domain create

Creates a domain, including an administrator ID and password to log in to the specified domain. You must log in to the management domain as an administrator to perform this command.

Requires authentication (administrator ID and password) to use this command.

This command applies to LDAP registries only.

Syntax

domain create domain domain_admin_id domain_admin_password [–desc description]

Description

An initial domain is created when the policy server is configured. This domain, called the management domain, is the default domain in which Security Access Manager enforces security policies for authentication, authorization, and access control. You must log in to the management domain to create more policy domains.

When you create a domain, you must specify an administrative ID and password for the domain. The administrator of the management domain later assigns the new ID and password. The new credentials are assigned to the administrator responsible for handling policy management tasks for the specific domain. The administrator of the domain is responsible for updating the security policy for that particular domain if:

Users change.
Groups change.
Resources change.

This domain administrator can also delegate administration tasks to others within that specific domain. For more information about managing domains, see the Administering topics in the IBM Knowledge Center.

Options

–desc description

Specifies an optional description for the domain. A valid description is an alphanumeric string that is not case-sensitive. String values are expected to be characters that are part of the local code set. If the description contains a space, ensure that you enclose the description in double quotation marks. You can specify an empty string ("") to clear an existing description. Examples of description: "accounting area". (Optional)

domain

Specifies the name of the domain to be created. Characteristics of the name are:

Limited to 64 characters in length.
Case sensitive.
Can contain a-z, A–Z, 0–9, hyphen (-), underscore (_), period (.), at sign (@), or ampersand(&).
Can contain any character from a double-byte character set.

The underlying user registry might also restrict certain characters. Some registries are not case-sensitive.

domain_admin_id

Specifies an administrator ID, which is created in the specified domain.

domain_admin_password

Specifies the password for the domain_admin_id user.

Return codes

0: The command completed successfully.
1: The command failed. When a command fails, the pdadmin command provides a description of the error and an error status code in hexadecimal format (for example, 0x14c012f2). See "Error messages" in the IBM Knowledge Center. This reference provides a list of the Security Access Manager error messages by decimal or hexadecimal codes.

Examples

The following example creates a domain named Marketing, a domain administrator ID Admin1, and an initial password to log in to the domain:
```
pdadmin sec_master> domain create Marketing Admin1 password
```
The following example creates a domain named Finance, a domain administrator ID Admin2, a password, and a domain description:
```
pdadmin sec_master> domain create Finance Admin2 password
-desc "accounting area"
```