home
about us
forum
testimonials
sitemap
 
 
PREV
NEXT
  

User Management Resource Administrator


Online Manual: "User Management Resource Adminstrator"
Go to: User Management Resource Administrator homepage

Script Action: Add account to local group

Function

Add an existing user or global group account to a local group of a domain, server or workstation.

Deployment

This action is typically used in a script that manages user accounts and local group memberships. The action can be used in Active Directory, Windows NT domains or workgroup environment. The account is an existing user or global group account. In case the user account is created in the same script, or the user is searched for in Active Directory the security identifier (SID) of the user account can be used to specify the new local group member.

The target local group is one of the following:

  1. Active Directory domain local group. In this case you can also use Script Action: Set User Group Memberships (AD) to add the account to the local group;

  2. Windows NT4 domain local group. The group is a local group of the domain, maintained on the primary and backup domain controllers of the Windows NT4 domain.

  3. Member server local group. The server is not a domain controller and either a member server of an Active Directory domain, Windows NT4 domain or a workgroup.

  4. Workstation local group. The workstation is either a member server of an Active Directory domain, Windows NT4 domain or a workgroup.

Depending on the type of local group, you must specify the Local group name and the Domain or Computer property to identify the local group to which the new member is added.

The new member is specified by either the name (property: Member (name)) or security identifier (SID) (property: Member (SID)) of the member. If the new member is a domain user account that is just created in the same script, and multiple domain controllers exist, it is strongly recommended to use the security identifier to specify the new member. The Create user script action by default generate a variable (%UserSid%) that holds the security identifier for the new user account. This variable can be used to specify the property: Member (SID) = %UserSid%.

The reason behind this mechanism is the fact that internally, the network operating system will try to resolve a specified account name to find the security identifier when the account is added to the local group. This operation might fail in case different domain controllers are used to create the account and to find the security identifier.

Properties

Property Name

Description

Typical setting

Remarks

Computer

The name of the computer that contains the local group. The computer can be a workstation, domain member server, domain controller or workgroup member. The name must be specified as a NETBIOS or DNS name. If this property is specified, the property 'Domain' is ignored.

 

When specified, the Domain property is ignored.

Domain

The name of the domain that contains the local group. The domain must be specified as a NETBIOS or DNS name. If the group is not a domain local group, this property must not be specified.

 

Only used if the Computer property is not specified.

Local group name

The name of local group. The name must be specified as a single text field, for instance 'Administrators'. Preceding domain and computer names and (back)slashes are removed.

 

Mandatory property. Name of the local group to which the new member is added.

Member (SID)

The new group member, specified as a (variable holding a) security identifier (SID). When the SID of the new member is available, it is recommended to use this property to specify the new member. If this property is specified, the property 'Member (name)' is ignored.

 

When specified, the Member (name) property is not used. See Deployment section for more information.

Member (name)

The new group member specified by the name of the new member. When the SID of the new member is available, it is recommended to use property 'Member (SID)' instead. When the SID is not available, you should use this property. The group member can be a user account or global group. The name must be specified using syntax 'DOMAIN\\MEMBER' or 'MEMBER'.

 

Only used when the Member (SID) property is not used. See Deployment section for more information.

Error if already member

When set, no error is generated when the account is already a member of the local group. Default value: 'No'.

No

 

 

 

 

 

Related topics

Help on help
Principle of operation
Project operations - Manage script action properties
Script Action: Set User Group Memberships (AD)


Tools4ever User Forum
Topic namePosterRepliesTime
ASP script access errorRemco527/08/08
Set group membershipRemco126/08/08
UMRA Trainingxjumper65025/08/08
Form securitybarrythave211/08/08
Create a email-aliasM.Kellers128/07/08
Alter Date/Time default formatrobdos125/07/08
Special CharactersAndresg123/07/08
Expire an account when creatingJohnZ111/07/08
Error creating mailboxJohnZ110/07/08
Unlock accounttmowatt113/06/08

Home | Products | Support | Pricing | Download | Press | About Us | Contact | Sitemap
QUICK LINKS: Mass / Bulk Import Software | Network Monitoring Software | Disk Quota Management
QUICK LINKS: User and Active Directory Management | Remote Desktop Control | Free Software