group import

Creates an ISAM group by importing group data in the user registry.

We can import an Active Directory dynamic group under this condition:

The name of the ISAM group (excluding the @domain suffix) is the same as the common name (CN) of the Active Directory dynamic group.

If Active Directory Lightweight Directory Service (AD LDS) is the user registry, import groups from the AD LDS partition where the ISAM management domain information is stored.

Requires authentication (administrator ID and password) to use.

group import group_name dn [group_container]

Options

dn

Registry identifier of the group to import. The distinguished name must exist, or an error is displayed. The format for a distinguished name is like "cn=engineering,ou=Austin,o=Tivoli,c=us"

group_container

Specifies the group container object assigned to the group being created. By default, the group is placed in the object space under /Management/Groups. If the container object does not currently exist, it is automatically created. (Optional)

group_name

Name of the group to create. A valid group name is an alphanumeric string that is not case-sensitive. String values are expected to be characters that are part of the local code set. Spaces are not allowed. Examples of group names are Credit, Sales, and Test-group.

Return codes

0

The command completed successfully.

1

The command failed. When a command fails, the pdadmin command provides a description of the error and an error status code in hexadecimal format (for example, 0x14c012f2). See "Error messages" in the IBM Knowledge Center. This reference provides a list of the ISAM error messages by decimal or hexadecimal codes.

Examples

• Create an ISAM group by importing a group in the user registry:

  pdadmin sec_master> group import engineering "cn=engineering,o=Tivoli,c=US"

This example:

• Creates an ISAM group named sales.
• Places the sales group in the Sales2003 group container object by importing a group in the user registry.

pdadmin sec_master> group import sales "cn=sales,o=tivoli,c=us" Sales2003

This example creates a group named dyngroup1 by importing the group from an Active Directory dynamic group with the following characteristics:

cn

dyngroup1

distinguishedName

cn=dyngroup1,
cn=AzGroupObjectContainer-myAuthorizationStore,
cn=myAuthorizationStore,
cn=ProgramData,
dc=domain,
dc=com

pdadmin sec_master> group import dyngroup1 "cn=dyngroup1,
cn=AzGroupObjectContainer-myAuthorizationStore,
cn=myAuthorizationStore,cn=ProgramData,
dc=domain,dc=com"

If ISAM is configured in an environment that uses multiple Active Directory domains, enter the following command to create the same group:

pdadmin sec_master> group import dyngroup1@domain.com "cn=dyngroup1,
cn=AzGroupObjectContainer-myAuthorizationStore,
cn=myAuthorizationStore,cn=ProgramData,
dc=domain,dc=com"

See also

group create

Parent topic: pdadmin commands