Share via

Hosted Exchange::CreateResellerOrganization

  • Article

This procedure creates a reseller organization in the specified container.

Arguments

Input argument Required Description

<container>

Yes

A valid Lightweight Directory Access Protocol (LDAP) path of the OU where the new reseller will be created. For example LDAP://OU=Hosting,DC=fabrikam,DC=Com.

<name>

Yes

The common name (CN) of the new reseller organization.

<preferredDomainController>

Yes

<description>

No

Description of the organization.

<properties>

No

Valid Active Directory attributes for an object of class OU.

Output Arguments

The <org> tag containing the OU object created and the membership and security policies supplied. Each object created has its LDAP path in a "path" attribute.

Remarks

Provisioning Steps

  1. Managed Active Directory::CreateOrganization_ (tests for permissions)

  2. Hosted Exchange::CreateCustomerRecord_ - Create a new record in the Customer Plan Database and log a Created event.

Security

  • Impersonate caller.

  • Caller's credentials tested for OrgCreator role.

Sample Code

Example XML Request

<request>   
        <procedure>     
                <execute  namespace="Hosted Exchange" procedure="CreateResellerOrganization" impersonate="1">       
                        <executeData>         
                                <container>LDAP://OU=Hosting,DC=fabrikam,DC=Com</container>         
                                <name>consolidatedmessenger</name>         
                                <description>Hosted E-mail account reseller</description>         
                                <properties>           
                                        <property name="postalAddress">             
                                                <value>1703 NE 91st</value>           
                                        </property>         
                                </properties>         
                                <preferredDomainController>AD01.fabrikam.com</preferredDomainController>       
                        </executeData>       
                        <after source="executeData" destination="data" mode="merge"/>     
                </execute>   
        </procedure> 
</request>

Example XML Response

<response>   
        <data>     
                <preferredDomainController>AD01-Wh.fabrikam.Com</preferredDomainController>     
                <container>LDAP://OU=Hosting,DC=fabrikam,DC=Com</container>     
                <name>KrakHeRes01</name>     
                <org path="LDAP://ou=KrakHeRes01,OU=Hosting,DC=fabrikam,DC=Com" name="KrakHeRes01">       
                        <otherWellKnownObjects>         
                        <obj wkName="ThisOrganizationRoot" name="LDAP://ou=KrakHeRes01,ou=Hosting,DC=fabrikam,DC=com">         
                        </obj>         
                        <obj wkName="ForeignOwnerOrg" name="LDAP://ou=Hosting,DC=fabrikam,DC=com">         
                        </obj>         
                        <obj wkName="OrgType" name="LDAP://cn=reseller,cn=WatOrgTypes,cn=_Private,ou=Hosting,DC=fabrikam,DC=com">         
                        </obj>         
                        <obj wkName="UserCreators" name="LDAP://cn=Admins@KrakHeRes01,ou=KrakHeRes01,ou=Hosting,DC=fabrikam,DC=com">         
                        </obj>         
                        <obj wkName="ChildOrgCreators" name="LDAP://cn=CSRAdmins@KrakHeRes01,ou=KrakHeRes01,ou=Hosting,DC=fabrikam,DC=com">         
                        </obj>         
                        <obj wkName="MultiGroupPointer" name="LDAP://cn=MultiGroup,cn=_Private,ou=KrakHeRes01,ou=Hosting,DC=fabrikam,DC=com">         
                        </obj>       
                        </otherWellKnownObjects>       
                        <orgs>         
                <org path="LDAP://cn=_Private,ou=KrakHeRes01,OU=Hosting,DC=fabrikam,DC=Com" name="_Private" class="container">           
                <otherWellKnownObjects>             
                        <obj wkName="ThisOrganizationRoot" name="LDAP://ou=KrakHeRes01,ou=Hosting,DC=fabrikam,DC=com">             
                        </obj>             
                        <obj wkName="OrgType" name="LDAP://cn=private,cn=WatOrgTypes,cn=_Private,ou=Hosting,DC=fabrikam,DC=com">  
        </obj> 
                           
                            
                                   </otherWellKnownObjects>          <orgs> 
            <org path="LDAP://cn=MultiGroup,cn=_Private,ou=KrakHeRes01,OU=Hosting,DC=fabrikam,DC=Com" name="MultiGroup" class="container"> 
 
              <orgs> 
 
                <org path="LDAP://cn=UserN,cn=MultiGroup,cn=_Private,ou=KrakHeRes01,OU=Hosting,DC=fabrikam,DC=Com" name="UserN" class="container"> 
 
