Use the CreateGroup procedure of the Managed Active Directory namespace to create a group in Active Directory. The CreateGroup procedure creates a new group within a specified organization according to the policy name you supply in the <policyName> element.
This procedure expects to be called with impersonate="1". The procedure impersonates the caller.
<request> <procedure> <execute namespace="Managed Active Directory" procedure="CreateGroup"> <executeData> <container>LDAP://ou=Hosting,DC=contoso,DC=com</container> <name>myGroup1</name> <groupType>UNIVERSAL SECURITY</groupType> <policyName>reseller</policyName> <description>Describes the new group</description> <preferredDomainController>myPrimaryDC.contoso.com</preferredDomainController> </executeData> <after source="executeData" destination="data" sourcePath="group" /> </execute> </procedure> </request>
The following input is valid for this request:
In the <container> element, specify the Lightweight Directory Access Protocol (LDAP) path of the Active Directory object (usually an organizational unit or another group) in which you want to add a group.
<container>LDAP://LDAP path of the container</container>
Use the <name> element to specify the name of the group.
<name>name of the group</name>
By using the <groupType> element, you can specify the type of group that you want to create.
The different group types are:
A global security group can contain users, groups, and computers from its own domain as members. Global security groups can be granted rights and permissions for resources in any domain in the forest.
A local security group can be granted rights and permissions on only resources on the computer on which the group is created. Local groups can have any user accounts that are local to the computer as members, as well as users, groups, and computers from a domain to which the computer belongs.
A universal security group can contain users, groups, and computers from any domain in its forest as members. Universal security groups can be granted rights and permissions on resources in any domain in the forest.
This information is optional. If you do not specify a group type, the value defaults to GLOBAL SECURITY.
<groupType>GLOBAL SECURITY|LOCAL SECURITY|UNIVERSAL SECURITY</groupType>
By using the <policyName> element, you can specify the creation policy for the name you are creating. This information is optional. Possible policy types are:
You are not required to include this element in the request. If you do not specify a policy, the request uses the default policy, which only creates the requested group.
For example, if you want to add a group to a reseller organization within your hosting organization, but you do not specify a creation policy, the request uses the default creation policy. This policy adds the group only within the top-level organization.
Therefore, the request creates the new group in your hosting organization, but not within the reseller organization.
By using the <description> element, you can enter a description for the group. This information is optional.
<description>optional description for the user</description>
By using the <preferredDomainController> element, you can specify the domain controller that you want to use for this request. This information is optional.
<preferredDomainController>your domain controller</preferredDomainController>
<response> <data> <group path="LDAP://cn=myGroup1,ou=Hosting,DC=contoso,DC=com" name="myGroup1" samName="myGroup1"></group> </data> </response>