Create a SharePoint Workspace user directory for Groove Server Manager
Applies to: SharePoint Workspace 2010, Groove Server 2010
Topic Last Modified: 2011-08-05
This article describes how to create a Groove Server Manager domain member directory by assigning Active Directory forest members to a Manager server. Manager domain members can then be provisioned with managed SharePoint Workspace accounts. This integrated directory creation process involves the use of the Active Directory Users and Computers tool (ADUC) or the use of scripts that are included with Groove Server Manager.
You can also create a Groove Server Manager directory manually, via the Manager interface, as described in Manually creating a SharePoint Workspace user directory for Groove Server Manager. However, manual creation of a user directory is best suited for test installations or for organizations without an Active Directory system, than for enterprise-wide installations.
Note
You cannot manually add users to Manager server that is integrated with an Active Directory forest. In an integrated setting, SharePoint Workspace administration occurs through Active Directory, not the Groove Server Manager interface.
An Active Directory system that is set up to recognize a Manager server, lets you assign Active Directory forest members to a Manager server by applying an attribute that contains the fully qualified domain name of the Manager server to user objects in Active Directory. The Groove Server Manager Directory Integration service then queries the prepared Active Directory forest for users flagged with the name of a Manager server in the ManagerURI attribute, and imports the user information. In the resulting integrated system, the Directory Integration service queries the Active Directory forest periodically and synchronizes user object updates with Groove Server Manager.
This process can be applied to Active Directory forest members who are new to SharePoint Workspace and to those with existing unmanaged SharePoint Workspace accounts. For more information about converting unmanaged SharePoint Workspace accounts to managed accounts, see Migrating SharePoint Workspace users to Groove Server Manager.
In this article:
Before you begin
Assigning Active Directory forest members to a Manager server via ADUC
Assigning Active Directory forest members to a Manager server via scripts
Integration tasks and supporting scripts
Windows PowerShell script functionality and examples
VBS script functionality and examples
Before you begin
Before you use the procedures in this section, address the following prerequisites:
Install Groove Server Manager as described in Install and configure Groove Server 2010 Manager
Prepare your Active Directory system as described in Prepare Active Directory for Groove Server Manager.
If you want to assign Active Directory members to Groove Server Manager by running scripts that are provided with Groove Server Manager, make sure that you have Read permissions to user objects in the Active Directory forest and Write permissions to the MS-GRV-ManagerURI attribute.
Assigning Active Directory forest members to a Manager server via ADUC
The following procedure explains how to use the Active Directory and Computers tool (ADUC) to assign Active Directory forest members to a Groove Server Manager system, for provisioning with a managed SharePoint Workspace account. For a description of the files referenced in this procedure, see the table of Groove Server Manager ADUC extension files, which follows the procedure.
For information about how to use Windows PowerShell or Visual Basic Scripting Edition (VBS) scripts to perform this task, see Assigning Active Directory forest members to a Manager server via scripts.
To assign Active Directory forest members to a Manager server via ADUC
Perform the tasks in Before you begin.
Identify the Active Directory forest members that you want to include in the Groove Server Manager domain member directory. These members will become part of your managed SharePoint Workspace and deployment.
Create a shared folder that has Change and Read permissions on the Domain Controller or on a computer that has the Active Directory User’s and Computer’s tool (ADUC) installed.
Grant Change and Read permissions to the shared folder for anyone who will provision users to Groove. For example, you could grant Full Control for Domain Admins.
If you are using Windows Server 2008 or later versions, set full trust to the share that you will use to run the ADUC tool as follows:
First, use the .NET Code Access Security Policy Tool (Caspol.exe) to configure the security level of the network share. The Caspol.exe utility is installed with .NET and should be available on the local computer where you are installing the GrooveADUCExtension (in the \Windows\Microsoft.NET\Framework directory).
Then, configure the share from which the GrooveADUCExtension.exe runs by running the Caspol.exe utility with the following command line parameters:
CasPol.exe -m -ag 1.2 -url file://<server>/<share>/* FullTrust
Note
If the share is located in the Internet security zone instead of Intranet, substitute 1.2 with 1.3 in the command line.
For more information about the CasPol.exe tool, see the MSDN article, Code Access Security Policy Tool.
