Active Directory - Create Group

Declaration

<CREATEADGROUP LDAPPATH="text" USERNAME="text" PASSWORD="text" GROUP="text" DISPLAYNAME="text" DESCRIPTION="text" GROUPTYPE="text(options)" GROUPSCOPE=""text(options)" />

See Also

AD - Create Object | AD - Create User | AD - Delete Object | AD - Get Group Members | AD - Get Object Dataset | AD - Get Object Path | AD - Get Object Property | AD - List Object Path | AD - Modify Group | AD - Modify User | AD - Move Object | AD - Rename Object

Description

Creates a new Active Directory Group in the specified parent container. Groups are Active Directory (or local computer) objects that can contain users, contacts, computers, and other groups that can be managed as a single unit.

IMPORTANT: In order to properly use AutoMate's Active Directory actions, you should have a basic understanding of Active Directory and related components (e.g. domain controllers, trust relationships, forests, OUs, LDAPs, etc.) Also, to ensure that these actions function appropriately, the target system must be part of a domain.

Practical Usage

Often used to create an Active Directory group in which to add members to. Users and computers that belong to a particular group are referred to as group members.

Parameters

General Properties

Property

Type

Required

Default

Markup

Description

Parent Path

Text

Yes

(Empty)

LDAPPATH=

"LDAP://DC=netauto,DC=com"

The Lightweight Directory Access Protocol (LDAP) path of the parent Active Directory container. This is usually the top most container or rootDSE path, the root of the directory data tree on a directory server.

Click the Select Container button to launch a standard Windows Active Directory dialog box that allows for the selection an Active Directory container.

Name

Text

Yes

(Empty)

GROUP="Group1"

The name of the Active Directory group to be created.

Display Name

Text

Yes

(Empty)

DISPLAYNAME="Davelopers"

The display name of the Active Directory group to be created.

Description

Text

Yes

(Empty)

DESCRIPTION=

"Automate Developers"

A description of the Active Directory group to be created.

Group Type

Text (Options)

No

Security

GROUPTYPE="Distribution"

The type of Active Directory group to be created. Sending an e-mail message to a group sends the message to all members of the group. The available options are:

  • Security - Security groups allow you to manage user and computer access to shared resources. You can also control who receives group policy settings. This simplifies administration by allowing you to set permissions once on multiple computers, then to change the membership of the group as your needs change. The change in group membership automatically takes effect everywhere. You can also use these groups as e-mail distribution lists.

  • Distribution - Distribution groups are intended to be used solely as email distribution lists. These lists are for use with email applications such as Microsoft Exchange or Outlook. You can add and remove contacts from the list so that they will or will not receive email sent to the distribution group. You can't use distribution groups to assign permissions on any objects, and you can't use them to filter group policy settings.  

Group Scope

Text (Options)

No

Domainlocal

GROUPSCOPE="Global"

The scope of the Active Directory group to be created. Group scopes normally describe which type of users should be clubbed together in a way which is easy for their administration. The available options are:

  • Domain Local Group - Use this scope to grant permissions to domain resources that are located in the same domain in which you created the domain local group. Domain local groups can exist in all mixed, native and interim functional level of domains and forests. Domain local group memberships are not limited as you can add members as user accounts, universal and global groups from any domain.

  • Global Group - Users with similar function can be grouped under global scope and can be given permission to access a resource (like a printer or shared folder and files) available in local or another domain in same forest. In other words, Global groups can be used to grant permissions to gain access to resources which are located in any domain but in a single forest as their memberships are limited.

  • Universal Group Scope: (This option is available only when Distribution is selected in the Group Type parameter). These groups are precisely used for e-mail distribution and can be granted access to resources in all trusted domain as these groups can only be used as a security principal (security group type) in a windows 2000 native or windows server 2003 domain functional level domain.

Credentials Properties

Property

Type

Required

Default

Markup

Description

Username

Text

No

(Empty)

USERNAME="username"

The username of the Active Directory user.

NOTE: Leave the Username and Password fields blank in order to use the logon user's credentials. If only accessing Active Directory information, then any Domain user is valid. However, a Domain Administrator is required in order to modify an Active Directory user or group. We recommend using the credentials of a Domain Administrator for all AutoMate Active Directory actions.

Password

Text

No

(Empty)

PASSWORD="password"

The password of the Active Directory user.

NOTE: Leave the Username and Password fields blank in order to use the logon user's credentials. If only accessing Active Directory information, then any Domain user is valid. However, a Domain Administrator is required in order to modify an Active Directory user or group. We recommend using the credentials of a Domain Administrator for all AutoMate Active Directory actions.

Description Properties

The Description tab allows you to customize the text description of any step as it appears in the Task Builder's Steps Pane.

More on setting custom step description

Error Causes Properties

The Error Causes tab properties allows you to instruct a task step to react only to specific errors or ignore certain errors that should cause it to fail.

More on Error Causes properties

On Error Properties

The On Error tab properties lets you determine what the task should do if a particular step encounters an error as defined in the Error Causes properties.

More about On Error properties

Additional Notes

Expressions, Variables and Functions

All text fields allow the use of expressions such as variables, functions or AutoMate extended functions, which can be entered by surrounding the expression in percentage signs (example: %FileDateTime(myVar)% or %myVar%, %Left('Text',2)%). To help construct these expressions, you can open Expression Builder from these fields by clicking the Insert Expression (%) button or by pressing F2.

More on expressions

More on variables

More on function

More on extended functions
More on the expression builder

Example

NOTE: The code below can be copied and pasted directly into the Steps pane of the Task Builder.

 

Description: Create an Active Directory group of type "SECURITY" by the name of "administrator". The path of the new group's parent is "LDAP://servername.com".

<CREATEADGROUP LDAPPATH="LDAP://servername.com" USERNAME="administrator" PASSWORD="AM2LRnogx3fFdk=aME" GROUP="administrator" DISPLAYNAME="mycompany" DESCRIPTION="Local Security" GROUPTYPE="SECURITY" GROUPSCOPE="DOMAINLOCAL" />

↑ [Top of Page]