Adding groups on Active Directory

You can add groups to grant specific permissions to a set of users in an organization. When you do so, only the members of the group are authorized to do the tasks for which the group has permissions. You can use the group form to directly add Active Directory users to a group at any time.

About this task

The Group Unique Name attribute is the only required attribute on the group form. The attribute can contain:

  • Alphabetic characters
  • Unicode characters
  • Numbers
  • Special characters, such as _ ` ' # - $ % ^ @ ( ) ! ~. { }

You cannot include control characters or any other special characters except those characters mentioned in the previous list. The Group Unique Name attribute is mapped to the sAMAccountName attribute on the Active Directory.

To add groups to the Active Directory:

Procedure

  1. Log on to IBM® Security Identity Manager as an administrator.
  2. In the My Work pane, click Manage Groups to display the Manage Groups page.
  3. Select the Active Directory Profile option from the Service type list and click Search.
  4. Select the name of the service that you created for the Active Directory Adapter and click OK.
  5. Click Create to display the group form.
  6. Specify a name for the group in the Group Unique Name field.
  7. Click Finish to add the group to the Active Directory.