Use the CreateOrganization procedure of the Managed Active Directory namespace to create an organization.
This procedure expects to be called with impersonate="1". The procedure impersonates the caller.
<request>
<procedure>
<execute namespace="Managed Active Directory" procedure="CreateOrganization">
<executeData>
<name>Reseller1</name>
<policyName>reseller</policyName>
<container>LDAP://ou=Hosting,dc=contoso,dc=com</container>
<description>The reseller of contoso @contoso.com</description>
<properties></properties>
<preferredDomainController>myPrimaryDC.contoso.com</preferredDomainController>
</executeData>
<after source="executeData" destination="data" sourcePath="org" />
</execute>
</procedure>
</request>
The following input is valid for this request:
Use the <name> element to specify the name of the organization you want to create.
<name>organization name for reseller or customer</name>
Use the <container> element to specify the Lightweight Directory Access Protocol (LDAP) path of the organization container.
<container>LDAP://LDAP path of the organization container</container>
By using the <policyName> element, you can specify the type of organization you want to create. To specify the organization type, use lowercase letters.
This information is optional. If you do not include this element, the request uses the default value.
<policyName>default|hosting|reseller|customer</policyName>
By using the <description> element, you can specify a description for the organization.
This information is optional.
<description>description of the new organization</description>
By using the <properties> element, you can add any valid Active Directory properties for an organizational unit that you want to store with the organization.
This information is optional.
<properties>property element</properties>
By using the <preferredDomainController> element, you can specify the domain controller that you want to use for this request. Using a single preferred domain controller eliminates replication delays that arise between multiple controllers.
This information is optional.
<preferredDomainController>your domain controller</preferredDomainController>
The following response shows the format of the response, but the content is not intended to conform exactly to the above request example.
<response>
<data>
<org path="LDAP://ou=Reseller1,ou=Hosting,dc=contoso,dc=com" name="Reseller1">
<orgs>
<org path="LDAP://ou=Services,ou=Reseller1,ou=Hosting,dc=contoso,dc=com"
name="Services">
<groups>
<group path="LDAP://cn=Admins@Reseller1,ou=Services,ou=Reseller1,ou=Hosting,dc=contoso,dc=com"
name="Admins@Reseller1" samName="A@Reseller1"></group>
<group path="LDAP://cn=CSRAdmins@Reseller1,ou=Services,ou=Reseller1,ou=Hosting,dc=contoso,dc=com"
name="CSRAdmins@Reseller1" samName="CA@Reseller1"></group>
<group path="LDAP://cn=AllCustomers@Reseller1,ou=Services,ou=Reseller1,ou=Hosting,dc=contoso,dc=com"
name="AllCustomers@Reseller1" samName="AC@Reseller1"></group>
<group path="LDAP://cn=AllUsers@Reseller1,ou=Services,ou=Reseller1,ou=Hosting,dc=contoso,dc=com"
name="AllUsers@Reseller1" samName="AU@Reseller1">
<memberOfGroup
name="LDAP://cn=AllUsersGroups,ou=Services,ou=Hosting,dc=contoso,dc=com"></memberOfGroup>
</group>
</groups>
</org>
</orgs>
<dacl>
<ace>
<permission>ADS_RIGHT_DS_LIST_OBJECT</permission>
<trustee>LDAP://cn=AllUsers@Reseller1,ou=Services,ou=Reseller1,ou=Hosting,dc=contoso,dc=com</trustee>
<trusteeType>TRUSTEE_IS_GROUP</trusteeType>
<trusteeForm>TRUSTEE_IS_SID</trusteeForm>
<mode>GRANT_ACCESS</mode>
</ace>
<ace>
<permission>ADS_RIGHT_ACTRL_DS_LIST</permission>
<permission>ADS_RIGHT_DS_READ_PROP</permission>
<permission>ADS_RIGHT_READ_CONTROL</permission>
<inheritance>SUB_CONTAINERS_AND_OBJECTS_INHERIT</inheritance>
<trustee>LDAP://cn=AllUsers@Reseller1,ou=Services,ou=Reseller1,ou=Hosting,dc=contoso,dc=com</trustee>
<trusteeType>TRUSTEE_IS_GROUP</trusteeType>
<trusteeForm>TRUSTEE_IS_SID</trusteeForm>
<mode>GRANT_ACCESS</mode>
</ace>
<ace>
<permission>ADS_RIGHT_DS_LIST_OBJECT</permission>
<trustee>LDAP://cn=AllCustomers@Reseller1,ou=Services,ou=Reseller1,ou=Hosting,dc=contoso,dc=com</trustee>
<trusteeType>TRUSTEE_IS_GROUP</trusteeType>
<trusteeForm>TRUSTEE_IS_SID</trusteeForm>
<mode>GRANT_ACCESS</mode>
</ace>
<ace>
<permission>ADS_RIGHT_DS_WRITE_PROP</permission>
<permission>ADS_RIGHT_WRITE_DAC</permission>
<permission>ADS_RIGHT_DS_CONTROL_ACCESS</permission>
<permission>ADS_RIGHT_DS_CREATE_CHILD</permission>
<inheritance>SUB_CONTAINERS_AND_OBJECTS_INHERIT</inheritance>
<trustee>LDAP://cn=Admins@Reseller1,ou=Services,ou=Reseller1,ou=Hosting,dc=contoso,dc=com</trustee>
<trusteeType>TRUSTEE_IS_GROUP</trusteeType>
<trusteeForm>TRUSTEE_IS_SID</trusteeForm>
<mode>GRANT_ACCESS</mode>
</ace>
</dacl>
</org>
</data>
</response>
Important