Active Directory - Modify group
Declaration
<AMACTIVEDIRECTORY ACTIVITY="modify_group" GROUP="text" ACTION="text (options)" LDAPPATH="text"><USER LDAP="text" /></AMACTIVEDIRECTORY>
Description
Allows an administrator to rename or delete an existing Active Directory group, as well as add users to, or delete users from a specific Active Directory group.
Practical usage
Can be used as a batch Active Directory administration tool to add multiple users to, or remove multiple users from an existing AD group. Also ideal for renaming or deleting an AD group.
Parameters
Group
Property | Type | Required | Default | Markup | Description |
---|---|---|---|---|---|
Path | Text | Yes | (Empty) | LDAPPATH="LDAP:// DC=netauto,DC=com" |
The
Lightweight Directory Access Protocol (LDAP) path of the Active
Directory group to modify. Clicking Select Group launches a standard Windows Active Directory dialog that allows for the selection of a group. |
Action | Text (Options) | Yes | Add User | ACTION="rename" | The
action to perform on the Active Directory group. The available
options are:
|
New Name | Text | Yes | (Empty) | NEWGROUPNAME="printer" | The new name of the Active Directory group. This parameter is only available if the Rename option is selected in the Action drop-down. |
User's LDAP Path | Text | Yes | (Empty) | LDAPPATH="LDAP:// DC=netauto,DC=com" |
Specifies the LDAP path of the Active Directory users to add/remove. Add a user by clicking the Add Users button. You can also add a user manually by entering the user's CN (Common Name) in the provided field and clicking theAddbutton. |
New user name | Text | Yes | User | NEWUSERNAME=Ronald | Specifies the name of the new Active Directory user to be created. This parameter is only available if the Rename option is selected from the Action drop-down. |
Credentials
Property | Type | Required | Default | Markup | Description |
---|---|---|---|---|---|
Authentication type | Text (options) | No | Default |
|
Specifies
the types of authentication used. The available options are:
|
Username | Text | No | (Empty) | USERNAME="username" | The
username context that this activity will execute under. Leave
the Username and Password parameters blank in
order to use the logon user's credentials NOTE: A Domain User has
permission to access Active Directory information. However, only
a Domain Administrator has permission to perform Active Directory
modifications. |
Password | Text | No | (Empty) | PASSWORD="password" | The password associated to the Username context that this activity will execute under. Leave the Username and Password parameters blank in order to use the logon user's credentials. |
Examples
- Copy and paste the sample AML code below directly into the Task Builder Steps Panel.
- To successfully run the sample code, update parameters containing user credentials, files, file paths, or other information specific to the task to match your environment.
Example 1
Rename Active Directory group at "LDAP://mycompany.com/CN=Guests,CN=Builtin,DC=mycompany,DC=com" to "GuestOne.'
<AMACTIVEDIRECTORY ACTIVITY="modify_group" AUTHTYPE="Secure" USERNAME="Administrator" PASSWORD="AM5UhSI/y/jhYSekvjxqgdOIcKnplDFimJ0AFHUJm4Kn50=aME" GROUP="LDAP://mycompany.com/CN=Guests,CN=Builtin,DC=mycompany,DC=com" ACTION="reanme" NEWGROUPNAME="GuestOne" />
Example 2
Delete Active Directory group at path "LDAP://mycompany.com/CN=Managers,CN=Users,DC=mycompany,DC=com."
<AMACTIVEDIRECTORY ACTIVITY="modify_group" AUTHTYPE="Secure" USERNAME="Administrator" PASSWORD="AM5FNus7PZ8YcidYT7Wbor+mQ7R3GbrGTBPxCsZfgdv3t8=aME" GROUP="LDAP://mycompany.com/CN=Managers,CN=Users,DC=mycompany,DC=com" ACTION="delete" />