ComputerRole

This class represents a computer role.

Syntax

public interface IComputerRole

Methods

The ComputerRole class provides the following methods:

This method Does this

AddAccessGroup

Adds a user group to this computer role.

AddRoleAssignment

Adds an empty role assignment.

AddUser

Adds a user role assignment to this computer role.

ClearCustomAttributes

VBScript interface to clear the custom attributes for this class.

Commit

Saves changes.

Delete

Deletes this computer role.

GetAccessGroup

Gets a user group assigned to this computer role.

GetAccessGroups

Gets the user groups assigned to this computer role.

GetCustomAttributeContainer

Gets the directory entry for the parent container object for the custom attributes for this class.

GetGroup

Gets the AD computer group associated with this computer role.

GetRoleAssignment

Gets the role assignment for a specified role and user.

GetRoleAssignmentById

Gets the role assignment, given a GUID.

GetRoleAssignments

Returns all the user role assignments under this computer role.

GetRoleAssignmentToAllADUsers

Returns the role assignment given to all Active Directory users who have a specified role.

GetRoleAssignmentToEveryone

Returns the role assignment given to all users who have a specified role.

GetUser

Gets a user assigned to this computer role.

GetUsers

Gets the collection of users assigned to this computer role.

ICustomAttributeContainer GetCustomAttributeContainer

.NET interface that returns the directory entry for the parent container object for the custom attributes for this class.

SetCustomAttribute

VBScript interface to set the custom attributes for this class.

Validate

Validates the changes made to this computer role.

Properties

The ComputerRole class provides the following properties:

This property Does this

CustomAttributes

VBScript only: Gets or sets custom attributes for this computer role.

Description

Gets or sets the description of this computer role.

Group

Gets or sets the AD computer group associated with this computer role.

IsOrphan

Indicates whether this computer role is an orphan.

Name

Gets or sets the name of this computer role.

Zone

Gets the zone of this computer role.

Discussion

A computer role describes the intended use of a group of computers; for example, the set of computers dedicated as database servers. Each computer role has one associated Active Directory computer group, which identifies the computers that have that use. You can assign any number of users or user groups to a computer role, with each user or user group having the permissions necessary to perform a set of functions on computers in that computer role.

Note that, although there are conceptual similarities, a computer role is not a variety of access role. Whereas an access role is a set of permissions assigned to an Active Directory user or user group, a computer role defines the intended use of a group of computers. For example, the DBServer computer role might be associated with the Active Directory DatabaseServers computer group. Two user groups might be assigned to the DBServer computer role: DBUsers, which has the DatabaseUsers access role; and DBAdmins, which has the DatabaseAdmins role.

You can add custom attributes to role definitions and role assignments. For example, you might want to use a custom attribute to reference a ticket number associated with a specific type of access request, role definition, or temporary role assignment. Custom attributes are optional and you can use them to capture any kind of information that is meaningful to your organization.

You can add custom attributes when defining or modifying a role, defining or modifying a computer role, or when modifying role assignment properties.

The key point is that you can use the field for any type of information you might find useful. Customers most often want to reference a trouble/request ticket but the field can contain whatever you want.