[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1940
  • Last Modified:

Cannot remove members from AD group.

Hi,

In my AD, I am trying to remove a user from the group. E.g. remove "userabc" from group "XYZ" but I got an error
"This is the member's primary group, so the member cannot be reomved. Go to the Member Of tab of the member's property sheet and set another group as primary. You can then remove the member from this group"

What is the implication if I set the primary group of "userabc" to another group?
1
Decarn
Asked:
Decarn
  • 3
  • 3
1 Solution
 
PatricckCommented:
A user must be in the group. First you need to assign a primary group for the user, and than you can remove.
0
 
DecarnAuthor Commented:
Hi Patricck,

I am trying to understand the impact/ implications if I were to assign the user to another primary group so that I can remove that user from that group. Any problems like permissions etc will be affected?
0
 
PatricckCommented:
Yes, a group means also group permissions.
Examlple:
When a user is in the administrator group, and you will change his group to user group - it will change his rights - he will not have Admin rights anymore.
0
Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

 
DecarnAuthor Commented:
Hi Patrick,

Correct me if I'm wrong:
Suppose "userA" is in group "groupABC" and "groupXYZ".
"groupABC" is his primary group.
I now set his primary group to "groupXYZ" and remove "userA" from "groupABC". So now he will no longer have access to files, folders and service for "groupABC".

What is the purpose of the primary group?
0
 
PatricckCommented:
It should be like you say in the AD environment.

http://www.activedir.org/ListArchives/tabid/55/forumid/1/postid/39869/view/topic/Default.aspx

"IMHO the primary group (as found on users, security descriptors, etc.)
is of no special consequence for Windows, and is a vestige of POSIX
influences on early NT. But I would not begrudge anyone proving me
wrong. "
1
 
DecarnAuthor Commented:
Thanks got it.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now