Article
Search
Shameless Plugs
Most Popular
Who's online
Online users
User login
3549
Creating Universal AD Groups in IDM
Problem
Having Identity Manager create groups in AD that are Universal, not Global (like the default behavior is) can be an issue.
Solution
In the Subscriber channel under the Creation Rule, create a new rule. I called mine "Create Groups as Universal."
If class name = group, then set destination attribute value("groupType",class name="Group","-2147483640").
This now creates all groups as universal groups in AD. Just a little tip: if you use parent and child domains and want to have groups created, be universal so that you can add users cross-domain.
Note: This solution was tested in an environment with Netware 6.5 SP5 and IDM 3.0.
Example
<rule> <description>Create Groups as Universal</description> <conditions> <and> <if-class-name mode="nocase" op="equal">Group</if-class-name> </and> </conditions> <actions> <do-set-dest-attr-value class-name="Group" name="groupType"> <arg-value> <token-text xml:space="preserve">-2147483640</token-text> </arg-value> </do-set-dest-attr-value> </actions> </rule>
Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).
It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.
Related Articles
User Comments
- Be the first to comment! To leave a comment you need to Login or Register
- 3549 reads
0