From a command prompt on the Domain Controller, go to the \Tools\ADUCExtension directory and run RegisterGrooveADUCExtension.vbs, entering the destination folder in UNC format as follows:
RegisterGrooveADUCExtension.vbs \\<server>\<share>\<folder>
This copies the Groove Server Manager Active Directory Users and Computers (ADUC) extension (GrooveADUCExtension.exe) to the share that you created and registers the extension with Active Directory. You should receive a message that the extension was successfully copied and registered.
Verify that the Groove Server Manager ADUC extension works correctly, as follows: start the ADUC tool, right-click on an Active Directory domain member name, select Provision to SharePoint Workspace from the menu, and then specify the Groove Server Manager fully qualified domain name in the Groove Server ADUC Extension dialog box.
Note
To unregister the Groove Server Manager ADUC extension from Active Directory, run the following script from the \Tools\ADUCExtension directory: UnregisterGrooveADUCExtension.vbs.
To view and administer the newly added user directory in Groove Server Manager, open the administrative interface, expand the management domain in the navigation pane, and then expand Members. From here, you can click the new user group to view or distribute user policies and Relay server assignments, as described in Deploying policies to SharePoint Workspace users and Assigning Relay servers to SharePoint Workspace users.
The following table summarizes the files referenced in this procedure:
Groove Server Manager ADUC extension files
| ADUC extension file | Description |
|---|---|
GrooveADUCExtension.exe |
Runs the Groove Manager ADUC Extension for a selected Active Directory domain member, adding that member to a Groove Server Manager system that has been integrated with Active Directory. The Active Directory Users and Computers (ADUC) tool invokes this program when an administrator right-clicks on an Active Directory domain member and clicks Provision to SharePoint Workspace. |
GrooveADUCExtension.intl.resources.dll |
Contains Groove Server Manager ADUC Extension localized resources. This file is used by GrooveADUCExtension.exe. |
RegisterGrooveADUCExtension.vbs |
Copies the Groove Server Manager ADUC Extension to a network share or registers it in Active Directory for the current locale. This Visual Basic script is executed by an Active Directory administrator who also has Write permission to a specified network share. Running this program from the network requires setting full trust to the share on each server that will run this script. |
UnregisterGrooveADUCExtension.vbs |
Un-registers the Groove Server Manager ADUC Extension in Active Directory for the current locale. |
Assigning Active Directory forest members to a Manager server via scripts
Groove Server Manager provides eight Visual Basic Scripting Editing (VBS) scripts and 14 Windows PowerShell scripts to use as templates for assigning Active Directory members to a Groove Server Manager system (a Manager server), for provisioning with SharePoint Workspace accounts. The following procedure provides guidelines for using these scripts.
For information about integrating AD domain members via the ADUC tool, see Assigning Active Directory forest members to a Manager server via ADUC.
To assign Active Directory forest members to a Manager server via VBS or Windows PowerShell scripts
Perform the tasks in Before you begin.
Identify the Active Directory forest members that you want to include in the Groove Server Manager domain member directory. These members will become part of your managed SharePoint Workspace deployment.
Review the tables in Script descriptions and examples to determine script suitability.
To use Windows PowerShell scripts, make sure that the Windows PowerShell is installed on the computer that will run the scripts. You can download Windows PowerShell from the Microsoft Download Center at https://go.microsoft.com/fwlink/p/?LinkId=164750.
Note
To use VBS scripts, ensure that Visual Basic Scripting Edition is installed on your Active Directory server.
Find the scripts that you need on the Groove Server Manager installation media in the \Tools path and run them as appropriate.
To view and administer the new user directory in Groove Server Manager, open the administrative interface, expand the management domain in the navigation pane, and then expand Members. From here, you can click the new user group to view or distribute user policies and Relay server assignments, as described in Deploying policies to SharePoint Workspace users and Assigning Relay servers to SharePoint Workspace users.
Integration tasks and supporting scripts
Several tasks involved in integrating Active Directory with Groove Server Manager can be run from either Windows PowerShell scripts or Visual Basic Scripting Editing (VBS). But some tasks that run in one scripting language do not have equivalents in the other. The following table lists tasks and available scripts for each scripting environment.
