You cannot add Active Directory users to the Unix attribute tab of a group in Windows Server 2008 R2

Applies to: Windows Server 2008 R2 DatacenterWindows Server 2008 R2 EnterpriseWindows Server 2008 R2 Standard


In the Active Directory Users and Computers console in Windows Server 2008 R2, you try to add Active Directory users to the Unix attribute tab of a group. However, the user is not added. Additionally, the application may crash after you click OK or Apply on the Unix attributes tab.


This problem occurs because of uninitialized memory in the structures that are passed to LDAP operations. When the memberUID attribute exceeds the limit in the Active Directory schema, the uninitialized memory causes the access violation in Microsoft Management Console (MMC).

The attribute size limit for the memberUID attribute in the schema is 256,000 characters. It depends on the individual value length on how many user identifiers (UIDs) will fit into the attribute.


To resolve this issue, we have released a hotfix for Windows 7 or Windows Server 2008 R2. Check out the prerequisite before you install this hotfix.
Also notice that you will receive the following error message when you encounter the issue in the "Symptoms" section after you apply this hotfix:
Cannot update the memberUID attribute for the selected NIS domain, because the maximum length available for the attribute memberUID has been exceeded. Either remove users who no longer need to be part of this group, or create another Active Directory group.

Hotfix information

A supported hotfix is available from Microsoft Support. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing the problem described in this article. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, go to the following Microsoft website: Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.


To apply this hotfix, you must have Service Pack 1 for Windows 7 or Windows Server 2008 R2 installed.

Restart requirement

You must restart the computer after you apply this hotfix.

Hotfix replacement information

This hotfix does not replace any previously released hotfix.


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

More Information

After you apply this hotfix package, the fix for the identified issue in the code helps avoid future MMC crashes. When the administrator tries to add Active Directory users to the Unix attribute tab of the group and the limit is exceeded, MMC exits gracefully and displays an error message instead of crashing.

This hotfix package does not increase the limit on the maximum number of users who can be added to the Unix attribute tab of the group. Also, this hotfix package does not take any corrective action on the partial list of users who may have been added to the group when the issue that is described in the "Symptoms" section occurred.

Note If the current number of users in this group is five less than the maximum and you try to add ten more users, only the first five users will be added.


Learn about the terminology that Microsoft uses to describe software updates.