4.4.6 Add a group to the Active Directory instance
Function
This plugin can add a group to the Active Directory instance of the specified server.
The required server is shown as follows:
- Execution-target server
This is a server on which this plugin runs. The Active Directory as instance described in the prerequisites must have been set up.
The scripts in this plugin perform the following processing:
- Execute the following command.
dsadd group
group-name (the value of the Windows.groupName property)
[-secgrp "no"] *1
-scope {l|g|u} *2
[-desc description] (the value of the Windows.description property)
[-memberof name-of-belonging-group] (the value of the Windows.memberOf property)
*1: This is set when "true" is specified to the Windows.isDistributionGroup property that defines whether to set a distribution group.
*2: Option value that corresponds to the value of the scope (the Windows.scope property).
For "local": "l"
For "global": "g"
For "universal": "u"
For details about the dsadd group command, refer to the descriptions in the Microsoft library.
Use situation
Use this plugin to add a group to the Active Directory instance.
Prerequisites
For the most recent information about the prerequisite products on the execution-target server, and supported OSs for the execution-target server, see the Release Notes.
In addition, the following OS and products use abbreviations. For the abbreviations of OS and products, see the "Preface".
Prerequisite products on the execution-target server:
(1) Active Directory domain service
(2) DNS server
Supported OSs for the execution-target server:
(1) Windows Server
Conditions for using the prerequisite products on the execution-target server:
None
Cautions
(1) Do not specify character strings that include a double quotation mark (") or a single quotation mark (') to properties of the plugin.
Execution privilege
(1) To access the execution-target server, the user must be a member of the Account Operators group of the Active Directory domain service, the Domain Admins group, or the Enterprise Admins group. If the user is not a member of such a group, the user must have an appropriate permission.
Version
02.00.01
Plug-in tags
Configure Active Directory,Windows,Active Directory
Plug-in name displayed in the task log
adAddGroup
Return code
0: Normal
12: Error (mistake by user) Invalid property
21: Error (environmental error) No command found (An error was detected in the component script.)
27: Error (Check with the task log regarding the error details.) Unidentified error
41: Error (error detected in the component) Property not entered (An error was detected in the component script.)
Property list
The following table lists the properties:
Property key |
Property name |
Description |
Default value |
I/O type |
Required |
---|---|---|---|---|---|
plugin.destinationHost |
Host name of the execution target server |
Specify the host name or IP address of the server on which this plugin will be executed. IPv6 addresses are not supported. |
-- |
Input |
R |
Windows.groupName |
Group identifier |
Specify the identifier of the group to be added in the format beginning with CN=. |
-- |
Input |
R |
Windows.isDistributionGroup |
Whether to set as a distribution group |
Specify true when setting the group to be added as a distribution group. If you do not specify true, the group is assumed to be a security group. |
-- |
Input |
O |
Windows.scope |
Scope |
Specify the scope of the group to be added. The specifiable value is local, global, or universal. global is assumed if this property is omitted. |
-- |
Input |
O |
Windows.description |
Description |
Specify the description of the group to be added. |
-- |
Input |
O |
Windows.memberOf |
Identifier of the belonging group |
Specify the identifier of the group to which the group to be added belongs in the format beginning with CN=. |
-- |
Input |
O |
common.returnValue |
Return value for the plugin |
The return value of this plugin stored. |
-- |
Output |
O |