group import

Creates a Security Access Manager group by importing group data that exists in the user registry.

You can import an Active Directory dynamic group under this condition:

The name of the Security Access Manager group (excluding the @domain suffix) is the same as the common name (CN) of the Active Directory dynamic group.

If Active Directory Lightweight Directory Service (AD LDS) is the user registry, import groups from the AD LDS partition where the Security Access Manager management domain information is stored.

Requires authentication (administrator ID and password) to use this command.

Syntax

group import group_name dn [group_container]

Options

dn
Specifies the registry identifier of the group to import. The distinguished name must exist, or an error is displayed. The format for a distinguished name is like "cn=engineering,ou=Austin,o=Tivoli,c=us"
group_container
Specifies the group container object that is assigned to the group that is being created. By default, the group is placed in the object space under /Management/Groups. If the container object does not currently exist, it is automatically created. (Optional)
group_name
Specifies the name of the group to create. A valid group name is an alphanumeric string that is not case-sensitive. String values are expected to be characters that are part of the local code set. Spaces are not allowed. Examples of group names are Credit, Sales, and Test-group.

Return codes

0
The command completed successfully.
1
The command failed. When a command fails, the pdadmin command provides a description of the error and an error status code in hexadecimal format (for example, 0x14c012f2). See "Error messages" in the IBM Knowledge Center. This reference provides a list of the Security Access Manager error messages by decimal or hexadecimal codes.

Examples

  • The following example creates a Security Access Manager group by importing a group that exists in the user registry: 
    pdadmin sec_master> group import engineering "cn=engineering,o=Tivoli,c=US"
  • This example:
    • Creates a Security Access Manager group named sales.
    • Places the sales group in the Sales2003 group container object by importing a group that exists in the user registry.
    pdadmin sec_master> group import sales "cn=sales,o=tivoli,c=us" Sales2003
  • This example creates a group named dyngroup1 by importing the group from an Active Directory dynamic group with the following characteristics:
    cn
    dyngroup1
    distinguishedName
    cn=dyngroup1,
    cn=AzGroupObjectContainer-myAuthorizationStore,
    cn=myAuthorizationStore,
    cn=ProgramData,
    dc=domain,
    dc=com
    pdadmin sec_master> group import dyngroup1 "cn=dyngroup1,
cn=AzGroupObjectContainer-myAuthorizationStore,
cn=myAuthorizationStore,cn=ProgramData,
dc=domain,dc=com"
    If Security Access Manager is configured in an environment that uses multiple Active Directory domains, enter the following command to create the same group: 
    pdadmin sec_master> group import dyngroup1@domain.com "cn=dyngroup1,
cn=AzGroupObjectContainer-myAuthorizationStore,
cn=myAuthorizationStore,cn=ProgramData,
dc=domain,dc=com"

See also

group create