groups command

This command displays and configures Active Directory groups of the primary management module. This group information is used only when LDAP servers are enabled for authentication with local authorization.

Table 1. groups (Active Directory groups) command
Function What it does Command Valid targets
Display all Active Directory groups Displays all Active Directory groups, up to 16, configured for the BladeCenter unit. groups 
                           -T system:mm[x]

where x is the primary management-module bay number.
Display specific Active Directory group Displays information for the specified Active Directory group. groups - group_num

where group_num is a number from 1 to 16, inclusive, that identifies the Active Directory group.

 
                           -T system:mm[x]

where x is the primary management-module bay number.
Set Active Directory group name Sets a name for the specified Active Directory group. groups - group_num -n group_name

where:

  • group_num is a number from 1 to 16, inclusive, that identifies the Active Directory group.
  • group_name is a alphanumeric string up to 63 characters in length that can include periods ( . ) and underscores ( _ ). Each of the 16 group names must be unique.
This command can only be run by users who have one or more of the following command authorities:
  • Supervisor
  • Chassis configuration
See Commands and user authority for additional information.
 
                           -T system:mm[x]

where x is the primary management-module bay number.
Set Active Directory group authority level Sets the authority level for the specified Active Directory group. groups - group_num -a group_authority

where:

  • group_num is a number from 1 to 16, inclusive, that identifies the Active Directory group.
  • group_authority uses the following syntax:
    • operator (Operator)
    •                                        rbs:levels:scope
      where the levels are one or more of the following authority levels, separated by a vertical bar ( | ):
      • super (Supervisor)
      • cam (Chassis User Account Management)
      • clm (Chassis Log Management)
      • co (Chassis Operator)
      • cc (Chassis Configuration)
      • ca (Chassis Administration)
      • bo (Blade Operator)
      • brp (Blade Remote Present)
      • bc (Blade Configuration)
      • ba (Blade Administration)
      • so (I/O Module Operator)
      • sc (I/O Module Configuration)
      • sa (I/O Module Administration)
(continued on next page) 
                           -T system:mm[x]

where x is the primary management-module bay number.
Set Active Directory group authority level

(continued)

 

where the scope is one or more of the following devices, separated by a vertical bar ( | ). Ranges of devices are separated by a dash ( - ).

  • c n (Chassis n, where n is 1 for the Active Directory environment.)
  • b n (Blade n, where n is a valid blade bay number in the chassis)
  • s n (I/O module n, where n is a valid I/O module bay number in the chassis)
This command can only be run by users who have one or more of the following command authorities:
  • Supervisor
  • Chassis configuration
See Commands and user authority for additional information.
  
Delete Active Directory group Delete the specified Active Directory group. groups - group_num -clear

where group_num is a number from 1 to 16, inclusive, that identifies the Active Directory group.

This command can only be run by users who have one or more of the following command authorities:
  • Supervisor
  • Chassis configuration
See Commands and user authority for additional information.
 
                           -T system:mm[x]

where x is the primary management-module bay number.
Example: To create Active Directory group number 3 with a group name of group3 that has supervisor rights to all BladeCenter components, while management module 1 is set as the persistent command environment, at the system:mm[1]> prompt, type 
                  groups -3 -n group3 -a rbs:super:c1|b1-b14|s1-s4
To display information for group3, while management module 1 is set as the persistent command environment, at the system:mm[1]> prompt, type 
                  groups -3

The following example shows the information that is returned from these commands:

               system:mm[1]> groups -3 -n group3 -a rbs:super:c1|b1-b14|s1-s4
OK
system:mm[1]> groups -3
-n group3
-a Role:supervisor
   Blades:1|2|3|4|5|6|7|8|9|10|11|12|13|14
   Chassis:1
   Modules:1|2|3|4
system:mm[1]>
Parent topic: Command syntax