ADAM: What is automatically setting user.memberOf when a user is added to group.member?

Discussion in 'Active Directory' started by Michael Herman \(Parallelspace\), Sep 16, 2004.

  1. I want to create a pair of classes similar behaviour to group and user.

    I specifically want to recreate the behaviour I see when I add a user to the
    member attribute an AD "group" and automatically AD is setting the memberOf
    property of an AD user to refer to the group.

    How can I recreate this behaviour in a pair of new classes specific to my
    application?

    Michael.

    --
    Michael Herman
    Parallelspace Corporation
    Developers of Advanced Business Collaboration Solutions for Microsoft
    SharePoint, Microsoft Live Communications Server and Groove Workspace

    Portal and Content Migration Solution Specialists:
    http://www.parallelspace.net/sharepoint
    SharePoint Migration Knowledge Center:
    http://groups.yahoo.com/group/sharepointmigration
     
    Michael Herman \(Parallelspace\), Sep 16, 2004
    #1
    1. Advertisements

  2. I think I found the answer here:
    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ad/ad/linked_attributes.asp
    Linked Attributes
    Linked attributes are pairs of attributes in which the system calculates the
    values of one attribute (the back link) based on the values set on the other
    attribute (the forward link) throughout the forest. A back-link value on any
    object instance consists of the DNs of all the objects that have the
    object's DN set in the corresponding forward link. For example, "Manager"
    and "Reports" are a pair of linked attributes, where Manager is the forward
    link and Reports is the back link. Now suppose Bill is Joe's manager. If you
    store the DN of Bill's user object in the "Manager" attribute of Joe's user
    object, then the DN of Joe's user object will show up in the "Reports"
    attribute of Bill's user object.


    A forward link/back link pair is identified by the linkID values of two
    attributeSchema definitions. The linkID of the forward link is an even,
    positive, nonzero value, and the linkID of the associated back link is the
    forward linkID plus one. For example, the linkID for "Manager" is 42 and the
    linkID for "Reports" is 43.

    The following is a list of guidelines for defining a new pair of linked
    attributes:

    a.. The linkID values must be unique amongst all attributeSchema objects.
    To avoid conflicts, values for the linkID attributes should be obtained from
    the http://msdn.microsoft.com/certification/ADLinkID.asp website.
    b.. A back link must have a corresponding forward link, that is, the
    forward link must exist before a corresponding back link attribute can be
    created.
    c.. A back link is always a multi-valued attribute. A forward link can be
    single-valued or multi-valued. Use a multi-valued forward link when there is
    a many-to-many relationship.
    d.. The attributeSchema value of a forward link must be 2.5.5.1, 2.5.5.7,
    or 2.5.5.14. These values correspond to syntaxes that contain a
    distinguished name, such as the Object(DS-DN) syntax.
    e.. The attributeSchema value of a back link must be 2.5.5.1, which is the
    Object(DS-DN) syntax.
    f.. By convention, back link attributes are added to the mayContain value
    of the top abstract class. This enables the back link attribute to be read
    from objects of any class because they are not actually stored with the
    object, but are calculated based on the forward link values.
     
    Michael Herman \(Parallelspace\), Sep 16, 2004
    #2
    1. Advertisements

  3. Correct it is linked attributes.
     
    Joe Richards [MVP], Sep 17, 2004
    #3
  4. And if you create linked attributes that you're planning on handing out (I
    noticed in your sig it looks like you're an ISV?) I'd *strongly* recommend
    registering up on MSDN and getting your own linkIDs (much like you would get
    OIDs). That way you don't overlap with others.

    ~Eric

    --
    This posting is provided "AS IS" with no warranties, and confers no rights.
    Use of included script samples are subject to the terms specified at
    http://www.microsoft.com/info/cpyright.htm
     
    Eric Fleischman [MSFT], Sep 18, 2004
    #4
  5. Thanks Eric, we've done that.

    You can request one batch of 10 LinkIDs per day.

    Michael.
     
    Michael Herman \(Parallelspace\), Sep 21, 2004
    #5
  6. Absolutely.

    Some bonehead software company didn't do that and actually used something that
    is used by Exchange 2003 and some guy has been posting asking how to dig himself
    out of that hole because now he can't forest prep for Exchange.

    joe
     
    Joe Richards [MVP], Sep 23, 2004
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.