-
Title
Can objects other than users be added to or removed from AD groups with vastool? -
Description
Can objects other than users be added to or removed from AD groups with vastool? The command searches Active Directory for samaccountname. -
Resolution
RESOLUTION 1:
The vastool group command looks for the samaccountname object in AD to add to the group. Since the samaccountname is unique the object is then added to the group as long as AD allows for it. For computer objects the samaccountname must be exact;
For example.
vastool -u admin group unix add hostname$
RESOLUTION 2:
OIder versions of Authentication Services only allowed searching for users so an explicit path had to be used.
The "vastool group" command did not support adding or removing anything other than users from AD groups, however it is still possible to add other objects such as computers or other groups using this command. In order to add an object that is not a group, the object needs to be specified by its full canonical name or userPrincipalName. For example:
# vastool -u host/ group unix add rhel-01ERROR: Could not add members to group: unix "VAS_ERR_NOT_FOUND: Not foundcould not resolve Group: rhel-01 to DN"Failed to resolve <1> user(s):rhel-01# vastool -u host/ group unix add "CN=rhel-01,CN=Computers,DC=test,DC=com"1 user added to group unix