Exporting and importing groups
With the Active Roles console, you can export groups to an XML file and then import them from that file to populate a container in a different domain. The export and import operations provide a way to relocate groups between domains.
To export groups, select them, right-click the selection, and select All Tasks | Export. In the Export Objects dialog box, specify the file where you want to save the data, and click Save.
To import groups, right-click the container where you want to place the groups, and then click Import. In the Import Directory Objects dialog box, select the file to which the groups were exported, and click Open.
To delete groups, select them, right-click the selection, and click Delete. Then, click Yes to confirm the deletion. If you select multiple groups, clicking Delete displays the Delete Objects dialog box. To delete all the selected groups, select the Apply to all items check box, and then click Yes.
|NOTE: Deleting a group is an irreversible operation. A new group with the same name as a deleted group does not automatically assume the permissions and memberships of the deleted group. When recreating a deleted group, you need to manually add all permissions and memberships. |
Steps for deleting a group
To delete a group
- In the console tree, locate and select the folder that contains the group.
- In the details pane, right-click the group, and then click Delete.
- Deleting a group is a permanent operation. Once a group has been deleted, all permissions and memberships associated with that group are permanently deleted. A new group with the same name as a previously deleted group does not automatically assume the permissions and memberships of the previously deleted group. To duplicate a deleted group, all permissions and memberships must be manually re-created.
- The confirmation message box displayed by the Delete command prompts you that you can deprovision rather than delete groups. The deprovision operation refers to a set of actions performed by Active Roles in order to prevent the use of there group. Active Roles comes with a default policy to automate some commonly-used deprovisioning tasks, and allows the deprovision policies to be adjusted as needed.
- You can deprovision a group as follows: Right-click the group in the details pane, and click Deprovision.
- You can use the Find function of Active Roles in order to locate the group you want to delete or deprovision. Once you have found the group, you can proceed as follows: Right-click the group in the list of search results, and click Delete or Deprovision.
- When deleting a group, you may encounter an error message stating that access is denied. A possible cause of this error is that the group is protected from deletion. To delete a protected group, you should first go to the Object tab in the Properties dialog box for that group, and clear the Protect object from accidental deletion check box.
Active Roles provides the ability to deprovision rather than delete groups. Deprovisioning a groups refers to a set of actions that are performed by Active Roles in order to prevent the use of the group.
The Deprovision command on a group updates the group object in Active Directory as prescribed by the deprovisioning policies. Active Roles comes with a default policy to automate some commonly-used deprovisioning tasks, and allows the administrator to configure and apply additional policies.