Skip to main content

managegrp

Use the managegrp program to rapidly configure managed groups. The program can:

  • Read entries from a file and configure all the specified groups as moderated managed groups.

  • Modify the name of a group, its short ID, or description on a target system. Any associated managed groups, workflow configuration, and existing requests are transferred to use the new group.

  • Unmanage all groups, or all groups managed for a target system, providing they are not currently being used (have no dependent resources).

Usage
managegrp -rename -targetid <target> -oldgroupid <oldgroup> [-newgroupid <newgroup>][-newshortid <newshort>][-newname <newdesc>]

managegrp [-override] -file <filename>

managegrp -unmanage [-list] -all|-targetid

Argument

Description

-rename

Rename a group. This option requires -targetid, -oldgroupid, and one or more of -newgroupid, -newshortid, or -newname.

-targetid <target>

The target system on which to rename a group or unmanage groups.

-oldgroupid <oldgroup>

The current name of the group to be renamed.

-newgroupid <newgroup>

Rename <oldgroup> to <newgroup>.

-newshortid <newshort>

Change the short ID of <oldgroup> to <newshort>.

-newname <newdesc>

Change the description of <oldgroup> to <newdesc>.

-file <filename>

Indicates the file to be read.

-override

Override existing managed groups with new list of authorizers. Managed groups to ov

erride and a list of new authorizers for each group are specified in <filename>.

-unmanage

Unmanage applicable managed groups, if -list option is specified, only return the list without actually performing the action. This option requires the -targetid or -all.

-all

All groups that are currently managed and not in-use will be unmanaged.

If -file is used, the input file must contain a list of entries. Each entry must be in the following format:

<target ID> <group ID> <list of authorizers> <minimum number of authorizers>

where:

  • target ID Is the identifier for the target system the group is on.

  • group ID Is the identifier for the group on the target system. If the group ID name contains a space, the name must be enclosed in quotes ("").

  • list of authorizers Is a comma delimited list of authorizers; for example, mod1,mod2,mod3. The list can only contain configured authorizers (Workflow > Authorizers).

  • minimum number of authorizers Is the minimum number of authorizers required to process a request to the group. The value must be equal to or less than the number of listed authorizers. This value is set to 1 by default.

The <minimum number of authorizers> for an entry is set to 1 by default. You must ensure that the <list of authorizers> contains at least this many authorizers.

Modifying an existing managed group’s authorizers or number of authorizers using the managegrp program is best accomplished by editing the original entry and rerunning the program. See examples 2, 3, 4, and 5 below.

When managegrp runs, it processes all valid entries in the specified file. Invalid entries are skipped but are logged in the log file for the program. Notification of invalid entries is provided on the command line. You should review the log file, correct the invalid entries, and rerun the program with the updated file.

Examples

The following examples show how to construct the entries in the specified file.

  1. To manage the Calgary Users group on the W2K target system, using one authorizer (charlie), type:

    W2K ‘‘Calgary Users'' charlie 1

  2. To manage the Administrators group on the WIN2K target system, specifying three authorizers for the group (authorizer1, authorizer2, and authorizer3), type:

    WIN2K Administrators authorizer1,authorizer2,authorizer3 3

  3. To modify the Administrators group to only require two authorizations from the list of authorizers, change the entry to:

    WIN2K Administrators authorizer1,authorizer2,authorizer3 2

  4. To manage the UserGroup group on the AD target system using three authorizers (user1, user2, and user3), type:

    AD cn=UserGroup,ou=Domain_Users,dc=domain,dc=com user1,user2,user3 3

  5. To modify the UserGroup group so that it only requires two authorizers (user2 and user3), change the entry to:

    AD cn=UserGroup,ou=Domain_Users,dc=domain,dc=com user2,user3 2

  6. To rename a group on target AD:

    managegrp.exe -rename -targetid AD -oldgroupid CN=oldname,OU=resources,OU=staff,DC=domain,DC=local -newgroupid CN=newname,OU=resources,OU=staff,DC=domain,DC=local -newshortid newname

  7. To perform a dry run for unmanaging the groups on the AD target system:

    managegrp.exe -unmanaged -list -targetid AD

  8. To unmanage the groups on the AD target system:

    managegrp.exe -unmanaged -targetid AD
In this section: