How do I restrict the total number of members of a group on a per group basis? (NETIQKB29461)

  • 7729461
  • 02-Feb-2007
  • 19-Jun-2007

Resolution

goal
How do I restrict the total number of members of a group on a per group basis?

fact
Directory and Resource Administrator 6.60

fact
Directory and Resource Administrator 7.x

fix

There is a built in policy called "$GroupSizePolicy" in Directory and Resource Administrator that allows you to control the limit of total group membership; however, this policy is a global policy and pertains to all groups. 

In order to limit the size of a group, on a group by group basis, you would need to use a trigger.  Configure the trigger to fire for the GroupMemberAdd operation.  The trigger will retrieve the cached property called "$MCSGroupMembers" and compare it to a predefined value that you set. The $MCSGroupMembers value holds the number of members of a group.  You need to tie this trigger to the GroupMemberAdd operation, the objects defined in the ActiveView, and to the Assistant Admin group so, you can limit the scope of the trigger.   The ActiveView should be defined for the specific group that you want to apply this trigger to.

There is no means to limit the group membership natively.  There aren't any attributes of a group that holds groupmembership count.  There is no attribute for setting Maximum number of group members.  Please refer to the following Microsoft article for information pertaining to the Group schema:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adschema/ad/win2k3_c_group.asp

 



Additional Information

Formerly known as NETIQKB29461