Active Directory Group Create Version 2

This handler will use the server information and user credentials configured in the task info values to authenticate and connect to the specified Active Directory server (using LDAP) and create a group entry.

In order to build up the Distinguished Name (a unique identifier for the active directory user entry), the handler uses a template specified as a task info value.

The following entry attributes are set once the user entry is created:

  • Direct Mappings

    • name => Group Name
    • mail => Email Address
    • description => Description
    • info => Notes
  • Computed Mappings

    • grouptype => Numerical representation of the group scope and type.
  • Special Attributes

    • objectclass => [top,group]

Task Info Configuration

  • dn_format - This value is used to specify the distinguished name of the Active Directory group entry to be created. Anything within curly braces {} will be replaced with the value of the entry attribute or task info value associated with that key. For example, the default format is 'CN={displayname},CN=Users,{base}'. In this case {displayname} is replaced with the displayname attribute value and {base} is replaced with the value of the 'base' task info value. A full list of available entry attributes is available above. If you use organizational units they can be substituted into the distinguished name in this manner.

Parameters

Name Description
Group Name The name of the group to be created
Description The description of this group
Email Address The Email Address for this group. Active Directory can be configured so that all members of a group are notified when the group receives an Email.
Group Scope Security groups or distribution groups are characterized by a scope that identifies how they are applied in the domain tree or forest. There are three group scopes: universal, global, and domain local.
Group Type There are two group types, security and distribution. Security groups allow you to manage user and computer access to shared resources. Distribution groups are intended to be used solely as email distribution lists.
Notes Additional information about the group

Sample Configuration

Name Description
Group Name <%=@results['New Group Name']%>
Description Allows access to the accounting resources
Email Address Accounting@company.com
Group Scope Global
Group Type Security
Notes <%=@results['Notes']%>

Results

Name Description
Distinguished Name CN=Accounting,CN=Users,DC=kineticdata,DC=com

Changelog

Active Directory Group Create V1 (2011-01-24)

  • Initial version. See README for details.

Active Directory Group Create V2 (2014-08-05)

  • Changed the password info value to be encrypted.


Related Handlers

Active Directory Computer Remove Groups
Finds a user in active directory by Distinguished Name (Computer Name) and adds the computer as a member to one or more groups.
Active Directory Distribution List Member Retrieve
Finds a Distribution List in active directory by Distinguished Name, or Email Address and returns a comma delimited list of immediate members (e-mail addresses)
Active Directory User Add Groups
Finds a user in active directory by Distinguished Name, Full Name, Email Address, or User Logon and adds the user as a member to one or more groups.
Active Directory User Change Attribute
Finds a user in active directory by Distinguished Name, Full Name, Email Address, or User Name and changes the specified LDAP attribute.
Active Directory User Create
Creates an Active Directory user entry and uses the provided parameter values to specify common user attributes.
Active Directory User Disable
Finds a user in active directory by Distinguished Name, Full Name, Email Address, or User Name and disables the user's account.
Active Directory User Enable
Finds a user in active directory by Distinguished Name, Full Name, Email Address, or User Name and enables the user's account.
Active Directory User Expire Password
Finds a user in active directory by Distinguished Name, Full Name, Email Address, or User Name and sets the password to expired, requiring the user to change it.
Active Directory User Permanent Password
Finds a user in active directory by Distinguished Name, Full Name, Email Address, or User Name and sets the 'password never expires' flag.
Active Directory User Remove Groups
Finds a user in active directory by Distinguished Name, Full Name, Email Address, or User Logon and remove that user as a member from one or more groups.
Active Directory User Retrieve
Finds a user in active directory by Distinguished Name, Full Name, Email Address, or User Name and returns a predefined set of attributes to include the Distinguished Name(dn).
Active Directory User Temporal Password
Finds a user in active directory by Distinguished Name, Full Name, Email Address, or User Name and sets the 'password never expires' flag.