create_computer_role
Use the create_computer_role command to create a new computer role in Active Directory. The command does not store the new computer role in memory nor set it as the currently selected ADEdit computer role. To manage the computer role, you must select it using select_zone and then use zone commands to work with the computer role’s fields.
ADEdit requires a valid license before the computer role is created. The create_computer_role command does an implicit search. The first place it looks is the ADEdit context for a valid license indicator (see the validate_license command) for the forest. If an indicator is not in the context, the command checks for a valid license as follows:
- Bind to the global catalog (GC) domain controller, search the forest for the license container and validate the license.
- Bind to the current domain, search for the license container and validate the license.
If it finds a valid license, it stores an indicator in the current context and creates the new computer role. If it does not find a valid license, create_computer_role reports “No valid license found” and exits. If the command fails, use validate_license to validate the license container explicitly.
To associate role assignments with the new computer role, you must select the computer role, then use new_role_assignment.
Zone Type
Hierarchical only
Syntax
create_computer_role computer_role_path group_upn
Abbreviation
ccr
Options
This command takes no options.
Arguments
This command takes the following arguments:
| Argument | Type | Description |
|---|---|---|
| computer_role_path | string | Required. Specifies a path to the new computer role. The path consists of the hosting zone’s distinguished name followed by a slash and the name of the new computer role. |
| group_upn | string | Required. Specifies the user principal name (UPN) of a computer group in Active Directory to associate with this computer role. This computer group defines the set of computers in which this computer role functions. The computer group must be available within the computer role’s host domain. |
Return Value
This command returns no value if it runs successfully.
Examples
The following example creates a new computer role named LinuxComputers in the global zone of acme.com:
create_computer_role {CN=global,CN=Zones,CN=Acme,DC=acme,DC=com/LinuxComputers} linux_computers@acme.com
The scope of the computer role is defined by the group named linux_computers which is an Active Directory groups defined in acme.com. To work with the new computer role, you must select it as a zone:
select_zone “CN=global,CN=Zones,CN=Acme,DC=acme,DC=com/LinuxComputers”
Related Commands
The following command retrieves the computer role from Active Directory and stores it in memory so you can use other commands to work with it.
select_zoneretrieves the computer role and stores it in memory.
After you have a computer role selected as a zone, you can use the following commands to view and manage the computer role:
new_role_assignmentcreates a new role assignment for the selected computer role.list_role_assignmentslists user role assignments for the selected computer role.get_role_assignmentsreturns a Tcl list of user role assignments for the selected computer role.get_zone_fieldretrieves what computer group is associated with the computer role.set_zone_fieldsets what computer group is associated with the computer role.delete_zonedeletes the selected computer role from Active Directory and memory.
