Defines a group of FIM resources.
Schema
Copy Code | |
---|---|
<?xml version="1.0"?><xs:schema xmlns:rm="http://schemas.microsoft.com/2006/11/ResourceManagement" targetNamespace="http://schemas.microsoft.com/2006/11/ResourceManagement" version="1.0" xmlns:xs="http://www.w3.org/2001/XMLSchema"> <xs:complexType name="Group"> <xs:sequence> <xs:element minOccurs="0" name="ObjectID" type="rm:ReferenceType" /> <xs:element minOccurs="1" name="ObjectType"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:pattern value=".{0,448}" /> </xs:restriction> </xs:simpleType> </xs:element> <xs:element minOccurs="1" name="CreatedTime" type="xs:dateTime" /> <xs:element minOccurs="0" name="Creator" type="rm:ReferenceType" /> <xs:element minOccurs="0" name="MVObjectID"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:pattern value=".{0,448}" /> </xs:restriction> </xs:simpleType> </xs:element> <xs:element minOccurs="0" name="DeletedTime" type="xs:dateTime" /> <xs:element minOccurs="0" name="Description"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:pattern value=".{0,448}" /> </xs:restriction> </xs:simpleType> </xs:element> <xs:element minOccurs="0" name="DetectedRulesList" type="rm:ReferenceCollectionType" /> <xs:element minOccurs="0" name="DisplayName"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:pattern value=".{0,448}" /> </xs:restriction> </xs:simpleType> </xs:element> <xs:element minOccurs="0" name="ExpectedRulesList" type="rm:ReferenceCollectionType" /> <xs:element minOccurs="0" name="ExpirationTime" type="xs:dateTime" /> <xs:element minOccurs="0" name="Locale"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:pattern value=".{0,448}" /> </xs:restriction> </xs:simpleType> </xs:element> <xs:element minOccurs="0" name="ResourceTime" type="xs:dateTime" /> <xs:element minOccurs="0" name="ComputedMember" type="rm:ReferenceCollectionType" /> <xs:element minOccurs="0" name="AccountName"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:pattern value="^[^"/\\[\]:;|=,+/*?<>]{1,64}$" /> </xs:restriction> </xs:simpleType> </xs:element> <xs:element minOccurs="1" name="Domain"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:pattern value=".{0,448}" /> </xs:restriction> </xs:simpleType> </xs:element> <xs:element minOccurs="0" name="DisplayedOwner" type="rm:ReferenceType" /> <xs:element minOccurs="0" name="DomainConfiguration" type="rm:ReferenceType" /> <xs:element minOccurs="0" name="Email"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:pattern value=".{0,448}" /> </xs:restriction> </xs:simpleType> </xs:element> <xs:element minOccurs="0" name="ExplicitMember" type="rm:ReferenceCollectionType" /> <xs:element minOccurs="0" name="Filter" type="xs:string" /> <xs:element minOccurs="0" name="MailNickname"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:pattern value="^[^@ ]{1,64}$" /> </xs:restriction> </xs:simpleType> </xs:element> <xs:element minOccurs="1" name="MembershipAddWorkflow"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:pattern value="^(None|Custom|Owner Approval)?$" /> </xs:restriction> </xs:simpleType> </xs:element> <xs:element minOccurs="1" name="MembershipLocked" type="xs:boolean" /> <xs:element minOccurs="0" name="ObjectSID" type="xs:base64Binary" /> <xs:element minOccurs="0" name="Owner" type="rm:ReferenceCollectionType" /> <xs:element minOccurs="1" name="Scope"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:pattern value="^(DomainLocal|Global|Universal)$" /> </xs:restriction> </xs:simpleType> </xs:element> <xs:element minOccurs="0" name="SIDHistory" type="rm:BinaryCollectionType" /> <xs:element minOccurs="0" name="Temporal" type="xs:boolean" /> <xs:element minOccurs="1" name="Type"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:pattern value="^(Distribution|Security|MailEnabledSecurity)$" /> </xs:restriction> </xs:simpleType> </xs:element> </xs:sequence> </xs:complexType> </xs:schema> |
Properties
The following table lists the properties of the Group resource:
Property | Description | ||
---|---|---|---|
AccountName |
Optional String property. Account name of the group. Must
conform to the xs:pattern
|
||
ComputedMember |
