MPS Import::EnableOrganizationForHosting
This procedure ensures that a specified organization contains all the necessary child objects, security groups, and security settings to be recognized as a hosted organization by the MPS system. This procedure attempts to configure an existing organization as a hosted organization by doing the following:
Creating all necessary child OUs for Hosting configuration.
Creating security groups.
Setting group memberships with parent organizations.
Setting security ACLs on object.
Arguments
Input argument | Required | Description |
---|---|---|
<path> |
Yes |
The Lightweight Directory Access Protocol (LDAP) path of the container where the organization is located. |
<preferredDomainController> |
Yes |
|
<policyName> |
No |
Determines the security policy to apply to the object. The default is customer, which is appropriate for all hosted organizations beneath a reseller organization. Valid values are:
Generally the supplied value should be reseller or customer. Default is used for child containers (such as departments), which simply inherit security policy from parent. |
Remarks
Prerequisites
Organization must be located in the hosting Active Directory tree at the proper level in the hierarchy depending on whether it is a reseller or customer.
Procedure Steps
Managed Active Directory::GetThisOrganizationRoot - get the root organization for organization being enabled
Managed Active Directory::GetPolicy - get the policy structure for the organization.
MPSImport::CreateOrgChildren - create child containers and security groups.
MPSImport::CreateOrgChildren - create child containers
MPSImport::CreateOrgGroups - create org groups (admins and allusers)
Managed Active Directory::SetSecurity_
Managed Active Directory::SetOtherWellKnownObjects_
Managed Active Directory::SetGroupMemberships_ 9. Managed Active Directory::RemoveAllAuthenticatedUsersACEs_
Security
Impersonate caller.
Sample Code
Example XML Request
<request>
<procedure>
<execute namespace="MPS Import" procedure="EnableOrganizationForHosting" impersonate="1">
<executeData>
<path>LDAP://OU=alpineskihouse,OU=consolidatedmessenger,OU=Hosting,DC=fabrikam,DC=Com</path>
<preferredDomainController>AD01.fabrikam.Com</preferredDomainController>
<policyName>customer</policyName>
</executeData>
<after source="executeData" destination="data" mode="merge"/>
</execute>
</procedure>
</request>
Example XML Response
Shown for format only; content may vary.
<response>
<data>
<path>LDAP://OU=MPSImportOrg01,OU=MPSImportRes01,OU=Hosting,DC=fabrikam,DC=Com</path>
<preferredDomainController>AD01-Wh.fabrikam.Com</preferredDomainController>
<policyName>customer</policyName>
<org path="LDAP://ou=MPSImportOrg01,OU=MPSImportRes01,OU=Hosting,DC=fabrikam,DC=Com" name="MPSImportOrg01">
<otherWellKnownObjects>
<obj wkName="ThisOrganizationRoot" name="LDAP://ou=MPSImportOrg01,OU=MPSImportRes01,OU=Hosting,DC=fabrikam,DC=com">
</obj>
<obj wkName="ForeignOwnerOrg" name="LDAP://OU=MPSImportRes01,OU=Hosting,DC=fabrikam,DC=com">
</obj>
