AddAccessGroup
Adds an empty role assignment to a group.
Syntax
IHzRoleAssignment AddAccessGroup(DirectoryEntry groupDE)
IHzRoleAssignment AddAccessGroup(SearchResult groupSR)
IHzRoleAssignment AddAccessGroup(string groupDn)
IHzRoleAssignment AddAccessGroup(IAdsGroup groupIAds)
Parameters
Specify one of the following parameters when using this method.
| Parameter | Description |
|---|---|
groupDE
|
The directory entry for the group. |
groupSr
|
The directory entry for the group specified as a search result. |
groupDn
|
The group specified as a distinguished name. |
groupIads
|
The IADs interface to the group. |
Return value
The computer role assignment.
Discussion
The role assignment is not stored in Active Directory until you call the
Commit method.
The AddAccessGroup(DirectoryEntry groupDE) and AddAccessGroup(SearchResult groupSR) methods are available only for .NET-based programs; call User for
VBScript.
Exceptions
AddAccessGroup may throw one of the following exceptions:
-
ApplicationExceptionif the specified parameter is not a group or the method cannot find the group. -
ArgumentNullExceptionif you pass anullparameter.
Example
The following code sample illustrates using the AddAccessGroup and GetAccessGroup methods in a script:
...
// Get the zone object
IHierarchicalZone objZone =
cims.GetZoneByPath("cn=" + strZone + "," + strContainerDN) as IHierarchicalZone;
if (objZone == null)
{
Console.WriteLine("Zone " + strZone + " does not exist.");
return;
}
IRole role = objZone.GetRole(strRole);
if (role == null)
{
Console.WriteLine(strRole + " does not exist in zone.");
}
else if (objZone.GetAccessGroup(role, strGroup) != null)
{
Console.WriteLine("Role assignment already exist.");
}
else
{
// assign a role to the group
IRoleAssignment zag = objZone.AddAccessGroup(strGroup);
zag.Role = role;
zag.Commit();
}
...