For a description and examples of Windows PowerShell scripts, see Windows PowerShell script functionality and examples.
For a description and examples of and Visual Basic Scripting Editing (VBS), see VBS script functionality and examples.
| Integration task | Windows PowerShell (PS1) script | Visual Basic Scripting Edition (VBS) script |
|---|---|---|
Assign existing or intended SharePoint Workspace users in an Active Directory group to a Manager server. |
ProvisionGroupGrooveManager.ps1 |
VBScript equivalent not available. |
Assign existing or intendedSharePoint Workspace users in an Active Directory container to a Manager server. |
ProvisionOUGrooveManager.ps1 |
ProvisionUsersToServer.vbs |
Assign an existing or intended SharePoint Workspace user to a Manager server. |
ProvisionUserGrooveManager.ps1 |
VBScript equivalent not available. |
Assign existing or intended SharePoint Workspace users listed in an XML (or CSV) file to a Manager server. Tip You can add users in a CSV file to Manager server by using the VBS script: ProvisionUsersFromFileToServer.vbs. |
ProvisionUsersfromXMLfileGrooveManager.ps1 |
ProvisionUsersFromXMLFileToServer.vbs ProvisionUsersFromFileToServer.vbs |
Migrate SharePoint Workspace users in an Active Directory group from their currently assigned Manager server to a new Manager server. |
MigrateGroupGrooveManager.ps1 |
VBScript equivalent not available. |
Migrate SharePoint Workspace users in an Active Directory container from their currently assigned Manager server to a new Manager server. |
MigrateOUGrooveManager.ps1 |
MigrateUsersFromServerToServer.vbs |
Remove the Manager server assignment for SharePoint Workspace users in an Active Directory group. Removing the Manager server assignment from SharePoint Workspace users deletes the users from Manager server and deletes their managed SharePoint Workspace accounts. |
DeprovisonGroupGrooveManager.ps1 |
VBScript equivalent not available. |
Remove the Manager server assignment for SharePoint Workspace users in an Active Directory container. Removing the Manager server assignment from SharePoint Workspace users deletes the users from Manager server and their managed SharePoint Workspace accounts. |
DeprovisonOUGrooveManager.ps1 |
VBScript equivalent not available. |
Remove the Manager server assignment for SharePoint Workspace users that are assigned to a specific Manager server. Removing the Manager server assignment from SharePoint Workspace users deletes the users from Manager server and deletes their managed SharePoint Workspace accounts. |
DeprovisionSpecificGrooveManager.ps1 |
DeprovisionUsersFromServer.vbs |
Remove the Manager server assignment for a SharePoint Workspace. Removing the Manager server assignment from SharePoint Workspace users deletes the user from Manager server and delete’s the user’s managed SharePoint Workspace account. |
DeprovisionUserGrooveManager.ps1 |
VBScript equivalent not available. |
Display the SharePoint Workspace users in an Active Directory group, together with their assigned Manager server. |
ViewGroupGrooveManager.ps1 |
VBScript equivalent not available. |
Display the SharePoint Workspace users in an Active Directory container, together with their assigned Manager server. |
ViewOUGrooveManager.ps1 |
ListProvisionedServersForUsers.vbs |
Display the assigned Manager server for a specific SharePoint Workspace user. |
ViewUserGrooveManager.ps1 |
VBScript equivalent not available. |
Display SharePoint Workspace users that are not assigned to a Manager server. |
ViewUsersWithGrooveManagerNotAssigned.ps1 |
ListNonProvisionedUsers.vbs |
Display the SharePoint Workspace users that are assigned to a specific Manager server. |
ViewUsersWithSpecificGrooveManager.ps1 |
ListUsersProvisionedToServer.vbs |
Windows PowerShell script functionality and examples
The following table provides describes the Windows PowerShell scripts that facilitate integration of Active Directory and Groove Server Manager, including functionality, syntax, argument, and examples. These scripts require the following:
Windows PowerShell 2.0 is required.
All arguments in the syntax are required.
Argument values must appear enclosed in quotation marks.
