Group
Stores a list of user Distinguished Names (DNs) for managing access and security roles on organizational resources.
Table Specific Information
Select
All columns support server-side processing for the operators =, >= , <=, !=, LIKE, AND, and OR. Other filters are executed client side within the server. For example, the following query is processed by LDAP:
SELECT * FROM Group WHERE GroupType != '-2147483644' AND ObjectClass = 'top;group' LIMIT 5
Insert
To add a Group, all fields can be specified except Id, DN, and BaseDN. Required fields that should be provided are RDN and ObjectClass. For example:
INSERT INTO Group (RDN, ObjectClass) VALUES ('CN=Domain Admins', 'group')
Update
All columns except Id, DN, and BaseDN can be updated by providing the Id in the WHERE clause. For example:
UPDATE Group SET Member = 'CN=SUPPORT_388945a0,CN=Users,DC=MyDC' WHERE Id = '1|CN=HelpServicesGroup,CN=Users,DC=MyDC'
Delete
Groups can be deleted by providing the Id of the Group in a DELETE statement. For example:
DELETE FROM Group WHERE Id = '1|CN=HelpServicesGroup,CN=Users,DC=MyDC'
Columns
| Name | Type | ReadOnly | References | DataFormat | Description |
| Id [KEY] | String | True |
A combined index and Distinguished Name (DN) uniquely identifying the group. Multiple indices are supported if the column is set to 'SplitDataByRow'. | ||
| DN | String | True |
The full Distinguished Name (DN) that uniquely identifies the group in the LDAP directory. | ||
| RDN | String | False |
The Relative Distinguished Name (RDN), representing the unique portion of the DN within its parent container. | ||
| BaseDN | String | True |
The base Distinguished Name (BaseDN) indicating the starting point for LDAP operations related to the group. | ||
| GroupType | String | False | DelimitedData |
A set of flags that define the type and scope of the group object, such as whether it is a security or distribution group. Refer to LDAP documentation for possible values. | |
| ObjectClass | String | False | SplitDataByRow |
A list of LDAP object classes from which the group is derived, defining its attributes and behavior. | |
| Member | String | False | DelimitedData |
A list of Distinguished Names (DNs) representing users or other groups that are members of this group. | |
| NTGroupMembers | String | False | DelimitedData |
An unused attribute related to legacy Windows NT group membership functionality. | |
| OperatorCount | String | False | DelimitedData |
Tracks the number of operators assigned to this group for administrative purposes. | |
| AdminCount | String | False | DelimitedData |
Indicates whether the object's Access Control Lists (ACLs) have been adjusted for higher security due to membership in an administrative group. | |
| GroupAttributes | String | False | DelimitedData |
An unused attribute associated with additional group-specific attributes. | |
| GroupMembershipSAM | String | False | DelimitedData |
Provides support for down-level Windows NT group membership functionality. | |
| ControlAccessRights | String | False | DelimitedData |
Specifies the access control rights for determining which users can perform specific operations on the group. | |
| DesktopProfile | String | False | DelimitedData |
Specifies the location of the desktop profile for a user or group of users. This attribute is no longer in use. | |
| NonSecurityMember | String | False | DelimitedData |
Specifies non-security members of the group, often used for Exchange distribution lists. | |
| ManagedBy | String | False | DelimitedData |
The Distinguished Name (DN) of the user assigned as the manager of this group object. | |
| PrimaryGroupToken | String | False | DelimitedData |
A computed attribute used to retrieve the membership list of certain groups, such as Domain Users. Membership lists are not explicitly stored for scalability. | |
| String | False | DelimitedData |
A list of email addresses associated with the group or its members. |
Pseudo-Columns
Pseudo column fields are used in the WHERE clause of SELECT statements and offer a more granular control over the tuples that are returned from the data source.
| Name | Type | Description |
| Filter | String |
Defines an explicit LDAP filter that overrides other filter values set in the WHERE clause of the query. |