Property Name

Description

Typical setting

Remarks

Domain

The domain in which to create the group.

%Domain%

Often the domain name is used in many different actions, and is determined and stored in a variable previous to the action ( e.g. %Domain%). The name of the domain can be either in DNS or NETBIOS style. (e.g. Tools4ever.com or TOOLS4EVER). For more information on how to specify the domain/OU/container in which the group is created, see the Remarks section below.

Organizational Unit-Container

The name of the Active Directory Organizational unit or other container in which to create the group.

 Users

Specify the path of the organizational unit (OU) or container relative to the domain. To specify OU's in OU's, use the full path relative to the domain, separated by slashes: OU/ChildOU/GrandChildOU. Examples: students or students/group1. For more information on how to specify the domain/OU/container in which the group is created, see the Remarks section below.

LDAP container

Optional: The LDAP name of the container in which to create the group.

Optionally specifies name of the Active Directory container in which the group is created directly by means of its LDAP name (Example: CN=users, DC=tools4ever,DC=com Example: OU=Group1, OU=Students, DC=tools4ever, DC=com)

This specification can be used instead of the Domain and Organizational Unit-Container properties of this action. If specified, the specified LDAP Container takes precedence, and the Domain And Organization Unit-Container properties are ignored. For more information on how to specify the domain/OU/container in which the group is created, see the Remarks section below.

Domain (controller)

Optional: The name of the domain controller or domain used to access the domain.

If this value is not specified, the application creates the account on a domain controller that is determined by Active Directory (serverless binding). If a domain controller is specified, the account is explicitly created on the specified controller (server binding). In both cases, Active Directory itself will replicate the account information to all domain controllers in the forest automatically as required.

Depending on the actual User Management Resource Administrator Script used, it may be necessary to specify a domain controller here. If an subsequent script action does an Active Directory query to obtain information of the newly created group, this query may occur before Active Directory has replicated the new information to other Domain Controllers. As a consequence, the query may fail to find the newly created group. When both actions however specify the same domain controller, the newly created group can be found.

Often a requery of Active Directory by subsequent actions for the newly created group can be prevented by using the Group Object that is created by this action in subsequent actions, instead of the name of the group.

CommonName

The CommonName is the name of the group. This name is most commonly used in user interfaces.

%GroupName%

In this action the CommonName and SAM-Account-Name will be the same by default. To change this, you should create an other variable for one of the settings.

SAM-Account-Name

The group name(Pre-Windows 2000) without the (NETBIOS) Domain name.

%GroupName%

This name is required, also in domains that use solely Active Directory domain controllers.

A SAM-Account-Name cannot be identical to any other user or group name on the domain being administered. It can contain up to 20 uppercase or lowercase characters, except for the following: " / \ [ ] : ; | = , + * < >. A SAM-Account-Name cannot consist solely of periods (.) or spaces.

Description

A text string, that will be shown in the Description field of the group in windows. The string can have any length.

Local group

When set to 'Yes' the created group will be a (domain) local group.

No

One of the three groups (local, global and universal), must be set to 'Yes'.

Global group

When set to 'Yes' the created group will be a global group.

No

One of the three groups (local, global and universal), must be set to 'Yes'.

Universal group

When set to 'Yes' the created group will be a universal group.

No

One of the three groups (local, global and universal), must be set to 'Yes'.

Security group

When set to 'Yes' the created group will be a security group. When set to 'No' a distribution group will be created.

No

No error if group already exists

When set to 'Yes' no error will be generated.

No 

Warning: when set to 'Yes' some errors are ignored and scripts may not be completed correctly.

Group Object

An internal data structure representing the group. this property will only give an output. this output can be used in other script actions.

This script action has an output variable (default: %GroupObject%). This variable can be used in other script actions.

Properties specified

Properties not specified

Example

Description

Domain
Organizational Unit-Container

LDAP container

Domain: TOOLS4EVER or tools4ever.com
Organizational Unit-Container: STUDENTS/GROUP1

This is most easy method to create groups in OU's. To create the group, User Management Resource Administrator will automatically compose the LDAP name of the container to create the group.

Domain

LDAP container
Organizational Unit-Container

TOOLS4EVER or tools4ever.com

Use this method only, to create groups in the domain root. No OU is involved.

LDAP container

Domain
Organizational Unit-Container

OU=Group1, OU=Students, DC=tools4ever, DC=com

Use this method if you want to specify the OU directory using the LDAP format. If this property is specified, the Domain and Organizational Unit-Container properties are ignored.