Managing Users and Groups
topic describes how you can use (Java) to programmatically assign,
remove, and query domains, users, and groups.
Note: When configuring a domain, you must set the
unique identifier for groups and users. The attribute that is chosen
must not only be unique within the LDAP environment, but must also
be immutable and will not change within the directory. This attribute
must also be of a simple string data type (the only exception currently allowed
for Active Directory 2000/2003 is "objectsid",
which is a binary value). The Novell eDirectory attribute "GUID",
for example, is not a simple string data type and therefore will
For Active Directory, use "objectsid".
For SunOne, use "nsuniqueid".
Note: Creating multiple local users and groups while
an LDAP directory synchronization is in progress is not supported.
Attempting this process may result in errors.