Create Active Directory Group

Creates a new Active Directory Group in the specified parent container. Groups are Active Directory (or local computer) objects that can contain users, contacts, computers, and other groups that can be managed as a single unit. Often used to create an Active Directory Group in which to add group members to. Users and computers that belong to a particular group are referred to as group members.

Declaration

<CREATEADGROUP LDAPPATH="text" USERNAME="text" PASSWORD="text" GROUP="text" DISPLAYNAME="text" DESCRIPTION="text" GROUPTYPE="text(options)" GROUPSCOPE=""text(options)" />

Example

Description: Create an Active Directory group of type "SECURITY" by the name of "administrator". The path of the new group's parent is "LDAP://servername.com".

<CREATEADGROUP LDAPPATH="LDAP://servername.com" USERNAME="administrator" PASSWORD="AM2LRnogx3fFdk=aME" GROUP="administrator" DISPLAYNAME="mycompany" DESCRIPTION="Local Security" GROUPTYPE="SECURITY" GROUPSCOPE="DOMAINLOCAL" />

See Also

AD Object to Dataset, Create AD Object, Create AD User, Delete AD Object, Get AD Group Members, Get AD Object Path, Get AD Object Property, If AD Object Exists, List AD Object Paths, Modify AD Group, Modify AD User, Move AD Object, Rename AD Object, Set AD Object Property

In order to properly use AWE's Active Directory actions, you should have a basic understanding of Active Directory and related components (e.g., domain controllers, trust relationships, forests, OUs, LDAPs, etc.) Also, to ensure that these actions function appropriately, the target system must be part of a domain.

General Tab

Property

Type

Required

Default

Markup

Description

Parent Path

Text

Yes

(Empty)

LDAPPATH=

"LDAP://DC=netauto,DC=com"

The Lightweight Directory Access Protocol (LDAP) path of the parent Active Directory container. This is usually the top most container or rootDSE path, the root of the directory data tree on a directory server.

Click Select Container to launch a standard Windows Active Directory dialog box that allows for the selection an Active Directory container.

Name

Text

Yes

(Empty)

GROUP="Group1"

The name of the Active Directory group to be created.

Display Name

Text

Yes

(Empty)

DISPLAYNAME="Developers"

The display name of the Active Directory group to be created.

Description

Text

Yes

(Empty)

DESCRIPTION=

"Automate Developers"

A description of the Active Directory group to be created.

Group Type

Text (Options)

No

Security

GROUPTYPE="Distribution"

The type of Active Directory group to be created. Sending an e-mail message to a group sends the message to all members of the group. The available options are:

  • Security - Security groups allow you to manage user and computer access to shared resources. You can also control who receives group policy settings. This simplifies administration by allowing you to set permissions once on multiple computers, then to change the membership of the group as your needs change. The change in group membership automatically takes effect everywhere. You can also use these groups as e-mail distribution lists.

  • Distribution - Distribution groups are intended to be used solely as email distribution lists. These lists are for use with email applications such as Microsoft Exchange or Outlook. You can add and remove contacts from the list so that they will or will not receive email sent to the distribution group. You can't use distribution groups to assign permissions on any objects, and you can't use them to filter group policy settings.

Group Scope

Text (Options)

No

Domainlocal

GROUPSCOPE="Global"

The scope of the Active Directory group to be created. Group scopes normally describe which type of users should be clubbed together in a way which is easy for their administration. The available options are:

  • Domain Local Group - Use this scope to grant permissions to domain resources that are located in the same domain in which you created the domain local group. Domain local groups can exist in all mixed, native and interim functional level of domains and forests. Domain local group memberships are not limited as you can add members as user accounts, universal and global groups from any domain.

  • Global Group - Users with similar function can be grouped under global scope and can be given permission to access a resource (like a printer or shared folder and files) available in local or another domain in same forest. In other words, Global groups can be used to grant permissions to gain access to resources which are located in any domain but in a single forest as their memberships are limited.

  • Universal Group Scope: (This option is available only when Distribution is selected in the Group Type parameter). These groups are precisely used for e-mail distribution and can be granted access to resources in all trusted domain as these groups can only be used as a security principal (security group type) in a windows 2000 native or windows server 2003 domain functional level domain.

Credentials Tab

Property

Type

Required

Default

Markup

Description

Username

Text

No

(Empty)

USERNAME="username"

The username of the Active Directory user.

NOTE: Leave the Username and Password fields blank in order to use the logon user's credentials. If only accessing Active Directory information, then any Domain user is valid. However, a Domain Administrator is required in order to modify an Active Directory user or group. We recommend using the credentials of a Domain Administrator for all Active Directory actions.

Password

Text

No

(Empty)

PASSWORD="password"

The password of the Active Directory user.

NOTE: Leave the Username and Password fields blank in order to use the logon user's credentials. If only accessing Active Directory information, then any Domain user is valid. However, a Domain Administrator is required in order to modify an Active Directory user or group. We recommend using the credentials of a Domain Administrator for all Active Directory actions.

Description Tab

The Description tab allows you to customize the text description of any step as it appears in the Task Builder's Steps Pane.

More on setting custom step description

Error Causes Tab

The Error Causes tab properties allow you to instruct a task step to react only to specific errors or ignore certain errors that should cause it to fail.

More on Error Causes properties

On Error Tab

The On Error tab properties lets you determine what the task should do if a particular step encounters an error as defined in the Error Causes properties.

More about On Error properties

Expressions, Variables and Functions

All text fields allow the use of expressions such as variables, functions or extended functions, which can be entered by surrounding the expression in percentage signs (example: %FileDateTime(myVar)% or %myVar%, % Left('Text',2)%). To help construct these expressions, you can open Expression Builder from these fields by clicking the percent sign (%) or by pressing F2.

More on expressions

More on variables

More on function

More on extended functions

More on the expression builder