group membership in registry
how can i change group memberships using registry keys without accessing AD users & computers ?
Software/Hardware used:
Software/Hardware used:
ASKED:
December 21, 2005 10:10 AM
UPDATED:
December 22, 2005 2:38 AM
Answer Wiki:
1st advice: Don't try it.
Speaking as one who has had to rebuild systems many times after getting adventurous with my registry editing (but on my machines, not my customer's) you may well be able to do it, but your description alone sounds like a production business system, and you may be setting yourself up for a rebuild. Just use the tools provided (MS or 3rd Party).
I've certainly learned how to do some interesting things with the registry - I'm just not convinced that the knowledge was cost-effective.
Bob
To see all answers submitted to the Answer Wiki: View Answer History.
2nd advice:
Even if you do use a registry hack to change group memberships it will work only for a short time. Once the AD update cycle starts, by default no more than 90 minutes from the last update cycle, your changes would be reversed back to what is contained in AD.
One question:
Why are you even considering doing this? Perhaps you are a client administrator and not an OU or Doamin or Enterprise admin or you have not been given the rights to use the AD snap-in?
If so this is not the way to get done what you need. Talk to your real admin’s.
RWJ
You cannot change group member ships through registry keys as this information is not in the registry.
For local accounts it is in the SAM database and for AD users data is in the ntds.dit file and “Active directory user and computers” is the frontend for editing this. Alternatively use LDP, Scripting or net user.