<obj wkName="UserCreators" name="LDAP://cn=Admins@MPSImportOrg01,ou=MPSImportOrg01,OU=MPSImportRes01,OU=Hosting,DC=fabrikam,DC=com">
</obj>
<obj wkName="ChildOrgCreators" name="LDAP://cn=CSRAdmins@MPSImportOrg01,ou=MPSImportOrg01,OU=MPSImportRes01,OU=Hosting,DC=fabrikam,DC=com">
</obj>
<obj wkName="OrgType" name="LDAP://cn=customer,cn=WatOrgTypes,cn=_Private,ou=Hosting,DC=fabrikam,DC=com">
</obj>
<obj wkName="MultiGroupPointer" name="LDAP://cn=MultiGroup,cn=_Private,ou=MPSImportOrg01,OU=MPSImportRes01,OU=Hosting,DC=fabrikam,DC=com">
</obj>
</otherWellKnownObjects>
<orgs>
<org path="LDAP://cn=_Private,ou=MPSImportOrg01,OU=MPSImportRes01,OU=Hosting,DC=fabrikam,DC=Com" name="_Private" class="container">
<otherWellKnownObjects>
<obj wkName="ThisOrganizationRoot" name="LDAP://ou=MPSImportOrg01,OU=MPSImportRes01,OU=Hosting,DC=fabrikam,DC=com">
</obj>
<obj wkName="OrgType" name="LDAP://cn=private,cn=WatOrgTypes,cn=_Private,ou=Hosting,DC=fabrikam,DC=com">
</obj>
</otherWellKnownObjects>
<orgs>
<org path="LDAP://cn=MultiGroup,cn=_Private,ou=MPSImportOrg01,OU=MPSImportRes01,OU=Hosting,DC=fabrikam,DC=Com" name="MultiGroup" class="container">
<orgs>
<org path="LDAP://cn=UserN,cn=MultiGroup,cn=_Private,ou=MPSImportOrg01,OU=MPSImportRes01,OU=Hosting,DC=fabrikam,DC=Com" name="UserN" class="container">
<orgs>
<org path="LDAP://cn=AllUsers@MPSImportOrg01,cn=UserN,cn=MultiGroup,cn=_Private,ou=MPSImportOrg01,OU=MPSImportRes01,OU=Hosting,DC=fabrikam,DC=Com" name="AllUsers@MPSImportOrg01" class="container">
<otherWellKnownObjects>
<obj wkName="MultiGroupPointer" name="LDAP://cn=AllUsers@MPSImportOrg01,cn=_Private,ou=MPSImportOrg01,OU=MPSImportRes01,OU=Hosting,DC=fabrikam,DC=com">
</obj>
</otherWellKnownObjects>
</org>
</orgs>
</org>
<org path="LDAP://cn=ChildOrgN,cn=MultiGroup,cn=_Private,ou=MPSImportOrg01,OU=MPSImportRes01,OU=Hosting,DC=fabrikam,DC=Com" name="ChildOrgN" class="container">
</org>
</orgs>
</org>
</orgs>
<groups>
<group path="LDAP://cn=AllUsers@MPSImportOrg01,cn=_Private,ou=MPSImportOrg01,OU=MPSImportRes01,OU=Hosting,DC=fabrikam,DC=Com" name="AllUsers@MPSImportOrg01">
<memberOfGroup name="LDAP://cn=AllCustomers@MPSImportRes01,cn=_Private,OU=MPSImportRes01,OU=Hosting,DC=fabrikam,DC=com">
</memberOfGroup>
</group>
</groups>
</org>
</orgs>
<groups>
<group path="LDAP://cn=Admins@MPSImportOrg01,ou=MPSImportOrg01,OU=MPSImportRes01,OU=Hosting,DC=fabrikam,DC=Com" name="Admins@MPSImportOrg01">
<memberOfGroup name="LDAP://cn=AllCustomerAdminsGroups@MPSImportRes01,cn=_Private,OU=MPSImportRes01,OU=Hosting,DC=fabrikam,DC=com">
</memberOfGroup>
</group>
<group path="LDAP://cn=CSRAdmins@MPSImportOrg01,ou=MPSImportOrg01,OU=MPSImportRes01,OU=Hosting,DC=fabrikam,DC=Com" name="CSRAdmins@MPSImportOrg01">
<memberOfGroup name="LDAP://cn=AllCustomerCSRAdminsGroups@MPSImportRes01,cn=_Private,OU=MPSImportRes01,OU=Hosting,DC=fabrikam,DC=com">
</memberOfGroup>
<dacl>
<ace>
<inheritance>NO_INHERITANCE</inheritance>
<permission>ADS_RIGHT_READ_CONTROL</permission>
<trusteeType>0</trusteeType>
<trusteeForm>0</trusteeForm>
<trustee>S-1-5-10</trustee>
<mode>GRANT_ACCESS</mode>
