Difference between revisions of "Active Directory Group Management"
Jump to navigation
Jump to search
(→Create) |
|||
| Line 8: | Line 8: | ||
:* [[Hornbill_KeySafe|KeySafe]] | :* [[Hornbill_KeySafe|KeySafe]] | ||
}} | }} | ||
| + | |||
| + | :{| | ||
| + | |- valign="top" | ||
| + | |style="width:300px"| | ||
| + | :* Create Group | ||
| + | :* Add Computer | ||
| + | :* Add Group | ||
| + | :* Add User | ||
| + | |style="width:300px"| | ||
| + | :* Delete Group | ||
| + | :* Remove Computer | ||
| + | :* Remove Group | ||
| + | :* Remove User | ||
| + | |} | ||
==Target Environment Requirements== | ==Target Environment Requirements== | ||
Revision as of 15:42, 28 May 2020
| Home > Administration > IT Operations Management > ITOM Package Library > Active Directory Group Management | Index |
IntroductionThe Active Directory Group Management package for Hornbill's IT Operations Management (ITOM) contains a number of administrative operations that can be carried out on Group objects within your behind-the-firewall Active Directory domains. |
|
- Create Group
- Add Computer
- Add Group
- Add User
- Delete Group
- Remove Computer
- Remove Group
- Remove User
Target Environment Requirements
Domain Requirements
The Active Directory domain that you wish to manage requires an Active Directory Web Services to be present. See the ADWS Documentation for more information.
Script Execution Machine Requirements
- The Active Directory PowerShell module needs to installed on the machine that will be executing the scripts (the correct Remote Server Administration Tools (RSAT) package for your OS);
- If the script execution policy on the machine executing these operations is set to Restricted, then this will need to be updated to something less restrictive. See the PowerShell Documentation for more information.
KeySafe Configuration
When creating SIS jobs for operations contained within this package, they need to be run on the target machine as a user who has the correct privileges within your environment.
To create and securely store one or more Keys for these operations, in the admin console:
- Navigate to: System > Security > KeySafe;
- Click on + then select
Username + Password; - Give the KeySafe Key a Title (this is the name/identifier for the AD account as you will see it when creating an IT Automation Job, or adding an IT Automation node to a Business Process or Runbook);
- Optionally add a description;
- Populate the Username field with the domain username for the account being used (
DOMAINNAME\yourusernamefor example); - Populate the Password field with the password for the above account;
- Select Create Key to save.
Once you have created your KeySafe Key, you can then use it when creating IT Automation Jobs from this package. See screenshots to the right for examples.
Package Operations
The Active Directory Group Management package contains the following operations, than can be used to create ITOM Jobs directly, or included in your Business Processes and/or IT Operations Management Rubooks.
Add Computer
This operation can be used to add a Computer object to an Active Directory Group.
Extra Credentials
None required.
Input Parameters
MemberIdentity(MANDATORY) - Provide the Identity of the Member Computer (distinguished, objectGUID, objectSid or sAMAccountName)GroupIdentity(MANDATORY) - Provide the Identity of the Group (distinguished, objectGUID, objectSid or sAMAccountName)MemberServer- Optionally provide the Active Directory Domain Services instance to connect to to return the ComputerGroupServer- Optionally provide the Active Directory Domain Services instance to connect to to return the Group
Output Parameters
Errors- Any errors returned by the operation.Outcome- Outcome of the operation. Can be OK or FAIL.
Add Group
This operation can be used to add a Group object to an Active Directory Group.
Extra Credentials
None required.
Input Parameters
MemberIdentity(MANDATORY) - Provide the Identity of the Member Group (distinguished, objectGUID, objectSid or sAMAccountName)GroupIdentity(MANDATORY) - Provide the Identity of the Group (distinguished, objectGUID, objectSid or sAMAccountName)MemberServer- Optionally provide the Active Directory Domain Services instance to connect to to return the GroupGroupServer- Optionally provide the Active Directory Domain Services instance to connect to to return the Group
Output Parameters
Errors- Any errors returned by the operation.Outcome- Outcome of the operation. Can be OK or FAIL.
Add User
This operation can be used to add a User object to an Active Directory Group.
Extra Credentials
None required.
