Difference between revisions of "Active Directory Group Management"
Line 54: | Line 54: | ||
==Package Operations== | ==Package Operations== | ||
The Active Directory Group Management package contains the following operations, used to create ITOM Jobs directly, or included in your [[Business_Process_Designer|Business Processes]] and also IT Operations Management Runbooks. | The Active Directory Group Management package contains the following operations, used to create ITOM Jobs directly, or included in your [[Business_Process_Designer|Business Processes]] and also IT Operations Management Runbooks. | ||
− | + | <div class="mw-collapsible mw-collapsed" data-collapsetext="Show Less" data-expandtext="Read More" style="width:1050px"> | |
===Add Computer=== | ===Add Computer=== | ||
− | + | <div class="mw-collapsible-content"> | |
This operation adds a Computer object to an Active Directory Group. | This operation adds a Computer object to an Active Directory Group. | ||
Line 74: | Line 74: | ||
* <code>Errors</code> - Any errors returned by the operation. | * <code>Errors</code> - Any errors returned by the operation. | ||
* <code>Outcome</code> - Outcome of the operation. Can be OK or FAIL. | * <code>Outcome</code> - Outcome of the operation. Can be OK or FAIL. | ||
− | + | </div></div> | |
+ | <div class="mw-collapsible mw-collapsed" data-collapsetext="Show Less" data-expandtext="Read More" style="width:1050px"> | ||
===Add Group=== | ===Add Group=== | ||
− | + | <div class="mw-collapsible-content"> | |
This operation adds a Group object to an Active Directory Group. | This operation adds a Group object to an Active Directory Group. | ||
Line 94: | Line 95: | ||
* <code>Errors</code> - Any errors returned by the operation. | * <code>Errors</code> - Any errors returned by the operation. | ||
* <code>Outcome</code> - Outcome of the operation. Can be OK or FAIL. | * <code>Outcome</code> - Outcome of the operation. Can be OK or FAIL. | ||
− | + | </div></div> | |
+ | <div class="mw-collapsible mw-collapsed" data-collapsetext="Show Less" data-expandtext="Read More" style="width:1050px"> | ||
===Add User=== | ===Add User=== | ||
− | + | <div class="mw-collapsible-content"> | |
This operation adds a User object to an Active Directory Group. | This operation adds a User object to an Active Directory Group. | ||
Line 114: | Line 116: | ||
* <code>Errors</code> - Any errors returned by the operation. | * <code>Errors</code> - Any errors returned by the operation. | ||
* <code>Outcome</code> - Outcome of the operation. Can be OK or FAIL. | * <code>Outcome</code> - Outcome of the operation. Can be OK or FAIL. | ||
− | + | </div></div> | |
+ | <div class="mw-collapsible mw-collapsed" data-collapsetext="Show Less" data-expandtext="Read More" style="width:1050px"> | ||
===Remove Computer=== | ===Remove Computer=== | ||
+ | <div class="mw-collapsible-content"> | ||
This operation removes a Computer object from an Active Directory Group. | This operation removes a Computer object from an Active Directory Group. | ||
Line 134: | Line 138: | ||
* <code>Errors</code> - Any errors returned by the operation. | * <code>Errors</code> - Any errors returned by the operation. | ||
* <code>Outcome</code> - Outcome of the operation. Can be OK or FAIL. | * <code>Outcome</code> - Outcome of the operation. Can be OK or FAIL. | ||
− | + | </div></div> | |
+ | <div class="mw-collapsible mw-collapsed" data-collapsetext="Show Less" data-expandtext="Read More" style="width:1050px"> | ||
===Remove Group=== | ===Remove Group=== | ||
+ | <div class="mw-collapsible-content"> | ||
This operation removes a Group object from an Active Directory Group. | This operation removes a Group object from an Active Directory Group. | ||
Line 154: | Line 160: | ||
* <code>Errors</code> - Any errors returned by the operation. | * <code>Errors</code> - Any errors returned by the operation. | ||
* <code>Outcome</code> - Outcome of the operation. Can be OK or FAIL. | * <code>Outcome</code> - Outcome of the operation. Can be OK or FAIL. | ||
− | + | </div></div> | |
+ | <div class="mw-collapsible mw-collapsed" data-collapsetext="Show Less" data-expandtext="Read More" style="width:1050px"> | ||
===Remove User=== | ===Remove User=== | ||
+ | <div class="mw-collapsible-content"> | ||
This operation removes a User object from an Active Directory Group. | This operation removes a User object from an Active Directory Group. | ||
Line 174: | Line 182: | ||
* <code>Errors</code> - Any errors returned by the operation. | * <code>Errors</code> - Any errors returned by the operation. | ||
* <code>Outcome</code> - Outcome of the operation. Can be OK or FAIL. | * <code>Outcome</code> - Outcome of the operation. Can be OK or FAIL. | ||
− | + | </div></div> | |
+ | <div class="mw-collapsible mw-collapsed" data-collapsetext="Show Less" data-expandtext="Read More" style="width:1050px"> | ||
===Create Group=== | ===Create Group=== | ||