                  <orgs> 
 
                    <org path="LDAP://cn=AllUsers@KrakHeRes01,cn=UserN,cn=MultiGroup,cn=_Private,ou=KrakHeRes01,OU=Hosting,DC=fabrikam,DC=Com" name="AllUsers@KrakHeRes01" class="container"> 
 
                      <otherWellKnownObjects> 
 
                        <obj wkName="MultiGroupPointer" name="LDAP://cn=AllUsers@KrakHeRes01,cn=_Private,ou=KrakHeRes01,ou=Hosting,DC=fabrikam,DC=com"> 
 
                        </obj> 
 
                      </otherWellKnownObjects> 
 
                    </org> 
 
                  </orgs> 
 
                </org> 
 
                <org path="LDAP://cn=ChildOrgN,cn=MultiGroup,cn=_Private,ou=KrakHeRes01,OU=Hosting,DC=fabrikam,DC=Com" name="ChildOrgN" class="container"> 
 
                  <orgs> 
 
                    <org path="LDAP://cn=AllCustomers@KrakHeRes01,cn=ChildOrgN,cn=MultiGroup,cn=_Private,ou=KrakHeRes01,OU=Hosting,DC=fabrikam,DC=Com" name="AllCustomers@KrakHeRes01" class="container"> 
 
                      <otherWellKnownObjects> 
 
                        <obj wkName="MultiGroupPointer" name="LDAP://cn=AllCustomers@KrakHeRes01,cn=_Private,ou=KrakHeRes01,ou=Hosting,DC=fabrikam,DC=com"> 
 
                        </obj> 
 
                      </otherWellKnownObjects> 
 
                    </org> 
 
                    <org path="LDAP://cn=AllCustomerAdminsGroups@KrakHeRes01,cn=ChildOrgN,cn=MultiGroup,cn=_Private,ou=KrakHeRes01,OU=Hosting,DC=fabrikam,DC=Com" name="AllCustomerAdminsGroups@KrakHeRes01" class="container"> 
 
                      <otherWellKnownObjects> 
 
                        <obj wkName="MultiGroupPointer" name="LDAP://cn=AllCustomerAdminsGroups@KrakHeRes01,cn=_Private,ou=KrakHeRes01,ou=Hosting,DC=fabrikam,DC=com"> 
 
                        </obj> 
 
                      </otherWellKnownObjects> 
 
                    </org> 
 
                    <org path="LDAP://cn=AllCustomerCSRAdminsGroups@KrakHeRes01,cn=ChildOrgN,cn=MultiGroup,cn=_Private,ou=KrakHeRes01,OU=Hosting,DC=fabrikam,DC=Com" name="AllCustomerCSRAdminsGroups@KrakHeRes01" class="container"> 
 
                      <otherWellKnownObjects> 
 
                        <obj wkName="MultiGroupPointer" name="LDAP://cn=AllCustomerCSRAdminsGroups@KrakHeRes01,cn=_Private,ou=KrakHeRes01,ou=Hosting,DC=fabrikam,DC=com"> 
 
                        </obj> 
 
                      </otherWellKnownObjects> 
 
                    </org> 
 
                  </orgs> 
 
                </org> 
 
              </orgs> 
 
            </org> 
 
          </orgs> 
 
          <dacl> 
 
            <ace> 
 
              <permission>ADS_RIGHT_DS_WRITE_PROP</permission> 
 
              <inheritance>SUB_CONTAINERS_AND_OBJECTS_INHERIT</inheritance> 
 
              <objectTypeName>{BF9679C0-0DE6-11D0-A285-00AA003049E2}</objectTypeName> 
 
              <inheritedObjectTypeName>{BF967A9C-0DE6-11D0-A285-00AA003049E2}</inheritedObjectTypeName> 
 
              <trustee>LDAP://cn=CSRAdmins@KrakHeRes01,ou=KrakHeRes01,ou=Hosting,DC=fabrikam,DC=com</trustee> 
 
              <trusteeType>TRUSTEE_IS_GROUP</trusteeType> 
 
              <trusteeForm>TRUSTEE_IS_OBJECTS_AND_SID</trusteeForm> 
 
              <mode>GRANT_ACCESS</mode> 
 
            </ace> 
 
          </dacl> 
 
          <groups> 
 
            <group path="LDAP://cn=AllCustomerAdminsGroups@KrakHeRes01,cn=_Private,ou=KrakHeRes01,OU=Hosting,DC=fabrikam,DC=Com" name="AllCustomerAdminsGroups@KrakHeRes01"> 
 
