NIM

Mapping attribute reference

This article contains information on target account attributes whose configuration is complex or otherwise ambiguous.

The MembershipCreate function is designed to grant group memberships on a one-off, ad-hoc basis when it is not possible to use Roles.

You should only use membership create/delete mapping functions sparingly, when absolutely necessary. Roles are far more efficient.

For more information, see Roles vs. mappings for group management.

Table 1. Attributes

Name

Value Specification

group

The objectGUID of the Active Directory group to which the member should be added.

member

The objectGUID of the Active Directory user to add to the group.



Table 2. Attributes

Name

Value Specification

group

The objectGUID of the Active Directory group from which the member should be removed.

member

The objectGUID of the Active Directory user to remove from the group.



Table 3. Attributes

Name

Value Specification

AccessProfile1 ...(2,3)

The objectSid of the Active Directory user who should be assigned to this home directory.

FullName

The full path of the home directory that should be created, e.g., C:\HomeFolders\bgreene. Typically stored in & mapped from the homeDirectory attribute of the Active Directory user.



Example:

Capture_5_1.PNG
Capture_8.PNG
Table 4. Attributes

Name

Value Specification

Mode

AccessProfile1 ...(2,3)

The objectSid of the Active Directory user who should be assigned to this home directory.

  • add-only: Adds to existing permissions without overwriting them

  • copy: Overwrites existing permissions



Example:

Capture15.PNG