For information about the C# version of enumerating large groups, see Enumerating Members in a Large Group.
| Windows PowerShell script | Syntax, and examples |
|---|---|
DeprovisionGroupGrooveManager.ps1 Removes the Manager server assignment for SharePoint Workspace users in an Active Directory group. Removing the Manager server assignment from SharePoint Workspace users deletes the users from the Manager server and deletes their managed SharePoint Workspace accounts. |
Syntax: .\DeprovisionGroupGrooveManager.ps1 LDAPGroup GrooveManager Option where LDAPGroup = An Active Directory path that points to the LDAP group in which to start the search. For example, "CN=TestGroup,OU=Test,DC=contoso,DC=com" GrooveManager = The fully qualified Domain Name of the Manager server from which to remove the users. For example, "grvsvr.contoso.com". Option = The collection of LDAPGroup members to remove, as follows:
Example 1:
Example: 2
|
DeprovisionOUGrooveManager.ps1 Removes the Manager server assignment for SharePoint Workspace users in an Active Directory container. Removing the Manager server assignment from SharePoint Workspace users deletes the users from Groove Server Manager and deletes their managed SharePoint Workspace accounts. |
Syntax: .\DeprovisionOUGrooveManager.ps1 SearchRoot where SearchRoot = An Active Directory path that points to the container in which to start the search. For example, "OU=Test,DC=contoso,DC=com". Example:
|
DeprovisionSpecificGrooveManager.ps1 Removes the Manager server assignment for SharePoint Workspace users that are assigned to a specific Manager server. Removing the Manager server assignment from SharePoint Workspace users deletes the users from Manager server and deletes their managed SharePoint Workspace accounts. |
Syntax: .\DeprovisionSpecificGrooveManager.ps1 SearchRoot GrooveManager where SearchRoot = An Active Directory path that points to the group or OU in which to start the search. For example, "OU=Test,DC=contoso,DC=com". GrooveManager = The fully qualified Domain Name of the Manager server from which to remove the users. For example, "grvsvr.contoso.com". Example 1:
Example 2:
|
DeprovisionUserGrooveManager.ps1 Removes the Manager server assignment for a SharePoint Workspace. Removing the Manager server assignment from SharePoint Workspace users deletes the user from Manager server and delete’s the user’s managed SharePoint Workspace account. |
Syntax: .\DeprovisionUserGrooveManager.ps1 SearchRoot sAMAccountname where SearchRoot = An Active Directory path that points to the container in which to start the search. For example, "OU=Test,DC=contoso,DC=com". sAMAccountname - The Active Directory user sAMAccountname. Example:1
Example:2
|
MigrateGroupGrooveManager.ps1 Migrates SharePoint Workspace users in an Active Directory group from their currently assigned Manager server to a new Manager server. |
Syntax: .\MigrateGroupGrooveManager.ps1 LDAPGroup GrooveManager1 GrooveManager2 where LDAPGroup= An Active Directory path that points to the Active Directory group in which to start the search. For example, “CN=TestGroup,OU=Test,DC=contoso, DC=com” GrooveManager1 = The fully qualified Domain Name of the Manager server from which to migrate the users. For example, "grvsvr.contoso.com". GrooveManager2 = The fully qualified Domain Name of the Manager server to which users will be migrated. For example, "grvsvr2.contoso.com". Example:1
Example:2
|
MigrateOUGrooveManager.ps1 Migrates SharePoint Workspace users in an Active Directory container from their currently assigned Manager server to a new Manager server. |
Syntax: .\MigrateOUGrooveManager.ps1 SearchRoot GrooveManager1 GrooveManager2 where SearchRoot = An Active Directory path that points to the container in which to start the search. For example, "OU=Test,DC=contoso,DC=com". GrooveManager1 = The fully qualified Domain Name of the Manager server from which to migrate the users. For example, "grvsvr.contoso.com". GrooveManager2 = The fully qualified Domain Name of the Manager server to which users will be migrated. For example, "grvsvr2.contoso.com". Example:1
Example:2
|
ProvisionGroupGrooveManager.ps1 Assigns existing or intended SharePoint Workspace users in an Active Directory group to a Manager server. |