              <memberOfGroup name="LDAP://cn=AllCustomerAdminsGroups,cn=_Private,ou=Hosting,DC=fabrikam,DC=com"> 
 
              </memberOfGroup> 
 
            </group> 
 
            <group path="LDAP://cn=AllCustomerCSRAdminsGroups@KrakHeRes01,cn=_Private,ou=KrakHeRes01,OU=Hosting,DC=fabrikam,DC=Com" name="AllCustomerCSRAdminsGroups@KrakHeRes01"> 
 
              <memberOfGroup name="LDAP://cn=AllCustomerCSRAdminsGroups,cn=_Private,ou=Hosting,DC=fabrikam,DC=com"> 
 
              </memberOfGroup> 
 
            </group> 
 
            <group path="LDAP://cn=AllCustomers@KrakHeRes01,cn=_Private,ou=KrakHeRes01,OU=Hosting,DC=fabrikam,DC=Com" name="AllCustomers@KrakHeRes01"> 
 
              <memberOfGroup name="LDAP://cn=AllUsers,cn=_Private,ou=Hosting,DC=fabrikam,DC=com"> 
 
              </memberOfGroup> 
 
            </group> 
 
            <group path="LDAP://cn=AllUsers@KrakHeRes01,cn=_Private,ou=KrakHeRes01,OU=Hosting,DC=fabrikam,DC=Com" name="AllUsers@KrakHeRes01"> 
 
              <memberOfGroup name="LDAP://cn=AllUsersGroups,cn=_Private,ou=Hosting,DC=fabrikam,DC=com"> 
 
              </memberOfGroup> 
 
            </group> 
 
          </groups> 
 
        </org> 
 
      </orgs> 
 
      <groups> 
 
        <group path="LDAP://cn=Admins@KrakHeRes01,ou=KrakHeRes01,OU=Hosting,DC=fabrikam,DC=Com" name="Admins@KrakHeRes01"> 
 
          <memberOfGroup name="LDAP://cn=AllResellerAdminsGroups,cn=_Private,ou=Hosting,DC=fabrikam,DC=com"> 
 
          </memberOfGroup> 
 
        </group> 
 
        <group path="LDAP://cn=CSRAdmins@KrakHeRes01,ou=KrakHeRes01,OU=Hosting,DC=fabrikam,DC=Com" name="CSRAdmins@KrakHeRes01"> 
 
          <memberOfGroup name="LDAP://cn=AllResellerCSRAdminsGroups,cn=_Private,ou=Hosting,DC=fabrikam,DC=com"> 
 
          </memberOfGroup> 
 
          <dacl> 
 
            <ace> 
 
              <inheritance>NO_INHERITANCE</inheritance> 
 
              <permission>ADS_RIGHT_READ_CONTROL</permission> 
 
              <trusteeType>0</trusteeType> 
 
              <trusteeForm>0</trusteeForm> 
 
              <trustee>S-1-5-10</trustee> 
 
              <mode>GRANT_ACCESS</mode> 
 
            </ace> 
 
          </dacl> 
 
        </group> 
 
      </groups> 
 
      <dacl> 
 
        <ace> 
 
          <permission>ADS_RIGHT_DS_LIST_OBJECT</permission> 
 
          <trustee>LDAP://cn=AllUsers@KrakHeRes01,cn=_Private,ou=KrakHeRes01,ou=Hosting,DC=fabrikam,DC=com</trustee> 
 
