In our company AD, we use an AD Domain Group to give members Internet
Connection (that group is linked via LDAP to our proxy system), let's
call it "internet group".
At the moment, we usually use an MMC console with AD snap in installed
on our workstations to manage internet group's members without having to
RDP to the server.
Internet group is in a dedicated OU with permissions for certain users
to manage group membership.
I was looking for a solution to acheive the same but via a web interface..
1) Authorized users should have permissions to edit internet group
(listing and add/delete members) via a web interface.
2) Users should log-in to the web interface via a Kerberos SSO system
using the Windows Logon, so they don't have to logon twice..
Any suggestion about the best way to do this?
Forum info: http://www.activedir.org
Problems unsubscribing? Email admin@xxxxxxxxxxxxxxxx
Manage group's members via web interface
- 93 Views
- Last Post 09 May 2017
There are commercial products for this such as ManageEngine ADManager Plus, Microsoft FIM/MIM, ec.
However, it really depends on what's acceptable and if you can put something together that's free. It's not too difficult to write your own.
You could use Deployment Web Services. It has an AddUserToGroup and RemoveUserFromGroup function that you can call via a browser. Review Part 1 and 2 of my articles to see if it's something that fits your requirements: http://www.jhouseconsulting.com/2016/12/12/installing-configuring-securing-and-using-mdt-webservices-part-1-1713