Overview #

MemberOf is an LDAP AttributeType where the value is the DN of an LDAP Entry is the Group that the current LDAP Entry is a member in a Group and is referred to as a Forward Reference. (or Virtual Attribute)

MemberOf is usage is dependent on the LDAP Server Implementation but is a known to be used in Microsoft Active Directory

A Virtual Attribute Microsoft Active Directory#

MemberOf is a Virtual Attribute. This implies You can not monitor the MemberOf attribute for changes (Like with DirXML)

Within Microsoft Active Directory MemberOf is flagged as "NO-USER-MODIFICATION" (or System-Only)[1]; This means you can NOT update the Attribute Value. In order to add a user to a group you have to write the user's DistinguishedName to the member attribute on the group object.

LDAP Microsoft Active Directory Attribute Definition#

The MemberOf AttributeTypes is defined as:

Beware of MemberOf#

Active Directory Groups only include MemberOf if they have a Group Scope of:

More Information #

There might be more information for this subject on one of the following: