You have been tasked with creating an eDirectory group with membership identical to, or very similar to, a group that already exists. The members of the existing group, and your soon to be new group, numbers in the dozens or even hundreds of members. You certainly would rather not manually add each member to this new group.
You are aware of the issues with rights that using ConsoleOne 1.3.6f to accomplish this can entail. (See the example and TID reference below.) You do not have time to pursue LDIF or a 3rd-party utility solution, and/or management will not support you in doing so, even if the utility is free.
(STANDARD DISCLAIMER) Check eDir health on the replicas of the partition(s) holding the groups involved. Then, use iManager 2.6 or later, making sure it has the basic plugins installed, to complete the following steps.
First, you need to create the new group to which you need to add all those users. Please create this group using iManager.
1. From “Roles and Tasks”, select the main category “Groups”, then select “Create Group”.
2. Follow whatever procedures and guidelines your business has defined to fill out all information, and save it.
3. While still in Roles and Tasks, click Groups.
4. Select the subcategory “Modify Members of Groups”. Note: For future reference, be very careful what you do under this task.
5. Browse or Search to the existing Group. This is the one that already has all the users, plus or minus a few, that you want the new group to have as members.
6. Click on the group, then click OK.
7. Under the General tab, click Group Memberships.
8. Change the dropdown box from Ignore to Add.
9. Either click the blue magnifying glass icon (Object Selector – Browser/Search icon) or type in the fully qualified name of the NEW, empty group you created earlier.
10. Click OK. The group should be added to the window under the Group Membership text box on the previous page.
11. Verify the above, and verify that a Count of 1 is displayed underneath.
12. Click OK again.
13. If prompted, affirm this action.
14. Confirm that the action is being performed. You should now see a status bar counting down the number of user objects, as they are being added to your new group.
15. When the status window closes, wait a minute or two, then delete and/or add the necessary user objects from the newly created group to have the desired membership.
16. Finally, wait just a bit, then check a random sampling of these users for proper membership. If your eDirectory is healthy, you are now done.
Example of Possible Problems Using ConsoleOne
If you are using ConsoleOne 1.3.6f, selecting a group and adding members to it will NOT properly set the “Security Equal To” attribute. Thus, if this group is meant to give rights to directories, it will fail in assigning these rights to group members. Reference TID 3091197.
As a side note, ConsoleOne 1.3.6h does not have this issue, and you can also, with mixed results, patch 1.3.6f with a jar file – again, refer to the TID.
Instead, regardless, why not always use iManager? It works flawlessly if you set it up properly.
Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment. It just worked for at least one person, and perhaps it will be useful for you too. Be sure to test in a non-production environment.