0

This question is related to an answer of another question: https://superuser.com/a/1555013/298965

Please, how do I access, view or change the IsContainer property of an AD Group?

I have tried it in a Hyper-V Windows Server 2022. I have installed the Active Directory Domain Services. I have opened the Active Directory Administrative Center and created a new Group. However, when viewing the Group attributes, I cannot see any isContainer property:

Attributes of my test group

I have also tried editing the schema and "unhiding" the Container CN, based on this guide: https://www.robinhobo.com/how-to-create-container-objects-in-active-directory-not-ous/

However, no new attributes have been displayed.

Improve this question
4
  • The weird thing about that another question is that groups actually aren't containers. They don't "contain" any child entries the way OUs do; they only reference member entries through an attribute. Even if the IsContainer property were writable (which in itself doesn't make sense), I can't think of any reason why any tools would expect it to be set.
    – grawity_u1686
    Commented Dec 8, 2021 at 10:43
  • 1
    And on top of that, there is no IsContainer attribute anywhere in the AD schema. So maybe that person wasn't talking about an LDAP attribute, but about some abstraction that C# provides – which might map to some entirely different LDAP attribute under the hood... I did find an IsContainer property that certain C# objects have, but it is unclear what it actually corresponds to, and of course it is a read-only property.
    – grawity_u1686
    Commented Dec 8, 2021 at 10:49
  • I think what mattbbpl actually meant is that they somehow changed something else in the group's entry which then resulted in the .NET "directory" API detecting it as a container... (Still can't see why a group would need that, though.)
    – grawity_u1686
    Commented Dec 8, 2021 at 10:50
  • @user1686 via extensive Googling and digging through the .NET GitHub repo, I was able to find out that the IsContainer property is derived from this COM interface. But I still don't understand how is that connected to the AD attributes.
    – Storm
    Commented Dec 8, 2021 at 13:16

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .