboxSecurityDescriptor
- Name display --lastname, firstname
- Problem doing CreateMailbox on Exchange 5
- Problem Getting and Settind the AccountExpires Active Directory Property
- Proper AD Query
- Proper Syntax for an LDAP Path
- Query User to Identify which OU it Belongs
- Recursive Searching and dsGetChildPath vs dsFindPath
- Removing User Must Change Password At Next Logon
- Rename Computer in AD
- Renaming a Group in Active Directory
- Reset passwords in Active Directory
- Return Closest Domain Controller using ADSI
- RootDSE Explanation
- Search All Users in AD for a Property
- Set AccountExpires attribute
- Set Logon Name - ADSI
- Setting Expiry Date on AD Account
- Synchronize Domain and Local Password Issue
- Terminal Server Properties
- Test if Object is a Group
- Three Ways a User is Part of a Group in AD
- User Permissions on an AD Object
- Users Last Logon Time
- Verifying User Credentials Against AD
- Virtual directories on IIS via ADSI
Can't find the information you are looking for here? Then leave a message over on our WinBatch Tech Support Forum.
Error 241 when Trying to Remove a User from Group
Keywords: error 241 remove user
Question:
I tried to remove a user from the group "Domain Users" but it gives error 241 "object not a member of group". I believe this is because it is by default set as the Primary group.If that user is a member of 2 groups and a different group is set to the primary group then it can be removed from the group fine. So... Is there any way I can set the primary group? Or any other way to accomplish this?
I am aware that this "primary group" can be set on WIndows NT using "wntUserSetDat" But...Since my user is in a OrgUnit I dont think I can use the wnt functions because they wont deal with users except if they are in the "user" folder (I assume microsoft uses this for backward compatibility)
AddExtender("wwads34I.dll") ; Active Directory Services
AddExtender("WWWNT34I.DLL") ; Window NT/2000 network ; ver 11017 as of 7/20/00
nl='%@crlf%'
Old_style_domain_name='msuding'
DC_domain_name='DC=msuding,DC=yardi,DC=com'
debug(@on)
user_to_remove_from_group='LDAP://%old_style_Domain_Name%/CN=ff1,ou=FF,%DC_domain_name%'
;Group_to_remove_a_user_from='LDAP://%old_style_Domain_Name%/CN=ff,ou=FF,%DC_domain_name%'
Group_to_remove_a_user_from='LDAP://%old_style_Domain_Name%/CN=Domain
Users,cn=Users,%DC_domain_name%'
Message('user and group', '%user_to_remove_from_group% %nl% %Group_to_remove_a_user_from%')
result=dsRemFromGrp(group_to_remove_a_user_from, user_to_remove_from_group)
exit
Answer:
It's not pretty but it works. This task should be a little more straight forward with the next version of the ADSI extender.
AddExtender("wwads34I.dll")
AddExtender("WWWNT34I.DLL")
UserObject = "LDAP://Mydomain/cn=Rem
User,ou=testouone,dc=Mydomain,dc=tree,dc=windowware,dc=com"
UserContaner = "LDAP://Mydomain/cn=users,dc=Mydomain,dc=tree,dc=windowware,dc=com"
DomainUserGroup = "LDAP://Mydomain/cn=domain
users,cn=users,dc=Mydomain,dc=tree,dc=windowware,dc=com"
GuestUserGroup = "LDAP://Mydomain/cn=domain
guests,cn=users,dc=Mydomain,dc=tree,dc=windowware,dc=com"
ouContainer = "LDAP://Mydomain/ou=testouone,dc=Mydomain,dc=tree,dc=windowware,dc=com"
; Add user to new group
dsAddToGrp(GuestUserGroup, UserObject)
; Move user to "users" container
tempUserObject = dsMoveObj( UserObject, UserContaner, "" )
; Change primary group.
rid = wntGroupInfo("myserver","domain guests", @GLOBALGROUP, 2)
wntUserSetDat("myserver", "ruser", "primary_group_id" , rid )
; Remove user from old primary group.
dsRemFromGrp(DomainUserGroup, tempUserObject)
; Move user back to old container.
dsMoveObj( tempUserObject, ouContainer, "" )
Article ID: W14512
Filename: Error 241 when trying to remove a user from group.txt
File Created: 2001:03:02:14:40:12
Last Updated: 2001:03:02:14:40:12