          <trusteeType>TRUSTEE_IS_GROUP</trusteeType> 
 
          <trusteeForm>TRUSTEE_IS_SID</trusteeForm> 
 
          <mode>GRANT_ACCESS</mode> 
 
        </ace> 
 
        <ace> 
 
          <permission>ADS_RIGHT_ACTRL_DS_LIST</permission> 
 
 
  <permission>ADS 
_RIGHT_DS_READ_PROP</permission>          <inheritance>SUB_CONTAINERS_AND_OBJECTS_INHERIT</inheritance>          <trustee>LDAP://cn=AllUsers@KrakHeRes01,cn=_Private,ou=KrakHeRes01,ou=Hosting,DC=fabrikam,DC=com</trustee>          <trusteeType>TRUSTEE_IS_GROUP</trusteeType>          <trusteeForm>TRUSTEE_IS_SID</trusteeForm>          <mode>GRANT_ACCESS</mode>        </ace>        <ace>          <permission>ADS_RIGHT_DS_LIST_OBJECT</permission>          <permission>ADS_RIGHT_ACTRL_DS_LIST</permission>          <inheritance>SUB_CONTAINERS_AND_OBJECTS_INHERIT</inheritance>          <trustee>LDAP://cn=AllCustomers@KrakHeRes01,cn=_Private,ou=KrakHeRes01,ou=Hosting,DC=fabrikam,DC=com</trustee>          <trusteeType>TRUSTEE_IS_GROUP</trusteeType>          <trusteeForm>TRUSTEE_IS_SID</trusteeForm>          <mode>GRANT_ACCESS</mode>        </ace>        <ace>          <permission>ADS_RIGHT_DS_WRITE_PROP</permission>          <permission>ADS_RIGHT_READ_CONTROL</permission>          <permission>ADS_RIGHT_WRITE_DAC</permission>          <permission>ADS_RIGHT_DS_SELF</permission>          <permission>ADS_RIGHT_DS_CONTROL_ACCESS</permission>          <permission>ADS_RIGHT_DS_CREATE_CHILD</permission>          <permission>ADS_RIGHT_DS_DELETE_CHILD</permission>          <permission>ADS_RIGHT_DS_DELETE_TREE</permission>          <inheritance>SUB_CONTAINERS_AND_OBJECTS_INHERIT</inheritance>          <trustee>LDAP://cn=Admins@KrakHeRes01,ou=KrakHeRes01,ou=Hosting,DC=fabrikam,DC=com</trustee>          <trusteeType>TRUSTEE_IS_GROUP</trusteeType>          <trusteeForm>TRUSTEE_IS_SID</trusteeForm>          <mode>GRANT_ACCESS</mode>        </ace>        <ace>          <permission>ADS_RIGHT_DS_WRITE_PROP</permission>          <permission>ADS_RIGHT_READ_CONTROL</permission>          <permission>ADS_RIGHT_WRITE_DAC</permission>          <permission>ADS_RIGHT_DS_SELF</permission>          <permission>ADS_RIGHT_DS_CONTROL_ACCESS</permission>          <permission>ADS_RIGHT_DS_CREATE_CHILD</permission>          <permission>ADS_RIGHT_DS_DELETE_CHILD</permission>          <permission>ADS_RIGHT_DS_DELETE_TREE</permission>          <permission>ADS_RIGHT_DELETE</permission>          <inheritance>SUB_CONTAINERS_AND_OBJECTS_INHERIT</inheritance>          <trustee>LDAP://cn=CSRAdmins@Hosting,ou=Hosting,DC=fabrikam,DC=com</trustee>          <trusteeType>TRUSTEE_IS_GROUP</trusteeType>          <trusteeForm>TRUSTEE_IS_SID</trusteeForm>          <mode>GRANT_ACCESS</mode>        </ace>        <ace>          <permission>ADS_RIGHT_DELETE</permission>          <permission>ADS_RIGHT_DS_DELETE_TREE</permission>          <inheritance>10</inheritance>          <inheritedObjectTypeName>{BF967AA5-0DE6-11D0-A285-00AA003049E2}</inheritedObjectTypeName>          <trustee>LDAP://cn=CSRAdmins@KrakHeRes01,ou=KrakHeRes01,ou=Hosting,DC=fabrikam,DC=com</trustee>          <trusteeType>TRUSTEE_IS_GROUP</trusteeType>          <trusteeForm>TRUSTEE_IS_OBJECTS_AND_SID</trusteeForm>          <mode>GRANT_ACCESS</mode>        </ace>        <ace>          <permission>ADS_RIGHT_DS_CREATE_CHILD</permission>          <inheritance>SUB_CONTAINERS_AND_OBJECTS_INHERIT</inheritance>          <trustee>LDAP://cn=CSRAdmins@KrakHeRes01,ou=KrakHeRes01,ou=Hosting,DC=fabrikam,DC=com</trustee>          <trusteeType>TRUSTEE_IS_GROUP</trusteeType>          <trusteeForm>TRUSTEE_IS_SID</trusteeForm>          <mode>GRANT_ACCESS</mode>        </ace>      </dacl>    </org>  </data></response>

Applies To

Hosted Exchange Namespace API for:

  • Hosted Messaging and Collaboration version 3.5

  • Hosted Messaging and Collaboration version 3.0