Allows an administrator to rename or delete an existing Active Directory group, as well as add users to, or delete users from a specific Active Directory group. Can be used as a batch Active Directory administration tool to add multiple users to, or remove multiple users from an existing AD group. Also ideal for renaming or deleting an AD group.
Declaration
<AMMODIFYADGROUP LDAP="text" ACTION="text [options]" GROUP="text"
User LDAP="text" NEWUSERNAME "text" NEWUSERPASSWORD "text" USERNAME="text" PASSWORD="text"/>
Example
Example 1 - Rename Active Directory group at "LDAP://mycompany.com/CN=Guests,CN=Builtin,DC=mycompany,DC=com" to "GuestOne'.
<AMMODIFYADGROUP GROUP="LDAP://mycompany.com/CN=Guests,CN=Builtin,DC=mycompany,DC=com" ACTION="RENAME" NEWGROUPNAME="GuestOne" />
Example 2 - Delete Active Directory group at path "LDAP://mycompany.com/CN=Managers,CN=Users,DC=mycompany,DC=com".
<AMMODIFYADGROUP GROUP="LDAP://mycompany.com/CN=Managers,CN=Users,DC=mycompany,DC=com" ACTION="DELETE" />
AD Object to Dataset, Create AD Group, Create AD Object, Create AD User, Delete AD Object, Get AD Group Members, Get AD Object Path, Get AD Object Property, If AD Object Exists, List AD Object Paths, Modify AD User, Move AD Object, Rename AD Object, Set AD Object Property
|
|
To properly use AWE's Active Directory actions, you should have a basic understanding of Active Directory and related components (e.g., domain controllers, trust relationships, forests, OUs, LDAPs, etc.) Also, to ensure that these actions function appropriately, the target system must be part of a domain. |
|
Property |
Type |
Required |
Default |
Markup |
Description |
|
Path |
Text |
Yes |
(Empty) |
LDAPPATH= "LDAP://DC=netauto,DC=com" |
The Lightweight Directory Access Protocol (LDAP) path of the Active Directory group to modify. Clicking Select Group launches a standard Windows Active Directory dialog box that allows for the selection of a group. |
|
Action |
Text (Options) |
Yes |
AddUser |
ACTION="rename" |
The action to perform on the Active Directory group. The available options are:
|
|
New Name |
Text |
No |
(Empty) |
NEWGROUPNAME="printer" |
The new name of the Active Directory group. This parameter is only available if the Rename option is selected in the Action drop-down. |
NOTE: This option is only available if the Add user(s) or Remove user(s) option is selected in the Action drop-down.
|
Property |
Type |
Required |
Default |
Markup |
Description |
|
User's LDAP Path |
Text |
Yes |
(Empty) |
LDAPPATH= "LDAP://DC=netauto,DC=com" |
Specifies the LDAP path of the Active Directory user(s) to add/remove. Add a user by clicking Add User(s). You can also add a user manually by entering the user's CN (Common Name) in the provided field and clicking Add. |
|
New user name |
Text (Options) |
Yes |
User |
NEWUSERNAME="Ronald" |
Specifies the name of the new Active Directory user to be created. This parameter is only available if the Rename option is selected from the Action drop-down. |
|
New Password |
Text |
No |
(Empty) |
NEWPASSWORD="password" |
Specifies the password of the new Active Directory user to be created. This parameter is only available if the Rename option is selected from the Action drop-down. |
|
Property |
Type |
Required |
Default |
Markup |
Description |
|
Username |
Text |
No |
(Empty) |
USERNAME="username" |
Specifies the username of the Active Directory user. NOTE: Leave the Username and Password fields blank in order to use the logon user's credentials. If only accessing Active Directory information, then any Domain user is valid. However, a Domain Administrator is required in order to modify an Active Directory user or group. We recommend using the credentials of a Domain Administrator for all Active Directory actions. |
|
Password |
Text |
No |
(Empty) |
PASSWORD="password" |
Specifies the password of the Active Directory user. NOTE: Leave the Username and Password fields blank in order to use the logon user's credentials. If only accessing Active Directory information, then any Domain user is valid. However, a Domain Administrator is required in order to modify an Active Directory user or group. We recommend using the credentials of a Domain Administrator for all Active Directory actions |
|
Root LDAP to search user Common Name (CN) |
Text |
No |
(Empty) |
LDAP= "LDAP://DC=netauto,DC=com" |
The root LDAP path to search for the Active Directory user(s) CN (Common Name). |
The Description tab allows you to customize the text description of any step as it appears in the Task Builder's Steps Pane.
More on setting custom step description
The Error Causes tab properties allow you to instruct a task step to react only to specific errors or ignore certain errors that should cause it to fail.
More on Error Causes properties
The On Error tab properties lets you determine what the task should do if a particular step encounters an error as defined in the Error Causes properties.
More about On Error properties
All text fields allow the use of expressions such as variables, functions or extended functions, which can be entered by surrounding the expression in percentage signs (example: %FileDateTime(myVar)% or %myVar%, % Left('Text',2)%). To help construct these expressions, you can open Expression Builder from these fields by clicking the percent sign (%) or by pressing F2.
