group create

Requires authentication of administrator ID and password to use this command.

Groups that are created in the Active Directory Lightweight Directory Service (AD LDS) user registry must be created in the same AD LDS partition where the Verify Identity Access Management Domain information is stored.

Syntax

group create group_name dn cn [group_container]

Options

cn

Specifies the common name that is assigned to the group that is being created. For example, cwright.

dn

Specifies the registry identifier that is assigned to the group that is being created.

The format for a distinguished name is like:

cn=credit,ou=Austin,o=Tivoli,c=US

group_container

Specifies the group container object that is assigned to the group that is being created. If this option is not specified, the group by default is placed in the object space under /Management/Groups. (Optional)

Examples of group containers are Credit and Sales_Teams.

group_name

Specifies the name of the group that is being created. This name must be unique within the domain.

A valid group name is an alphanumeric string that is not case-sensitive. String values are expected to be characters that are part of the local code set. Spaces are not allowed.

Examples of group names are Credit, Sales, and Test-group.

Return codes

0

The command completed successfully.

1

The command failed. When a command fails, the pdadmin command provides a description of the error and an error status code in hexadecimal format (for example, 0x14c012f2). See "Error messages" in the IBM Knowledge Center. This reference provides a list of the Verify Identity Access error messages by decimal or hexadecimal codes.

See also

group delete
group import