Resolution
Directory and Resource Administrator 7.5
symptom
New and cloned user accounts are not members of the default Domain Users group.
symptom
When cloning an existing account the new account is not a member of the Domain Users group.
cause
If the Domain Users group has been moved to an OU other than the default built-in Users container, Assistant Admins (AA's) need appropriate powers to add users to the Domain Users group unless it is the primary group for the user.
fix
If the Domain Users group has been moved out of its default built-in container, and it is not the primary group for a new or cloned user, AAs must have appropriate powers to add users to this group.
For User Create operations:
If the Domain Users group is not in the built-in Users container and the default primary group for a new user is not the Domain Users group, then the Users group is treated like any other group. The Assistant Admin needs to have appropriate powers to add members to the Domain Users group and there must be a rule that includes the Domain Users group in the ActiveView.
For User Clone operations:
If the Domain Users group is not in the built-in Users container and the default primary group for a new user is not the Domain Users group, then the Users group is treated like any other group. The Assistant Admin does not need any particular power to add users to the Domain Users group, but there must be a rule that includes the Domain Users group in the ActiveView.