home
about us
forum
testimonials
sitemap
 
 
PREV
NEXT
  

User Management Resource Administrator


Online Manual: "User Management Resource Adminstrator"
Go to: User Management Resource Administrator homepage

Script Action: Set User Group Memberships (AD)

Function

Make an Active Directory user account a member of specified Active Directory universal, domain global or domain local groups. The groups can be either security or distribution groups.

Deployment

This action is typically used in a script that is intended to create new users in Active Directory, after creation of the actual user account with Script Action: Create User (AD) . It can also be used for modifying existing accounts.

The groups can be specified by two properties using LDAP names (property: Group names (LDAP)) and pre-Windows 2000 names (property: Group names (Pre-W2K name)). For both properties, the LDAP name is used to add the user account to the group. For property Group names (Pre-W2K name) the LDAP name is searched for in Active Directory. If the group names are known in advance and there is no need to use variables in the specification of the group names, it is recommended to use property Group names (LDAP) to specify the names of the groups. In case you want to use pre-Windows 2000 names and variables, it is more convenient to use property Group names (Pre-W2K name). This property contains a list with the pre-Windows 2000 names of the groups. The entries of the list can be a single group name or a variable containing one or more group names specified as a text list. When the action is executed, the application will search in Active Directory to find the LDAP name of the group. The method used to access Active Directory is determined by the syntax used to specify the group name:

Syntax

Example

Description

GroupName

Administrators

The Active Directory path of the %UserObject% property is used to access Active Directory.

Domain\GroupName

SEASONS\Administrators

The application accesses Active Directory through the domain: LDAP://Domain

\\Server\GroupName

\\SPRING\Administrators

The application accesses Active Directory by accessing the server: LDAP://Server

Note that for each item of the list a different syntax can be used.

A common scenario to specify a number of groups using variables is as follows:

  1. A number of Set variable script actions are used to initialize multiple variables, each containing a number of groups: %GroupSetA%, %GroupSetB%, %GroupSetC% etc. See Data specification - Text list for more information.

  2. The map variable script actions copies the content of one of these variables into the resulting variable %GroupSet%. The mapping is somehow determined by the content of the input data.

  3. The Group names (Pre-W2K name) property contains a single entry: %GroupSet%

The mapping performed in step 2 determines the groups of which the user account becomes a member.

Properties

Property Name

Description

Typical setting

Remarks

User Object

Internal application object representing the user account that must be made a member of specified groups.

%UserObject%

The User Object must always be specified as a variable. This variable must have been set by a previous script action, e.g. the script action Create user (AD) will by default fill the variable %UserObject% with the User Object of the just created user.

Group names (LDAP)

The names of the groups of which the user account must become a member. Each group name is specified by 2 text strings: A display name and the LDAP name. The display string has the easy readable format Domain/GroupName, for instance: TOOLS4EVER/Users. The LDAP name is the name of the group in Active Directory. The LDAP name is used by the application to add the user to the group.

LDAP group names specified by means of a special dialog

The property is list with text pairs. Each pair represents a single group. The pair items are the display name and the LDAP name of the group,

Group names (Pre-W2K name)

The names of the groups of which the user account must become a member. Each group name is specified by its pre-Windows 2000 name. This name corresponds with the Windows NT naming style. The application will first search for the full LDAP-name of the group. See the on-line help for more information.

Pre-Windows 2000 group names

The property is a list. The list contains the pre-Windows 2000 names of the groups. The name can be specified using the following syntax: DOMAIN\GroupName, \\SERVER\GroupName, GroupName. See the Deployment section for more information.

 

More information:
Principle of operation
Project operations - Input data
Project operations - Manage script actions
Project operations - Variables
Help on help

 


Tools4ever User Forum
Topic namePosterRepliesTime
"Confirm delete" button?Andresg114/05/08
Name generation algorithmRalph311/05/08
Check Input Fields doesn\'t work without proper Form Propertyebrodeur109/05/08
Using UMRA to manage SpaceGuard SRMebrodeur209/05/08
Form example project for Groups in Windos Active Directoryebrodeur709/05/08
How to automatically install Forms onlyAndresg102/05/08
Copying individual Filesdvojack230/04/08
Feature Request: Http click throughSimonR117/04/08
License Question / Or bug?allen130/03/08
Exception error 123Ralph228/03/08

Home | Products | Support | Pricing | Download | Press | About Us | Contact | Sitemap
QUICK LINKS: Mass / Bulk Import Software | Network Monitoring Software | Disk Quota Management
QUICK LINKS: User and Active Directory Management | Remote Desktop Control | Free Software