ComputerRole

This class represents a computer role.

Syntax

public interface IComputerRole

Methods

The ComputerRole class provides the following methods:

Method	Description
AddAccessGroup	Adds a user group to this computer role.
AddRoleAssignment	Adds an empty role assignment.
AddUser	Adds a user role assignment to this computer role.
ClearCustomAttributes	VBScript interface to clear the custom attributes for this class.
Commit	Saves changes.
Delete	Deletes this computer role.
GetAccessGroup	Gets a user group assigned to this computer role.
GetAccessGroups	Gets the user groups assigned to this computer role.
GetCustomAttributeContainer	Gets the directory entry for the parent container object for the custom attributes for this class.
GetGroup	Gets the AD computer group associated with this computer role.
GetRoleAssignment	Gets the role assignment for a specified role and user.
GetRoleAssignmentById	Gets the role assignment, given a GUID.
GetRoleAssignments	Returns all the user role assignments under this computer role.
GetRoleAssignmentToAllADUsers	Returns the role assignment given to all Active Directory users who have a specified role.
GetRoleAssignmentToEveryone	Returns the role assignment given to all users who have a specified role.
GetUser	Gets a user assigned to this computer role.
GetUsers	Gets the collection of users assigned to this computer role.
ICustomAttributeContainer GetCustomAttributeContainer	.NET interface that returns the directory entry for the parent container object for the custom attributes for this class.
SetCustomAttribute	VBScript interface to set the custom attributes for this class.
Validate	Validates the changes made to this computer role.

Properties

The ComputerRole class provides the following properties:

Property	Description
CustomAttributes	VBScript only: Gets or sets custom attributes for this computer role.
Description	Gets or sets the description of this computer role.
Group	Gets or sets the AD computer group associated with this computer role.
IsOrphan	Indicates whether this computer role is an orphan.
Name	Gets or sets the name of this computer role.
Zone	Gets the zone of this computer role.

Discussion

A computer role describes the intended use of a group of computers; for example, the set of computers dedicated as database servers. Each computer role has one associated Active Directory computer group, which identifies the computers that have that use. You can assign any number of users or user groups to a computer role, with each user or user group having the permissions necessary to perform a set of functions on computers in that computer role.

Although there are conceptual similarities, a computer role is not a variety of access role. Whereas an access role is a set of permissions assigned to an Active Directory user or user group, a computer role defines the intended use of a group of computers. For example, the DBServer computer role might be associated with the Active Directory DatabaseServers computer group. Two user groups might be assigned to the DBServer computer role: DBUsers, which has the DatabaseUsers access role; and DBAdmins, which has the DatabaseAdmins role.

You can add custom attributes to role definitions and role assignments. For example, you might want to use a custom attribute to reference a ticket number associated with a specific type of access request, role definition, or temporary role assignment. Custom attributes are optional and you can use them to capture any kind of information that is meaningful to your organization.

You can add custom attributes when defining or modifying a role, defining or modifying a computer role, or when modifying role assignment properties.

The key point is that you can use the field for any type of information you might find useful. Customers most often want to reference a trouble/request ticket but the field can contain whatever you want.