API Managed Groups

A managedGroupRule entity represents the metadata and contents of a given Managed Group Rule. They enable administrators to specify members of local groups on Windows devices.


Idint64Id of the Managed Group Rule.
DirectoryIdint32Id of the Managed Group Rule target Directory
TargetTypeint32Type of the Managed Group Rule target. Allowed values:
1 = Active Directory domain or organization unit
2 = Active Directory or Azure Active Directory group
3 = Active Directory, Azure Active Directory or WORKGROUP computer
4 = WORKGROUP category
TargetGuidstringIdentifier of the Managed Group Rule target. Possible formats:
Active Directory object = Object Guid from Active Directory in little-endian order (without dashes)
Azure Active Directory object = Object ID in big-endian order (with dashes)
Workgroup Category = Category ID in big-endian order (with dashes)
Workgroup computer = Workgroup computer NEBIOS name
TargetNamestringName of the Managed Group Rule target.
ManagedGroupIdint32Id of the Managed Group. For local built-in Administrators this is always 1
MemberIdint32Id of the Member. For Active Directory members this is always 1
MemberDomainstringDomain NETBIOS name for Active Directory user, group and computer members
MemberAccountstringAccount name for the member
MemberDisplayNamestringDisplay name of the Managed Group Rule member for management portal
EnabledboolIs Managed Group Rule applied to target
ValidUntildatatimeExpiry date for the Managed Group Rule



JSON Representation

Here is a JSON representation of the resource.

    "Id": 1,
    "DirectoryId": 2,
    "TargetType": 3,
    "TargetGuid": "91eba3a1-a803-4a22-b57f-94af33d1eda9",
    "TargetName": "COMPUTER1",
    "ManagedGroupId": 1,
    "MemberId": 1,
    "MemberSid": "S-1-5-21-987350600-1586923962-3403462686-1143",
    "MemberDomain": "DOMAIN",
    "MemberAccount": "doejo",
    "MemberDisplayName": "John Doe",
    "Enabled": true,
    "ValidUntil": "2020-12-13T14:00:00"