Group
Stores a list of user names. Used to apply security principals on resources.
Table Specific Information
Select
All columns support server-side processing for the operators =, >= , <=, !=, LIKE, AND, and OR. Other filters are executed client side within the driver. For example, the following query is processed by LDAP:
SELECT * FROM Group WHERE GroupType != '-2147483644' AND ObjectClass = 'top;group' LIMIT 5You can turn off client-side execution by setting SupportEnhancedSQL to false in which case any search criteria that refers to any other operators will cause an error.
Insert
To add a Group, all fields can be specified except Id, DN, and BaseDN. Required fields that should be provided are RDN and ObjectClass. For example:
INSERT INTO Group (RDN, ObjectClass) VALUES ('CN=Domain Admins', 'group')
Update
All columns except Id, DN, and BaseDN can be updated by providing the Id in the WHERE clause. For example:
UPDATE Group SET Member = 'CN=SUPPORT_388945a0,CN=Users,DC=MyDC' WHERE Id = '1|CN=HelpServicesGroup,CN=Users,DC=MyDC'
Delete
Groups can be deleted by providing the Id of the Group in a DELETE statement. For example:
DELETE FROM Group WHERE Id = '1|CN=HelpServicesGroup,CN=Users,DC=MyDC'
Columns
Name | Type | ReadOnly | References | DataFormat | Description |
Id [KEY] | String | True |
Combined index and DN. Multiple indices are only possible when a column is set to SplitDataByRow. | ||
DN | String | True |
The full distinguished name. | ||
RDN | String | False |
The relative distinguished name. | ||
BaseDN | String | True |
The base distinguished name. | ||
GroupType | String | False | DelimitedData |
Contains a set of flags that define the type and scope of a group object. For the possible values for this attribute, see Remarks. | |
ObjectClass | String | False | SplitDataByRow |
The list of classes from which this class is derived. | |
Member | String | False | DelimitedData |
The list of users that belong to the group. | |
NTGroupMembers | String | False | DelimitedData |
This attribute is not used. | |
OperatorCount | String | False | DelimitedData |
Operator count. | |
AdminCount | String | False | DelimitedData |
Indicates that a given object has had its ACLs changed to a more secure value by the system because it was a member of one of the administrative groups (directly or transitively). | |
GroupAttributes | String | False | DelimitedData |
The Group-Attributes attribute is not currently used. | |
GroupMembershipSAM | String | False | DelimitedData |
Windows NT Security. Down level Windows NT support. | |
ControlAccessRights | String | False | DelimitedData |
Used by DS Security to determine which users can perform specific operations on the host object. | |
DesktopProfile | String | False | DelimitedData |
The location of the desktop profile for a user or group of users. Not used. | |
NonSecurityMember | String | False | DelimitedData |
Nonsecurity members of a group. Used for Exchange distribution lists. | |
ManagedBy | String | False | DelimitedData |
The distinguished name of the user that is assigned to manage this object. | |
PrimaryGroupToken | String | False | DelimitedData |
A computed attribute that is used in retrieving the membership list of a group, such as Domain Users. The complete membership of such groups is not stored explicitly for scaling reasons. | |
String | False | DelimitedData |
The list of email addresses for a contact. |
Pseudo-Columns
Pseudo column fields are used in the WHERE clause of SELECT statements and offer a more granular control over the tuples that are returned from the data source.
Name | Type | Description |
Filter | String |
Defines the LDAP filter explicitly, overriding any other values set in the WHERE clause. |