</ace>
</dacl>
</group>
</groups>
<dacl>
<ace>
<permission>ADS_RIGHT_DS_LIST_OBJECT</permission>
<trustee>LDAP://cn=AllUsers@MPSImportOrg01,cn=_Private,ou=MPSImportOrg01,OU=MPSImportRes01,OU=Hosting,DC=fabrikam,DC=com</trustee>
<trusteeType>TRUSTEE_IS_GROUP</trusteeType>
<trusteeForm>TRUSTEE_IS_SID</trusteeForm>
<mode>GRANT_ACCESS</mode>
</ace>
<ace>
<permission>ADS_RIGHT_ACTRL_DS_LIST</permission>
<permission>ADS_RIGHT_DS_READ_PROP</permission>
<inheritance>SUB_CONTAINERS_AND_OBJECTS_INHERIT</inheritance>
<trustee>LDAP://cn=AllUsers@MPSImportOrg01,cn=_Private,ou=MPSImportOrg01,OU=MPSImportRes01,OU=Hosting,DC=fabrikam,DC=com</trustee>
<trusteeType>TRUSTEE_IS_GROUP</trusteeType>
<trusteeForm>TRUSTEE_IS_SID</trusteeForm>
<mode>GRANT_ACCESS</mode>
</ace>
<ace>
<permission>ADS_RIGHT_READ_CONTROL</permission>
<inheritance>SUB_CONTAINERS_AND_OBJECTS_INHERIT</inheritance>
<trustee>LDAP://cn=Admins@MPSImportOrg01,ou=MPSImportOrg01,OU=MPSImportRes01,OU=Hosting,DC=fabrikam,DC=com</trustee>
<trusteeType>TRUSTEE_IS_GROUP</trusteeType>
<trusteeForm>TRUSTEE_IS_SID</trusteeForm>
<mode>GRANT_ACCESS</mode>
</ace>
<ace>
<permission>ADS_RIGHT_READ_CONTROL</permission>
<permission>ADS_RIGHT_DS_WRITE_PROP</permission>
<permission>ADS_RIGHT_WRITE_DAC</permission>
<permission>ADS_RIGHT_DS_SELF</permission>
<permission>ADS_RIGHT_DS_CONTROL_ACCESS</permission>
<permission>ADS_RIGHT_DS_CREATE_CHILD</permission>
<permission>ADS_RIGHT_DS_DELETE_CHILD</permission>
<permission>ADS_RIGHT_DS_DELETE_TREE</permission>
<permission>ADS_RIGHT_DELETE</permission>
<inheritance>SUB_CONTAINERS_AND_OBJECTS_INHERIT</inheritance>
<trustee>LDAP://cn=CSRAdmins@MPSImportRes01,OU=MPSImportRes01,OU=Hosting,DC=fabrikam,DC=com</trustee>
<trusteeType>TRUSTEE_IS_GROUP</trusteeType>
<trusteeForm>TRUSTEE_IS_SID</trusteeForm>
<mode>GRANT_ACCESS</mode>
</ace>
<ace>
<permission>ADS_RIGHT_DS_WRITE_PROP</permission>
<permission>ADS_RIGHT_READ_CONTROL</permission>
<permission>ADS_RIGHT_WRITE_DAC</permission>
<permission>ADS_RIGHT_DS_SELF</permission>
<permission>ADS_RIGHT_DS_CONTROL_ACCESS</permission>
<permission>ADS_RIGHT_DS_CREATE_CHILD</permission>
<permission>ADS_RIGHT_DS_DELETE_CHILD</permission>
<permission>ADS_RIGHT_DS_DELETE_TREE</permission>
<inheritance>SUB_CONTAINERS_AND_OBJECTS_INHERIT</inheritance>
<trustee>LDAP://cn=Admins@MPSImportOrg01,ou=MPSImportOrg01,OU=MPSImportRes01,OU=Hosting,DC=fabrikam,DC=com</trustee>
<trusteeType>TRUSTEE_IS_GROUP</trusteeType>
<trusteeForm>TRUSTEE_IS_SID</trusteeForm>
<mode>GRANT_ACCESS</mode>
</ace>
<ace>
<permission>ADS_RIGHT_GENERIC_ALL</permission>
<inheritance>11</inheritance>
<inheritedObjectTypeName>{BF967ABA-0DE6-11D0-A285-00AA003049E2}</inheritedObjectTypeName>
<trustee>LDAP://cn=CSRAdmins@MPSImportOrg01,ou=MPSImportOrg01,OU=MPSImportRes01,OU=Hosting,DC=fabrikam,DC=com</trustee>
<trusteeType>TRUSTEE_IS_GROUP</trusteeType>
<trusteeForm>TRUSTEE_IS_OBJECTS_AND_SID</trusteeForm>
<mode>GRANT_ACCESS</mode>
</ace>
</dacl>
</org>
</data>
</response>
Applies To
- Hosted Messaging and Collaboration version 3.5