When i try to pass memberOf field in JS dict during creation of a member or even to edit it after via
const change = new Change({
operation: 'replace',
modification: {
[field]: value
}
});
return new Promise((resolve, reject) => {
client.modify(dn, change, err => {
client.destroy();
if (err) {
reject(err.message);
}
resolve();
});
});
It simply throws an error
(node:5136) UnhandledPromiseRejectionWarning: 0000209A: SvcErr: DSID-031A107A, problem 5003 (WILL_NOT_PERFORM) , data 0
So, how do i change membership in AD?
As a side question, where can i find examples of using ldapjs and good docs? official site is kind of lackluster
You cannot change the memberOf attribute. It is a Linked Attribute (also called "back-link"). The value is calculated based on groups that have the user in its member attribute.
So to add a user (or any object really) to a group, you have to change the member attribute of the group.
The AD Users and Computers application doesn't make this clear, since it lets you add a person to groups on the "Member Of" tab of the user properties. But really, it's modifying the member attribute of the group in the background.