Input Parameters
MemberIdentity(MANDATORY) - Provide the Identity of the Member User (distinguished, objectGUID, objectSid or sAMAccountName)GroupIdentity(MANDATORY) - Provide the Identity of the Group (distinguished, objectGUID, objectSid or sAMAccountName)MemberServer- Optionally provide the Active Directory Domain Services instance to connect to to return the UserGroupServer- Optionally provide the Active Directory Domain Services instance to connect to to return the Group
Output Parameters
Errors- Any errors returned by the operation.Outcome- Outcome of the operation. Can be OK or FAIL.
Remove Computer
This operation can be used to remove a Computer object from an Active Directory Group.
Extra Credentials
None required.
Input Parameters
MemberIdentity(MANDATORY) - Provide the Identity of the Member Computer (distinguished, objectGUID, objectSid or sAMAccountName)GroupIdentity(MANDATORY) - Provide the Identity of the Group (distinguished, objectGUID, objectSid or sAMAccountName)MemberServer- Optionally provide the Active Directory Domain Services instance to connect to to return the ComputerGroupServer- Optionally provide the Active Directory Domain Services instance to connect to to return the Group
Output Parameters
Errors- Any errors returned by the operation.Outcome- Outcome of the operation. Can be OK or FAIL.
Remove Group
This operation can be used to remove a Group object from an Active Directory Group.
Extra Credentials
None required.
Input Parameters
MemberIdentity(MANDATORY) - Provide the Identity of the Member Group (distinguished, objectGUID, objectSid or sAMAccountName)GroupIdentity(MANDATORY) - Provide the Identity of the Parent Group (distinguished, objectGUID, objectSid or sAMAccountName)MemberServer- Optionally provide the Active Directory Domain Services instance to connect to to return the Member GroupGroupServer- Optionally provide the Active Directory Domain Services instance to connect to to return the Parent Group
Output Parameters
Errors- Any errors returned by the operation.Outcome- Outcome of the operation. Can be OK or FAIL.
Remove User
This operation can be used to remove a User object from an Active Directory Group.
Extra Credentials
None required.
Input Parameters
MemberIdentity(MANDATORY) - Provide the Identity of the Member User (distinguished, objectGUID, objectSid or sAMAccountName)GroupIdentity(MANDATORY) - Provide the Identity of the Group (distinguished, objectGUID, objectSid or sAMAccountName)MemberServer- Optionally provide the Active Directory Domain Services instance to connect to to return the UserGroupServer- Optionally provide the Active Directory Domain Services instance to connect to to return the Group
Output Parameters
Errors- Any errors returned by the operation.Outcome- Outcome of the operation. Can be OK or FAIL.
Create Group
This operation can be used to create a new Active Directory Group.
Extra Credentials
None required.
Input Parameters
Name(MANDATORY) - The name of the Group object. must be unique within your Active Directory.SamAccountName(MANDATORY) - The sAMAccountName of the Group object. Must be unique within your Active Directory.Path(MANDATORY) - The distinguished name of the OU/Container where you wish to create the Group.GroupCategory(MANDATORY) - Can be either Distribution or SecurityGroupScope(MANDATORY) - Can be DomainLocal, Global or UniversalDisplayName- The displayName of the Group object.Description- The description of the Group object.HomePage- Specifies the URL of the home page of the object.ManagedBy- Specifies the user or group that manages the object by providing one of the following property values:
- A distinguished name
- A GUID (objectGUID)
- A security identifier (objectSid)
- SAM account name (sAMAccountName)
Server- The Active Directory Domain Services instance to perform the operation against, specified in one of the following ways:
- Domain name values:
- Fully qualified domain name
- NetBIOS name
- Directory server values:
- Fully qualified directory server name
- NetBIOS name
- Fully qualified directory server name and port
Mail- The email address of the Group object.
Output Parameters
Errors- Any errors returned by the operation.Outcome- Outcome of the operation. Can be OK or FAIL.distingiuishedName- The Distinguished Name of the new Group.objectGUID- the Object GUID of the new Group.sid- the SID of the new Group.
Delete
This operation can be used to delete an Active Directory Group.
Extra Credentials
None required.
Input Parameters
GroupIdentity(MANDATORY) - Provide the Identity of the Group (distinguished, objectGUID, objectSid or sAMAccountName)Server- The Active Directory Domain Services instance to perform the operation against, specified in one of the following ways:
- Domain name values:
- Fully qualified domain name
- NetBIOS name
- Directory server values:
- Fully qualified directory server name
- NetBIOS name
- Fully qualified directory server name and port
Output Parameters
Errors- Any errors returned by the operation.Outcome- Outcome of the operation. Can be OK or FAIL.