Syntax: .\ProvisionGroupGrooveManager.ps1 LDAPGroup GrooveManager where LDAPGroup= An Active Directory path that points to the Active Directory group in which to start the search. For example, "OU=Test,DC=contoso,DC=com". GrooveManager = The fully qualified Domain Name of the Manager server to which group members will be assigned. For example, "grvsvr.contoso.com". Example:
|
ProvisionOUGrooveManager.ps1 Assigns existing or intended SharePoint Workspace users in an Active Directory container to a Manager server. |
Syntax: .\ProvisionOUGrooveManager.ps1 SearchRoot GrooveManager Option where SearchRoot = An Active Directory path that points to the container in which to start the search. For example, "OU=Test,DC=contoso,DC=com". GrooveManager = The fully qualified Domain Name of the Manager server to which users in SearchRoot will be assigned. For example, "grvsvr.contoso.com". Option = The collection of SearchRoot members to assign, as follows:
Example:1
Example:2
|
ProvisionUserGrooveManager.ps1 Assigns an existing or intended SharePoint Workspace user to a Manager server. |
Syntax: .\ProvisionUserGrooveManager.ps1 SearchRoot sAMAccountname GrooveManager where SearchRoot = An Active Directory path that points to the container in which to start the search. For example, "OU=Test, DC=contoso,DC=com". sAMAccountname - The Active Directory user sAMAccountname. GrooveManager - The fully qualified Domain Name of the Manager server to which the user will be assigned. For example, "grvsvr.contoso.com". Example:1
Example:2
|
ProvisionUsersFromXMLFileGrooveManager.ps1 Assigns existing or intended SharePoint Workspace users listed in an XML (or CSV) file to Manager server. |
Syntax: .\ProvisionUsersFromXMLFileGrooveManager.ps1 XMLFile GrooveManager where XMLFile - The XML-formatted file that contains the list of users to be assigned, as described in Manually creating a SharePoint Workspace user directory for Groove Server Manager. The file must contain the user’s full name and e-mail address. GrooveManager - The fully qualified Domain Name of the Manager server to which users will be assigned. For example, "grvsvr.contoso.com". Example1:
Example2:
|
ViewGroupGrooveManager.ps1 Display the SharePoint Workspace users in an Active Directory group, together with their assigned Manager server. |
Syntax: ViewGroupGrooveManager.ps1 LDAPGroup where LDAPGroup= An Active Directory path that points to the Active Directory group in which to start the search. Example:1
Example:2
|
ViewOUGrooveManager.ps1 Display the SharePoint Workspace users in an Active Directory container, together with their assigned Manager server. |
Syntax: .\ViewOUGrooveManager.ps1 SearchRoot where SearchRoot = An Active Directory path that points to the container in which to start the search. For example, "OU=Test, DC=contoso,DC=com". Example:1
Example:2
|
ViewUserGrooveManager.ps1 Display the assigned Manager server for a specific SharePoint Workspace user. |
Syntax: .\ViewUserGrooveManager.ps1 SearchRoot sAMAccountname where SearchRoot = An Active Directory path that points to the container in which to start the search. For example, "OU=Test, DC=contoso,DC=com". SAMAccountname - The Active Directory user sAMAccountname. Example:1
Example:2
|
ViewUsersWithGrooveManagerNotAssigned.ps1 Display SharePoint Workspace users that are not assigned to a Manager server. |
Syntax: .\ViewUsersWithGrooveManagerNotAssigned.ps1 SearchRoot where SearchRoot = An Active Directory path that points to the container in which to start the search. For example, "OU=Test, DC=contoso,DC=com". Example:1
Example:2
|
ViewUsersWithSpecificGrooveManager.ps1 Display the SharePoint Workspace users that are assigned to a specific Manager server. |
Syntax: .\ViewUsersWithSpecificGrooveManager.ps1 SearchRoot GrooveManager where SearchRoot = An Active Directory path that points to the container in which to start the search. For example, "OU=Test, DC=contoso,DC=com". GrooveManager - The fully qualified Domain Name of the Manager server for which you want to display users. For example, "grvsvr.contoso.com". Example:1
Example:2
|
VBS script functionality and examples
The following table provides describes the Visual Basic Scripting Edition (VBS) scripts that facilitate integration of Active Directory and Groove Server Manager, including functionality and Syntax.
