Overview #

In Microsoft Active Directory the MemberOf value is the DN of an entry that the current entry is a member in a Group and is referred to as a Forward Reference. (We use the term Virtual Attribute)

A Virtual Attribute Microsoft Active Directory#

MemberOf is a Virtual Attribute. This implies You can not monitor the MemberOf attribute for changes (Like with DirXML)

Within Microsoft Active Directory MemberOf is flagged as "NO-USER-MODIFICATION" (or System-Only)[1]; This means you can NOT update the attribute. In order to add a user to a group you have to write the user's dn to the member attribute on the group object.

Beware of MemberOf#

Active Directory Groups only include MemberOf if they have a Group Scope of:

More Information #

There might be more information for this subject on one of the following: