create_computer_role

Use the create_computer_role command to create a new computer role in Active Directory. The command does not store the new computer role in memory nor set it as the currently selected ADEdit computer role. To manage the computer role, you must select it using select_zone and then use zone commands to work with the computer role’s fields.

ADEdit requires a valid license before the computer role is created. The create_computer_role command does an implicit search. The first place it looks is the ADEdit context for a valid license indicator (see the validate_license command) for the forest. If an indicator is not in the context, the command checks for a valid license as follows:

  • Bind to the global catalog (GC) domain controller, search the forest for the license container and validate the license.
  • Bind to the current domain, search for the license container and validate the license.

If it finds a valid license, it stores an indicator in the current context and creates the new computer role. If it does not find a valid license, create_computer_role reports “No valid license found” and exits. If the command fails, use validate_license to validate the license container explicitly.

To associate role assignments with the new computer role, you must select the computer role, then use new_role_assignment.

Zone type

Hierarchical only

Syntax

create_computer_role computer_role_path group_upn

Abbreviation

ccr

Options

This command takes no options.

Arguments

This command takes the following arguments:

Argument Type Description

computer_role_path

string

Required. Specifies a path to the new computer role. The path consists of the hosting zone’s distinguished name followed by a slash and the name of the new computer role.

group_upn

string

Required. Specifies the user principal name (UPN) of a computer group in Active Directory to associate with this computer role. This computer group defines the set of computers in which this computer role functions. The computer group must be available within the computer role’s host domain.

Return value

This command returns no value if it runs successfully.

Examples

The following example creates a new computer role named LinuxComputers in the global zone of acme.com:

create_computer_role {CN=global,CN=Zones,CN=Centrify,DC=acme,DC=com/LinuxComputers} linux_computers@acme.com

The scope of the computer role is defined by the group named linux_computers which is an Active Directory groups defined in acme.com. To work with the new computer role, you must select it as a zone:

select_zone “CN=global,CN=Zones,CN=Centrify,DC=acme,DC=com/LinuxComputers”

Related commands

The following command retrieves the computer role from Active Directory and stores it in memory so you can use other commands to work with it.

  • select_zone retrieves the computer role and stores it in memory.

After you have a computer role selected as a zone, you can use the following commands to view and manage the computer role:

  • new_role_assignment creates a new role assignment for the selected computer role.
  • list_role_assignments lists user role assignments for the selected computer role.
  • get_role_assignments returns a Tcl list of user role assignments for the selected computer role.
  • get_zone_field retrieves what computer group is associated with the computer role.
  • set_zone_field sets what computer group is associated with the computer role.
  • delete_zone deletes the selected computer role from Active Directory and memory.