Solved

Cannot remove members from AD group.

Posted on 2010-11-24
6
1,730 Views
1 Endorsement
Last Modified: 2012-08-13
Hi,

In my AD, I am trying to remove a user from the group. E.g. remove "userabc" from group "XYZ" but I got an error
"This is the member's primary group, so the member cannot be reomved. Go to the Member Of tab of the member's property sheet and set another group as primary. You can then remove the member from this group"

What is the implication if I set the primary group of "userabc" to another group?
1
Comment
Question by:Decarn
  • 3
  • 3
6 Comments
 
LVL 3

Expert Comment

by:Patricck
ID: 34203393
A user must be in the group. First you need to assign a primary group for the user, and than you can remove.
0
 

Author Comment

by:Decarn
ID: 34203406
Hi Patricck,

I am trying to understand the impact/ implications if I were to assign the user to another primary group so that I can remove that user from that group. Any problems like permissions etc will be affected?
0
 
LVL 3

Expert Comment

by:Patricck
ID: 34203437
Yes, a group means also group permissions.
Examlple:
When a user is in the administrator group, and you will change his group to user group - it will change his rights - he will not have Admin rights anymore.
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 

Author Comment

by:Decarn
ID: 34203840
Hi Patrick,

Correct me if I'm wrong:
Suppose "userA" is in group "groupABC" and "groupXYZ".
"groupABC" is his primary group.
I now set his primary group to "groupXYZ" and remove "userA" from "groupABC". So now he will no longer have access to files, folders and service for "groupABC".

What is the purpose of the primary group?
0
 
LVL 3

Accepted Solution

by:
Patricck earned 500 total points
ID: 34203974
It should be like you say in the AD environment.

http://www.activedir.org/ListArchives/tabid/55/forumid/1/postid/39869/view/topic/Default.aspx

"IMHO the primary group (as found on users, security descriptors, etc.)
is of no special consequence for Windows, and is a vestige of POSIX
influences on early NT. But I would not begrudge anyone proving me
wrong. "
1
 

Author Closing Comment

by:Decarn
ID: 34244955
Thanks got it.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
Many functions in Excel can make decisions. The most simple of these is the IF function: it returns a value depending on whether a condition you describe is true or false. Once you get the hang of using the IF function, you will find it easier to us…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now