active-directorygroup-policywindows-server-2003
I have a group (group1) containing users.
In real life, this group is handled by two people (group1-leads).
I want group1-leads to be able to manage group1.
So I double-click on group1 navigate to the Managed By tab and change to group1-leads.
However when I click "OK", I get an error message telling me:
An object (User) with the following name cannot be found:
group1-leads… bla bla bla
How do I set a group in this field?
try
dsget group "CN=GroupName,DC=domain,DC=name,DC=com" -members
I'd say set up a query for the user search instead of using the Find feature. It's a few extra clicks, but gives you the Attribute Editor tab properly.
Make sure you set the query definition to the "Users..." type instead of the "Common Queries" type, so you get the right search behavior..
..and the Attribute Editor tab works on the object when opened from this view.
Best Answer
The same effect can be accomplished by setting a custom AD right. I don't have AD in front of me right now so I don't have the exact attribute needed, so please bear with me.
If you go into the Group you want to be managed, go to the Security tab and hit Advanced.
This will allow the second group to manage the membership of the first group. This won't be reflected in the "Managed By" tab, though.