Clone AD Group web action
Overview
Clone an Active Directory group in the Cayosoft AdministratorWeb Portal. When you clone an existing Active Directory group, specify only the Group name property. All other properties are copied from the source group, including the group members.
Use cases
Implement the web action in your environment to execute the following scenarios:
Replicate AD groups for streamlined permission and access management.
Maintain group structures to report on and audit users.
Sample scenario
Follow the steps of the scenario to clone an AD group with existing secondary owners:
In the Cayosoft Administrator console, navigate to Configuration > Web Portal > Web Actions > Active Directory > Clone AD Group.
Define a default OU to store new objects in the Default OU for new object creation setting.
In the More options section, locate the Additional attributes setting. Click the ... button to expand the list of additional attributes. Select the msExchCoManagedByLink attribute and click OK.
Complete the setup and click Save changes.
Next time you use the Clone AD Group web action with a group with secondary owners, Cayosoft Administrator will clone the group with original secondary owners.
IMPORTANT: The Require additional owners setting negates the existing secondary owners and requires manual input when it comes to secondary owners.
Web action settings
| Setting name | Description |
|---|---|
| Default OU for new object creation | Specify a default OU to store new objects created via the web action. |
| sAMAccountName generation rule | Define the samAccountName attribute generation process. Refer to the user name generation rules section of the following article to learn more: Active Directory extension settings. |
| More options | |
| Override Active Directory domains | This setting has been deprecated. To limit UPN suffixes when creating new objects in the Cayosoft AdministratorWeb Portal, use attribute policies: Attribute policies . |
| Additional attributes |
Specify additional attributes to copy from the source group. IMPORTANT: Only the attributes that have a copy flag (CP) in the Active Directory schema are copied during the Clone AD Group action. If you would like to copy an attribute that doesn't have such a flag, specify it manually in the Additional attributes setting, e.g., the |
| Show Ticket input field | Controls the Ticket# field visibility. The field is not visible by default. |
| Show Comment input field | Controls the Comment field visibility. The field is visible by default. |
| Distribution group options | |
| Primary email prefix generation rule |
Define the group primary email prefix generation rule:
|
| Primary email suffix |
Define the group primary email suffix generation rule:
|
| Email Alias (mailNickname) generation rule |
Define the group email alias generation rule:
|
| Validate suffix with Office 365 | Set to Yes to validate if the specified domain suffix is listed in valid domains in Microsoft 365 tenant. This setting is used for hybrid Exchange environments only. |
| Also validate email uniqueness in the cloud | Set to Yes to validate if the specified email is unique in the managed Microsoft 365 tenant. |
| Membership options | |
| User can edit membership | Specify whether a user can edit group membership during group cloning. |
| Member properties to display | Specify the member properties to display. |
| User can edit owners | Specify whether a user can edit the group owner during group cloning. |
| Require additional owners |
Specify if additional owners are required. The setting is only valid when the User can edit owners setting is enabled. NOTE: When set to Yes, you can set secondary owners during the group cloning process. Secondary owners are not copied from the source group. |
| Character restrictions | |
| Prohibited or allowable | Define whether the symbols specified in the further settings below are prohibited or allowed. |
| Symbols in Name |
When entering prohibited symbols, specify the symbols without spaces. When entering allowed symbols, enter a regular expression enclosed in single quote marks. The default prohibited symbols are '@' and '–'. |
| Symbols in Alias | |
| Symbols in Primary SMTP prefix | |
| Other attributes | |
| Other Attribute 1 - Other Attribute 20 | Select an extension attribute and map it to the Other attribute value. Refer to the following article to learn more about setting labels and default values for the attributes: Attribute policies . |
| Virtual attributes | |
| Virtual Attribute 1 - Virtual Attribute 25 | Select a virtual attribute and map it to the Virtual attribute value to extend the attribute list in AD. Refer to the following article to learn more about virtual attributes: Virtual Attributes. |
| Custom generation tokens |
For additional information on the setting, refer to the following article: How to create custom generation tokens in Attribute Policies.
|
Output section
This section defines the output format of this rule.
To get more information about this section, please see the Rule Output section article.
Change history
| Version | Notes |
|---|---|
| 12.3 | The article has been updated to reflect the use cases and the sample implementation scenario. |
| 11.3.0 | The action has been introduced to the product. |
Comments
0 comments
Please sign in to leave a comment.