Active Directory Group Create
Version 2
This handler will use the server information and user credentials configured in the task info values to authenticate and connect to the specified Active Directory server (using LDAP) and create a group entry.
In order to build up the Distinguished Name (a unique identifier for the active directory user entry), the handler uses a template specified as a task info value.
The following entry attributes are set once the user entry is created:
Direct Mappings
- name => Group Name
- mail => Email Address
- description => Description
- info => Notes
Computed Mappings
- grouptype => Numerical representation of the group scope and type.
Special Attributes
- objectclass => [top,group]
Task Info Configuration
- dn_format - This value is used to specify the distinguished name of the Active Directory group entry to be created. Anything within curly braces {} will be replaced with the value of the entry attribute or task info value associated with that key. For example, the default format is 'CN={displayname},CN=Users,{base}'. In this case {displayname} is replaced with the displayname attribute value and {base} is replaced with the value of the 'base' task info value. A full list of available entry attributes is available above. If you use organizational units they can be substituted into the distinguished name in this manner.
Parameters
| Name |
Description |
| Group Name |
The name of the group to be created |
| Description |
The description of this group |
| Email Address |
The Email Address for this group. Active Directory can be configured so that all members of a group are notified when the group receives an Email. |
| Group Scope |
Security groups or distribution groups are characterized by a scope that identifies how they are applied in the domain tree or forest. There are three group scopes: universal, global, and domain local. |
| Group Type |
There are two group types, security and distribution. Security groups allow you to manage user and computer access to shared resources. Distribution groups are intended to be used solely as email distribution lists. |
| Notes |
Additional information about the group |
Sample Configuration
| Name |
Description |
| Group Name |
<%=@results['New Group Name']%> |
| Description |
Allows access to the accounting resources |
| Email Address |
Accounting@company.com |
| Group Scope |
Global |
| Group Type |
Security |
| Notes |
<%=@results['Notes']%> |
Results
| Name |
Description |
| Distinguished Name |
CN=Accounting,CN=Users,DC=kineticdata,DC=com |
Changelog
Active Directory Group Create V1 (2011-01-24)
- Initial version. See README for details.
Active Directory Group Create V2 (2014-08-05)
- Changed the password info value to be encrypted.
Related Handlers
- Active Directory Computer Add Groups
- Finds a user in active directory by Distinguished Name and adds the computer as a member to one or more groups.
- Active Directory Computer Remove Groups
- Finds a user in active directory by Distinguished Name (Computer Name) and adds the computer as a member to one or more groups.
- Active Directory Distribution List Member Retrieve
- Finds a Distribution List in active directory by Distinguished Name, or Email Address and returns a comma delimited list of immediate members (e-mail addresses)
- Active Directory User Add Groups
- Finds a user in active directory by Distinguished Name, Full Name, Email Address, or User Logon and adds the user as a member to one or more groups.
- Active Directory User Change Attribute
- Finds a user in active directory by Distinguished Name, Full Name, Email Address, or User Name and changes the specified LDAP attribute.
- Active Directory User Create
- Creates an Active Directory user entry and uses the provided parameter values to specify common user attributes.
- Active Directory User Disable
- Finds a user in active directory by Distinguished Name, Full Name, Email Address, or User Name and disables the user's account.
- Active Directory User Enable
- Finds a user in active directory by Distinguished Name, Full Name, Email Address, or User Name and enables the user's account.
- Active Directory User Expire Password
- Finds a user in active directory by Distinguished Name, Full Name, Email Address, or User Name and sets the password to expired, requiring the user to change it.
- Active Directory User Permanent Password
- Finds a user in active directory by Distinguished Name, Full Name, Email Address, or User Name and sets the 'password never expires' flag.
- Active Directory User Remove Groups
- Finds a user in active directory by Distinguished Name, Full Name, Email Address, or User Logon and remove that user as a member from one or more groups.
- Active Directory User Retrieve
- Finds a user in active directory by Distinguished Name, Full Name, Email Address, or User Name and returns a predefined set of attributes to include the Distinguished Name(dn).
- Active Directory User Temporal Password
- Finds a user in active directory by Distinguished Name, Full Name, Email Address, or User Name and sets the 'password never expires' flag.
1-651-556-1030
sales@kineticdata.com