| VBS script | Description and syntax |
|---|---|
DeprovisionUsersFromServer.vbs Removes the Manager server assignment for SharePoint Workspace users that are assigned to a specific Manager server. Removing the Manager server assignment from SharePoint Workspace users deletes the users from Manager server and deletes their managed SharePoint Workspace accounts. |
Syntax: cscript DeprovisionUsersFromServer.vbs SearchRoot GrooveManager where SearchRoot = An Active Directory path that points to the container in which to start the search. For example, "OU=Test,DC=contoso,DC=com". GrooveManager = The fully qualified Domain Name of the Manager server from which to remove the users. For example, "grvsvr.contoso.com". Example:
|
ListUsersProvisionedToServer.vbs Displays the SharePoint Workspace users that are assigned to a specific Manager server. |
Syntax: cscript ListUsersProvisionedToServer.vbs SearchRoot GrooveManager where SearchRoot = An Active Directory path that points to the container in which to start the search. For example, "OU=Test,DC=contoso,DC=com". GrooveManager = The fully qualified Domain Name of the Manager server for which you want to display users. For example, "grvsvr.contoso.com". Example:
|
ListNonProvisionedUsers.vbs Displays SharePoint Workspace users that are not assigned to a Manager server. |
Syntax: cscript ListNonProvisionedUsers.vbs SearchRoot where SearchRoot = An Active Directory path that points to the container in which to start the search. For example, "OU=Test,DC=contoso,DC=com". Example:
|
ListProvisionedServersForUsers.vbs Displays the SharePoint Workspace users in an Active Directory container, together with their assigned Manager server. |
Syntax: cscript ListProvisionedServersForUsers.vbs SearchRoot where SearchRoot = An Active Directory path that points to the container in which to start the search. For example, "OU=Test,DC=contoso,DC=com". Example:
|
MigrateUsersFromServerToServer.vbs Migrates SharePoint Workspace users in an Active Directory container from their currently assigned Manager server to a new Manager server. |
Syntax: cscript MigrateUsersFromServerToServer.vbs SearchRoot GrooveManager1 GrooveManager2 where SearchRoot = An Active Directory path that points to the container in which to start the search. For example, "OU=Test,DC=contoso,DC=com". GrooveManager1 = The fully qualified Domain Name of the Manager server from which to migrate the users. For example, "grvsvr.contoso.com". GrooveManager2 = The fully qualified Domain Name of the Manager server to which users will be migrated. For example, "grvsvr2.contoso.com". Example:
|
ProvisionUsersFromFileToServer.vbs Assigns existing or intended SharePoint Workspace users listed in CSV file to a Manager server. |
Syntax: cscript ProvisionUsersFromFileToServer.vbs CSVFile GrooveManager where XMLFile - The CSV-formatted file that contains the list of users to be assigned, as described in Manually creating a SharePoint Workspace user directory for Groove Server Manager. The file must contain the user’s full name and e-mail address. GrooveManager = The fully qualified Domain Name of the Manager server to which users will be assigned. For example, "grvsvr.contoso.com". Example:
|
ProvisionUsersFromXMLFileToServer.vbs Assigns existing or intended SharePoint Workspace users listed in an XML file to a Manager server. |
Syntax: cscript ProvisionUsersFromXMLFileToServer.vbs GrooveManager XMLFile GrooveManager = The fully qualified Domain Name of the Manager server to which users will be assigned. For example, "grvsvr.contoso.com". XMLFile - The XML-formatted file that contains the list of users to be assigned, as described in Manually creating a SharePoint Workspace user directory for Groove Server Manager. The file must contain the user’s full name and e-mail address. Example:
|
ProvisionUsersToServer.vbs Assigns existing or intended SharePoint Workspace users in an Active Directory container to a Manager server. |
Syntax: cscript ProvisionUsersToServer.vbs SearchRoot GrooveManager where SearchRoot = An Active Directory path that points to the container in which to start the search. For example, "OU=Test,DC=contoso,DC=com". GrooveManager = The fully qualified Domain Name of the Manager server to which users will be assigned. For example, "grvsvr.contoso.com". Example:
|
See Also
Concepts
Prepare Active Directory for Groove Server Manager
Automate SharePoint Workspace account configuration/restoration
Deploy SharePoint Workspace 2010
Manually creating a SharePoint Workspace user directory for Groove Server Manager
Changing directory integration settings
Operations for Groove Server 2010 Manager