Active Directory Group Create VERSION 2

This handler will use the server information and user credentials configured in the task info values to authenticate and connect to the specified Active Directory server (using LDAP) and create a group entry.

In order to build up the Distinguished Name (a unique identifier for the active directory user entry), the handler uses a template specified as a task info value.

The following entry attributes are set once the user entry is created:

  • Direct Mappings

    • name => Group Name

    • mail => Email Address

    • description => Description

    • info => Notes

  • Computed Mappings

    • grouptype => Numerical representation of the group scope and type.
  • Special Attributes

    • objectclass => [top,group]

Task Info Configuration

  • dn_format - This value is used to specify the distinguished name of the Active Directory group entry to be created. Anything within curly braces {} will be replaced with the value of the entry attribute or task info value associated with that key. For example, the default format is 'CN={displayname},CN=Users,{base}'. In this case {displayname} is replaced with the displayname attribute value and {base} is replaced with the value of the 'base' task info value. A full list of available entry attributes is available above. If you use organizational units they can be substituted into the distinguished name in this manner.


Group NameThe name of the group to be created
DescriptionThe description of this group
Email AddressThe Email Address for this group. Active Directory can be configured so that all members of a group are notified when the group receives an Email.
Group ScopeSecurity groups or distribution groups are characterized by a scope that identifies how they are applied in the domain tree or forest. There are three group scopes: universal, global, and domain local.
Group TypeThere are two group types, security and distribution. Security groups allow you to manage user and computer access to shared resources. Distribution groups are intended to be used solely as email distribution lists.
NotesAdditional information about the group

Sample Configuration

Group Name<%=@results['New Group Name']%>
DescriptionAllows access to the accounting resources
Group ScopeGlobal
Group TypeSecurity


NameSample Result
Distinguished NameCN=Accounting,CN=Users,DC=kineticdata,DC=com


Active Directory Group Create V2 (2014-08-05)

* Changed the password info value to be encrypted.

Active Directory Group Create V1 (2011-01-24)

* Initial version. See README for details.