Function
Creates a group in Active Directory. Using this action you can create Local groups, Global groups or Universal groups. The groups can be Security groups or Distribution groups. The groups can be placed in any container you specify. A description can be added to easily identify the group.
Deployment
This action is typically used for creating multiple groups. When building your Active Directory from the ground up, one of the first thing you should do is create the groups of which the other Active Directory object will be members. Groups can be used to easily allow or deny users access to parts of the network.
Properties
Property Name Description Typical setting Remarks
Domain The domain in which to
create the group. %Domain% Often the domain name is used in many different actions, and is determined and stored in a variable previous to the action ( e.g. %Domain%). The name of the domain can be either in DNS or NETBIOS style. (e.g. Tools4ever.com or
TOOLS4EVER). For more information on how to specify the domain/OU/container in which the group is created, see the Remarks section below.
Organizational Unit-
Container The name of the Active Directory Organizational unit or other container in which to create the group.
Users Specify the path of the organizational unit (OU) or container relative to the domain. To specify OUs in OUs, use the full path relative to the domain, separated by slashes: OU/ChildOU/GrandChildOU. Examples: students or students/group1. For more information on how to specify the domain/OU/container in which the group is created, see the Remarks section below.
82
LDAP container Optional: The LDAP name of the container in which to create the group.
Optionally specifies name of the Active Directory container in which the group is created directly by means of its LDAP name (Example: CN=users,
DC=tools4ever,DC=com Example: OU=Group1, OU=Students, DC=tools4ever, DC=com)
This specification can be used instead of the Domain and Organizational Unit- Container properties of this action. If specified, the specified LDAP Container takes precedence, and the Domain And Organization Unit-Container properties are ignored. For more information on how to specify the domain/OU/container in which the group is created, see the Remarks section below.
Domain (controller) Optional: The name of the domain controller or domain used to access the domain.
If this value is not specified, the application creates the account on a domain controller that is determined by Active Directory (serverless binding). If a domain controller is specified, the account is explicitly created on the specified controller (server binding). In both cases, Active Directory itself will replicate the account information to all domain controllers in the forest automatically as required. Depending on the actual User Management Resource Administrator Script used, it may be necessary to specify a domain controller here. If an subsequent script action does an Active Directory query to obtain information of the newly created group, this query may occur before Active Directory has replicated the new information to other Domain Controllers. As a consequence, the query may fail to find the newly created group. When both actions however specify the same domain controller, the newly created group can be found.
Often a requery of Active Directory by subsequent actions for the newly created group can be prevented by using the Group Object that is created by this action in subsequent actions, instead of the name of the group.
83
CommonName The CommonName is
the name of the group. This name is most commonly used in user interfaces.
%GroupName% In this action the CommonName and SAM-Account-Name will be the same by default. To change this, you should create an other variable for one of the settings.
SAM-Account-Name The group name(Pre- Windows 2000) without the (NETBIOS) Domain name.
%GroupName% This name is required, also in domains that use solely Active Directory domain controllers.
A SAM-Account-Name cannot be identical to any other user or group name on the domain being administered. It can contain up to 20 uppercase or lowercase characters, except for the following: " / \ [ ] : ; | = , + * < >. A SAM-Account- Name cannot consist solely of periods (.) or spaces.
Description A text string, that will be shown in the Description field of the group in windows. The string can have any length.
Local group When set to 'Yes' the
created group will be a (domain) local group.
No One of the three groups (local, global and
universal), must be set to 'Yes'. Global group When set to 'Yes' the
created group will be a global group.
No One of the three groups (local, global and
universal), must be set to 'Yes'. Universal group When set to 'Yes' the
created group will be a universal group.
No One of the three groups (local, global and
universal), must be set to 'Yes'. Security group When set to 'Yes' the
created group will be a security group. When set to 'No' a distribution group will be created.
No
No error if group already
exists When set to 'Yes' no error will be generated. No Warning: when set to 'Yes' some errors are ignored and scripts may not be completed correctly.
Group Object
Distinguished Name The Object Distinguished name of the just create group.
%GroupODN% output only. Can be used as input in other actions where a Object Distinguished name is required.
84
Group Object An internal data
structure representing the group. this property will only give an output. this output can be used in other script actions.
This script action has an output variable (default: %GroupObject%). This variable can be used in other script actions.
Remarks
Domain / OU / Container / LDAP -specification
User Management Resource Administrator supports several methods to specify the entity (domain, OU or container) in which the group will be created. These methods differ in the way the property values are specified. The properties involved are: Domain, Organizational Unit-Container, LDAP container. Depending on your network environment and input data, you should choose the method that fits best:
Properties
specified Properties not specified Example Description
Domain Organizational Unit-Container
LDAP container Domain: TOOLS4EVER or tools4ever.com
Organizational Unit- Container: STUDENTS/GROUP1
This is most easy method to create groups in OU's. To create the group, User Management Resource
Administrator will automatically compose the LDAP name of the container to create the group.
Domain LDAP container
Organizational Unit- Container
TOOLS4EVER or tools4ever.com Use this method only, to create groups in the domain root. No OU is involved. LDAP container Domain
Organizational Unit- Container
OU=Group1, OU=Students,
DC=tools4ever, DC=com Use this method if you want to specify the OU directory using the LDAP format. If this property is specified, the Domain and Organizational Unit- Container properties are ignored.
85