120 lines
4.1 KiB
Plaintext
120 lines
4.1 KiB
Plaintext
//+-------------------------------------------------------------------------
|
|
//
|
|
// THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
|
|
// ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO
|
|
// THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
|
|
// PARTICULAR PURPOSE.
|
|
//
|
|
// Copyright (c) Microsoft Corporation. All rights reserved.
|
|
//
|
|
// AddGroup VC Sample: Adding a group to Active Directory
|
|
//
|
|
//--------------------------------------------------------------------------
|
|
|
|
Description
|
|
===========
|
|
The AddGroup sample adds a group object to a specified container in Active
|
|
Directory. The specified container is commonly an organizational unit.
|
|
|
|
The sample uses the IDirectoryObject interface to create and set properties
|
|
for the group object. Optionally, the sample can create a local, global, or
|
|
universal domain group; and can also specify whether the new group is a
|
|
distribution group, such as an e-mail distribution list, or a security group
|
|
for use in access-control entries (ACEs).
|
|
|
|
This sample uses the LDAP: provider and is suitable for Windows 2000 and
|
|
later networks running Active Directory.
|
|
|
|
Sample Files
|
|
============
|
|
* AddGroup.sln
|
|
* AddGroup.vcproj
|
|
* Main.Cpp
|
|
* makefile
|
|
* readme.txt
|
|
|
|
Building the Sample
|
|
===================
|
|
When you build this sample using Visual Studio, be sure that you have the
|
|
INCLUDE directory for the Platform SDK set first in the Options list of
|
|
include files.
|
|
|
|
To build this sample
|
|
1. Open the solution AddGroup.sln.
|
|
2. From the Build menu, select Build.
|
|
|
|
You can also build this sample at a command prompt using the supplied
|
|
makefile.
|
|
|
|
Running the Sample
|
|
==================
|
|
You must run this sample in a Windows domain where you have permission to
|
|
write to Active Directory.
|
|
|
|
To run this sample
|
|
1. Open a command prompt and change to the directory where you built the
|
|
sample.
|
|
2. After selecting suitable parameters, type the followin command.
|
|
The last two parameters of the command are optional.
|
|
|
|
addgroup <ADSPath> <Windows2000_Group> <DownLevel_Name> \
|
|
[{global | local | universal}] [{Security | NoSecurity}]
|
|
|
|
In this command:
|
|
|
|
<ADSPath> is Active Directory service path of the container in which
|
|
to create the group.
|
|
<Windows2000_Group> is the Windows 2000 group name.
|
|
<DownLevel_Name> is the Windows NT 4 downlevel compatible group name.
|
|
{global | local | universal} specifies the scope of the group.
|
|
{security | nosecurity} specifies the security context of the group.
|
|
|
|
Example Output
|
|
==============
|
|
The following example assumes that the domain is Fabrikam.Com and that an
|
|
organizational unit named "Example Org Unit" exists in that domain. The
|
|
command
|
|
|
|
Addgroup "LDAP://OU=Example Org Unit,DC=Fabrikam,DC=Com" "Win2K Group Name" \
|
|
"Downlevel Name" global security
|
|
|
|
creates the group "Win2K Group Name" in the Fabrikam.Com domain with global
|
|
scope and with security enabled.
|
|
|
|
The output from this command is the following.
|
|
|
|
New Group created with the following properties:
|
|
NAME: CN=Win2K Group Name
|
|
CLASS: group
|
|
GUID: 8edcc9e9d52cbd48a30f1bd737b530d2 (this value differs in each run)
|
|
ADSPATH: LDAP://CN=Win2K Group Name,OU=Example Org Unit,DC=Fabrikam,DC=Com
|
|
PARENT: LDAP://OU=Example Org Unit,DC=Fabrikam,DC=Com
|
|
SCHEMA: LDAP://schema/group
|
|
|
|
You can verify the result by opening and examining the Active Directory Users
|
|
and Computers snap-in of the Microsoft Management Console.
|
|
|
|
How the Sample Works
|
|
====================
|
|
The sample defines the following functions.
|
|
|
|
main
|
|
Performs initialization, calls other functions, and performs finalization.
|
|
CheckADHRESULT
|
|
Displays ADSI or COM error message given an HRESULT.
|
|
CrackADError
|
|
Converts HRESULT to error string.
|
|
CreateGroup
|
|
Uses the IDirectoryObject inteface to create a group and set
|
|
its properties.
|
|
ParseCommandLine
|
|
Parses the command line to determine parameters for the group.
|
|
PrintADSObject
|
|
Prints all the attributes of an Active Directory service object.
|
|
|
|
See Also
|
|
========
|
|
IDirectoryObject::CreateDSObject
|
|
Creating Groups in a Domain
|
|
|