Optional ReferenceCollection property that contains references to resources that are members of the Group. These resources are computed as the union of ExplicitMember and resources that are in the scope of the Filter. |
||
DisplayedOwner |
Optional property. Reference to a Person resource that will be shown as the owner of the group in applications in which only one owner can be displayed (such as Microsoft Outlook and Microsoft Exchange Server). With default FIM permissions, the DisplayedOwner of the group does not have any special permissions to perform actions on the group. In order to make the DisplayedOwner have the permissions given to Owners of the group, the Person referenced by the DisplayedOwner property must also be referenced by the Owner property. |
||
Domain |
Optional String property. Domain where the Group exists or will be created. The String length must be no more than 448 characters. |
||
DomainConfiguration |
Optional property. Contains a Reference to the parent Domain resource for this resource. |
||
|
Optional property. The e-mail address for the Group. The String length must be no more than 448 characters. |
||
ExplicitMember |
Optional multi-valued Reference property. This property defines static members of the Group. |
||
Filter |
Optional String property. Defines a WS-Enumeration Filter type (wsen:Filter) (see Enumeration Endpoint) that manages the membership of the group. Filter is used to specify the scope of criteria-based membership of a dynamic group. See FIM XPath Filter Dialect. |
||
MailNickname |
Optional String property. The e-mail alias for the Group. The String length must be between 1 and 64 characters.
|
||
MembershipAddWorkflow |
Required property. String that indicates whether a workflow will be performed when members join the group. See MemberShipAddWorkflow Property table. |
||
MembershipLocked |
Required Boolean property. See MembershipLocked Property table. |
||
ObjectSID |
Optional property of type base64Binary. A binary value that specifies the security identifier (SID) of the security group or e-mail-enabled security group. The SID is a unique value used to identify the user as a security principal. |
||
Scope |
Optional property. String that defines the range of values, each
of which corresponds to the associated Active Directory group
scope. Valid values are:
|
||
SIDHistory |
Optional multi-valued Binary property. Contains previous SIDs used for the resource if the resource was moved from another domain. |
||
Temporal |
Optional Boolean property. If true, membership in the group is based on a time filter. Temporal sets cannot be updated when transactions occur, as other sets do; they need to be periodically updated since the passing of time can cause a resource to enter or leave the set. This property is read only. |
||
Type |
Required property. Indicates the group type. Type is used to indicate in FIM what properties the group should have in Active Directory and Microsoft Exchange. See Type Property table below. |
MembershipAddWorkflow Property
Value | Description |
---|---|
None |
Indicates that adding members to this group resource do not require approval. |
Custom |
Indicates that a custom workflow is used when the user requests to join this group. |
OwnerApproval |
Indicates that a group owner must approve all membership requests to this group. |
MembershipLocked Property
The following table lists values for the MembershipLocked property:
Value | Description |
---|---|
True |
Indicates a Dynamic Group. A Dynamic Group is a group with criteria-based membership. Group membership is automatically maintained by the FIM Service based on the Filter property. |
False |
Indicates a Static Group. A Static Group has manually-managed membership. Group membership can be modified by updating the ExplicitMembers property of the group. |
Type Property
The following table lists values for the Type property:
Value | Description |
---|---|
Distribution |
Distribution group type. |
Security |
Security group type. |
MailEnabledSecurity |
Mail-enabled security group type. |
Parent Elements
None
Remarks
All of the resource types in FIM have the same attribute bindings as the Resource type by default. For more information, see Forefront Identity Manager Schema.