4.4.5 Changing the group attribute in the Active Directory
Function
This plug-in changes the group attribute for the Active Directory of the specified server.
The prerequisite server for this plug-in is as follows:
- Execution target server
This server is used as the target for executing this plug-in. The Active Directory shown in the Prerequisite condition needs to be set up beforehand.
Scripts in this plug-in perform the following processing:
- Execution of the following command
dsmod group
"value-of-group-identifier(Windows.groupName-property)"
[-secgrp {yes|no}]*1
[-scope {l|g|u}]*2
[-desc "value-of-explanation(Windows.description-property)"]
Note 1: If you specify "true" for Necessity for security group settings (Windows.isSecurityGroup property), "yes" is set. If you specify "false", "no" is set. If you specify a value other than the above, this option is omitted.
Note 2: The option value corresponding to the scope (Windows.scope property) value is set.
For "local": "l"
For "global": "g"
For "universal": "u"
For details of the dsmod group command, see the relevant sections in the Microsoft library.
Use situation
This plug-in is used to change the group attribute in the Active Directory.
Prerequisites
For the latest support status of the following items, see the Release notes: Prerequisite products on the execution target server, and running OS on the execution target server.
In addition, the following OS and products use abbreviations. For the abbreviations of OS and products, see the "Preface".
Prerequisite products on the execution target server:
(1) Active Directory domain service
(2) DNS server
Running OS on the execution target server:
(1) Windows Server
Conditions of using prerequisite products on the execution target server:
None
Cautions
(1) Do not use a character string containing a double quotation mark (") or a single quotation mark (') in a plug-in property.
(2) If you specify no value for the plug-in property, the attribute value corresponding to the plug-in property does not change.
Execution privilege
(1) When connecting to the execution server, the user needs to be a member of the Account Operators group, Domain Admins group, or Enterprise Admins group of the Active Directory domain service; and have proper authority.
Version
02.00.01
Plug-in tags
Configure Active Directory,Windows,Active Directory
Plug-in name displayed in the task log
adChangeGroupAttribute
Return code
0: Normal
12: Abnormal (user mistake), illegal property
21: Abnormal (illegal environment), command unfound (error detected in plug-in script)
27: Abnormal (Check the error details from the task log.)
41: Abnormal (error detected within the plug-in), property not entered (error detected in the plug-in script)
Property list
The following table lists the properties:
|
Property key |
Property name |
Description |
Default value |
I/O type |
Required |
|---|---|---|---|---|---|
|
plugin.destinationHost |
Host name of the execution target server |
Specify the host name or IP address of the server on which this plugin will be executed. IPv6 addresses are not supported. |
-- |
Input |
R |
|
Windows.groupName |
Group identifier |
Specify an identifier of the group for which you want to change attributes, in a format beginning with CN=. |
-- |
Input |
R |
|
Windows.isSecurityGroup |
Necessity for security group settings |
To use the group as a security group, specify "true". To use the group as a distribution group, specify "false". |
-- |
Input |
O |
|
Windows.scope |
Scope |
Specify a scope for the group. Specifiable values include "local", "global", and "universal". |
-- |
Input |
O |
|
Windows.description |
Explanation |
Specify an explanation of the group after the change. |
-- |
Input |
O |
|
common.returnValue |
Return value for the plugin |
The return value of this plugin stored. |
-- |
Output |
O |