+ | <div class="mw-collapsible-content"> | ||
This operation creates a new Active Directory Group. | This operation creates a new Active Directory Group. | ||
Line 215: | Line 225: | ||
* <code>objectGUID</code> - the Object GUID of the new Group. | * <code>objectGUID</code> - the Object GUID of the new Group. | ||
* <code>sid</code> - the SID of the new Group. | * <code>sid</code> - the SID of the new Group. | ||
− | + | </div></div> | |
− | ===Delete=== | + | <div class="mw-collapsible mw-collapsed" data-collapsetext="Show Less" data-expandtext="Read More" style="width:1050px"> |
+ | ===Delete Group=== | ||
+ | <div class="mw-collapsible-content"> | ||
This operation deletes an Active Directory Group. | This operation deletes an Active Directory Group. | ||
Line 240: | Line 252: | ||
* <code>Errors</code> - Any errors returned by the operation. | * <code>Errors</code> - Any errors returned by the operation. | ||
* <code>Outcome</code> - Outcome of the operation. Can be OK or FAIL. | * <code>Outcome</code> - Outcome of the operation. Can be OK or FAIL. | ||
− | + | </div></div> | |
[[Category:ITOM]] | [[Category:ITOM]] |
Revision as of 13:47, 14 October 2020
Home > Administration > IT Operations Management > ITOM Package Library > Active Directory Group Management | Index |
IntroductionThe Active Directory Group Management package for Hornbill's IT Operations Management (ITOM) contains a number of administrative operations that can be carried out on Group objects within your behind-the-firewall Active Directory domains. |
|
Target Environment Requirements
Domain Requirements
The Active Directory domain that you wish to manage requires an Active Directory Web Services to be present. See the ADWS Documentation for more information.
Script Execution Machine Requirements
- The Active Directory PowerShell module needs to installed on the machine that will be executing the scripts (the correct Remote Server Administration Tools (RSAT) package for your OS);
- If the script execution policy on the machine executing these operations is set to Restricted, then this will need to be updated to something less restrictive. See the PowerShell Documentation for more information.
KeySafe Configuration
When creating SIS jobs for operations contained within this package, they need to be run on the target machine as a user who has the correct privileges within your environment.
To create and securely store one or more Keys for these operations, in the admin console:
- Navigate to: System > Security > KeySafe;
- Click on + then select
Username + Password
; - Give the KeySafe Key a Title (this is the name/identifier for the AD account as you will see it when creating an IT Automation Job, or adding an IT Automation node to a Business Process or Runbook);
- Optionally add a description;
- Populate the Username field with the domain username for the account being used (
DOMAINNAME\yourusername
for example); - Populate the Password field with the password for the above account;
- Select Create Key to save.
Once you have created your KeySafe Key, you can then use it when creating IT Automation Jobs from this package. See screenshots to the right for examples.
Package Operations
The Active Directory Group Management package contains the following operations, used to create ITOM Jobs directly, or included in your Business Processes and also IT Operations Management Runbooks.
Add Computer
This operation adds a Computer object to an Active Directory Group.
Extra Credentials
None required.
Input Parameters
MemberIdentity
(MANDATORY) - Provide the Identity of the Member Computer (distinguished, objectGUID, objectSid or sAMAccountName)GroupIdentity
(MANDATORY) - Provide the Identity of the Group (distinguished, objectGUID, objectSid or sAMAccountName)MemberServer
- Optionally provide the Active Directory Domain Services instance to connect to to return the ComputerGroupServer
- Optionally provide the Active Directory Domain Services instance to connect to to return the Group
Output Parameters
Errors
- Any errors returned by the operation.Outcome
- Outcome of the operation. Can be OK or FAIL.
Add Group
This operation adds a Group object to an Active Directory Group.
Extra Credentials
None required.
Input Parameters
MemberIdentity
(MANDATORY) - Provide the Identity of the Member Group (distinguished, objectGUID, objectSid or sAMAccountName)GroupIdentity
(MANDATORY) - Provide the Identity of the Group (distinguished, objectGUID, objectSid or sAMAccountName)MemberServer
- Optionally provide the Active Directory Domain Services instance to connect to to return the GroupGroupServer
- Optionally provide the Active Directory Domain Services instance to connect to to return the Group
Output Parameters
Errors
- Any errors returned by the operation.Outcome
- Outcome of the operation. Can be OK or FAIL.
Add User
This operation adds a User object to an Active Directory Group.
Extra Credentials
None required.
