Create Active Directory Group Action
<CREATEADGROUP LDAPPATH="text" GROUP="text" DISPLAYNAME="text" DESCRIPTION="text" GROUPTYPE="text [options]" GROUPSCOPE="text [options]" USERNAME="text" PASSWORD="text"/>
Creates a new Active Directory Group in the specified parent container.
Specifies the LDAP (Lightweight Directory Access Protocol) path of the parent Active Directory container. This is usually the top most container or rootDSE path, the root of the directory data tree on a directory server.
Click the Select Container button to launch a standard Windows Active Directory dialog box that allows for the selection an Active Directory container.
Specifies the name of the Active Directory group to be created.
Specifies the display name of the Active Directory group to be created.
Specifies a description of the Active Directory group to be created.
Specifies the type of the Active Directory group to be created.
The available drop-down list options are:
Security: Use Security groups for granting permissions to gain access to resources. Sending an e-mail message to a group sends the message to all members of the group. Therefore, security groups share the capabilities of distribution groups.
Distribution: Use Distribution groups to send e-main messages to groups of users. You cannot grant permissions to security groups. Even though security groups have all the capabilities of distribution groups, distribution groups still requires, because some applications can only read distribution groups.
Specifies the scope of the Active Directory group to be created. Group scopes normally describe which type of users should be clubbed together in a way which is easy for their administration. Therefore, in domain, groups play an important part. One group can be a member of other group(s) which is normally known as Group nesting. One or more groups can be member of any group in the entire domain(s) within a forest.
The available drop-down list options are:
Domain Local Group: Use this scope to grant permissions to domain resources that are located in the same domain in which you created the domain local group. Domain local groups can exist in all mixed, native and interim functional level of domains and forests. Domain local group memberships are not limited as you can add members as user accounts, universal and global groups from any domain. Just to remember, nesting cannot be done in domain local group. A domain local group will not be a member of another Domain Local or any other groups in the same domain.
Global Group: Users with similar function can be grouped under global scope and can be given permission to access a resource (like a printer or shared folder and files) available in local or another domain in same forest. To say in simple words, Global groups can be use to grant permissions to gain access to resources which are located in any domain but in a single forest as their memberships are limited. User accounts and global groups can be added only from the domain in which global group is created. Nesting is possible in Global groups within other groups as you can add a global group into another global group from any domain. Finally to provide permission to domain specific resources (like printers and published folder), they can be members of a Domain Local group. Global groups exist in all mixed, native and interim functional level of domains and forests.
Universal Group Scope: (This option is available only when Distribution is selected in the Group Type parameter). These groups are precisely used for e-mail distribution and can be granted access to resources in all trusted domain as these groups can only be used as a security principal (security group type) in a windows 2000 native or windows server 2003 domain functional level domain. Universal group memberships are not limited like global groups. All domain user accounts and groups can be a member of universal group. Universal groups can be nested under a global or Domain Local group in any domain.
See the following link for more details:
Specifies the username of the Active Directory User
Specifies the password of the Active Directory User
NOTE: Leave the Username and Password fields blank in order to use the logon user's credentials. If only accessing Active Directory information, then any Domain user is valid. However, a Domain Administrator is required in order to modify an Active Directory user or group. We recommend using the credentials of a Domain Administrator for all AutoMate Active Directory actions.
See the following link for more information.
This action includes the Description tab for entering a custom step description.
More on setting custom step description
This action also includes the standard Error Causes and On Error failure handling options/tabs.
More on Error Handling Options
All text fields allow the use of expressions, which can be entered by surrounding the expression in percentage signs (example: %MYVARIABLE%, %Left('Text',2)%). To help construct these expressions, you can open Expression Builder from these fields by pressing F2.
More on variables
More on expressions
More on the expression builder
<CREATEADGROUP LDAPPATH="LDAP://servtest.com" USERNAME="administrator" PASSWORD="password" GROUP="BPA" DISPLAYNAME="BPA" DESCRIPTION="Business Process Automateion" GROUPTYPE="SECURITY" GROUPSCOPE="DOMAINLOCAL" />