Input Parameters
MemberIdentity
(MANDATORY) - Provide the Identity of the Member User (distinguished, objectGUID, objectSid or sAMAccountName)GroupIdentity
(MANDATORY) - Provide the Identity of the Group (distinguished, objectGUID, objectSid or sAMAccountName)MemberServer
- Optionally provide the Active Directory Domain Services instance to connect to to return the UserGroupServer
- Optionally provide the Active Directory Domain Services instance to connect to to return the Group
Output Parameters
Errors
- Any errors returned by the operation.Outcome
- Outcome of the operation. Can be OK or FAIL.
Remove Computer
This operation removes a Computer object from an Active Directory Group.
Extra Credentials
None required.
Input Parameters
MemberIdentity
(MANDATORY) - Provide the Identity of the Member Computer (distinguished, objectGUID, objectSid or sAMAccountName)GroupIdentity
(MANDATORY) - Provide the Identity of the Group (distinguished, objectGUID, objectSid or sAMAccountName)MemberServer
- Optionally provide the Active Directory Domain Services instance to connect to to return the ComputerGroupServer
- Optionally provide the Active Directory Domain Services instance to connect to to return the Group
Output Parameters
Errors
- Any errors returned by the operation.Outcome
- Outcome of the operation. Can be OK or FAIL.
Remove Group
This operation removes a Group object from an Active Directory Group.
Extra Credentials
None required.
Input Parameters
MemberIdentity
(MANDATORY) - Provide the Identity of the Member Group (distinguished, objectGUID, objectSid or sAMAccountName)GroupIdentity
(MANDATORY) - Provide the Identity of the Parent Group (distinguished, objectGUID, objectSid or sAMAccountName)MemberServer
- Optionally provide the Active Directory Domain Services instance to connect to to return the Member GroupGroupServer
- Optionally provide the Active Directory Domain Services instance to connect to to return the Parent Group
Output Parameters
Errors
- Any errors returned by the operation.Outcome
- Outcome of the operation. Can be OK or FAIL.
Remove User
This operation removes a User object from an Active Directory Group.
Extra Credentials
None required.
Input Parameters
MemberIdentity
(MANDATORY) - Provide the Identity of the Member User (distinguished, objectGUID, objectSid or sAMAccountName)GroupIdentity
(MANDATORY) - Provide the Identity of the Group (distinguished, objectGUID, objectSid or sAMAccountName)MemberServer
- Optionally provide the Active Directory Domain Services instance to connect to to return the UserGroupServer
- Optionally provide the Active Directory Domain Services instance to connect to to return the Group
Output Parameters
Errors
- Any errors returned by the operation.Outcome
- Outcome of the operation. Can be OK or FAIL.
Create Group
This operation creates a new Active Directory Group.
Extra Credentials
None required.
Input Parameters
Name
(MANDATORY) - The name of the Group object. must be unique within your Active Directory.SamAccountName
(MANDATORY) - The sAMAccountName of the Group object. Must be unique within your Active Directory.Path
(MANDATORY) - The distinguished name of the OU/Container where you wish to create the Group.GroupCategory
(MANDATORY) - Can be either Distribution or SecurityGroupScope
(MANDATORY) - Can be DomainLocal, Global or UniversalDisplayName
- The displayName of the Group object.Description
- The description of the Group object.HomePage
- Specifies the URL of the home page of the object.ManagedBy
- Specifies the user or group that manages the object by providing one of the following property values:
- A distinguished name
- A GUID (objectGUID)
- A security identifier (objectSid)
- SAM account name (sAMAccountName)
Server
- The Active Directory Domain Services instance to perform the operation against, specified in one of the following ways:
- Domain name values:
- Fully qualified domain name
- NetBIOS name
- Directory server values:
- Fully qualified directory server name
- NetBIOS name
- Fully qualified directory server name and port
Mail
- The email address of the Group object.
Output Parameters
Errors
- Any errors returned by the operation.Outcome
- Outcome of the operation. Can be OK or FAIL.distingiuishedName
- The Distinguished Name of the new Group.objectGUID
- the Object GUID of the new Group.sid
- the SID of the new Group.
Delete Group
This operation deletes an Active Directory Group.
Extra Credentials
None required.
Input Parameters
GroupIdentity
(MANDATORY) - Provide the Identity of the Group (distinguished, objectGUID, objectSid or sAMAccountName)Server
- The Active Directory Domain Services instance to perform the operation against, specified in one of the following ways:
- Domain name values:
- Fully qualified domain name
- NetBIOS name
- Directory server values:
- Fully qualified directory server name
- NetBIOS name
- Fully qualified directory server name and port
Output Parameters
Errors
- Any errors returned by the operation.Outcome
- Outcome of the operation. Can be OK or FAIL.