Advanced Server for OpenVMS
Commands Reference Manual


Previous Contents Index

2.1.6 Using Abbreviations

In general, the command descriptions in this manual include full command names, command options, and service names. However, the software recognizes abbreviations. Note that abbreviations are not recommended for use in batch jobs and command procedures.

You can abbreviate any command option by typing enough letters to distinguish it from other command options. The following is an example of the SET AUDIT POLICY command:


$ ADMINISTER 
LANDOFOZ\\TINMAN> SET AUD POLI /FAILURE=(LOGONOFF,PROCESS) - 
_LANDOFOZ\\TINMAN>/AUDIT/SUCCESS=(ALL) 
%PWRK-S-AUDPOLSET, audit policy set for domain "LANDOFOZ" 
 
LANDOFOZ\\TINMAN> 

Note the use of the continuation character (-) to enter this long command string.

You can abbreviate options and qualifiers as illustrated in the following example:


$ ADMIN 
LANDOFOZ\\TINMAN> SET AUD POLICY/FAIL=(LOG,PROC)/AUD/SUCCESS=(ALL) 
%PWRK-S-AUDPOLSET, audit policy set for domain "LANDOFOZ" 
 
LANDOFOZ\\TINMAN> 

2.1.7 Administering the Advanced Server Using Batch Jobs

You can manage a server with batch jobs that you set up. The .COM files can contain the ADMINISTER commands you would otherwise enter interactively. The following example (EVT_CLEANUP.COM) saves an event log, then clears it:


$ TYPE EVT_CLEANUP.COM 
$ ADMINISTER SAVE EVENTS/TYPE=SECURITY SYS$BACKUP:PW-SECURITY.EVT 
$ ADMINISTER CLEAR EVENTS/TYPE=SECURITY/NOCONFIRM 
$ EXIT 

For commands that have confirmation responses (selectable using /CONFIRM and /NOCONFIRM qualifiers), the default in batch mode is to not ask for confirmation. In other words, /NOCONFIRM is the default action for batch jobs.

2.1.8 Universal Naming Convention (UNC) for Path Names

When using the Universal Naming Convention (UNC) for specifying the path to a shared directory or file, the UNC path has the form

\\server-name\share-name\path

where:
server-name is the name of the server where the directory or file resides.
share-name is the name of the shared resource containing the directory or file.
path specifies the path to the directory or file within the shared resource.

The server-name portion of the UNC, if omitted, defaults to the server currently being administered, or to the server name you specify using the /SERVER qualifier. You can omit the slash before the share-name if you omit the server-name.

Except for the TAKE FILE OWNERSHIP command, you can use standard DOS wildcards within file names, but not for directories. The TAKE FILE OWNERSHIP command does not accept wildcards for the UNC path.

2.1.9 Parameter Restrictions

The ADMINISTER command parameters listed in the following table cannot contain the following characters:

" / \ [ ] : ; | = , + * ? < >

When using ADMINISTER commands, note the following parameter restrictions:

Table 2-1 ADMINISTER Command Parameter Restrictions
Parameter Restriction
[domain-name\] server-user-name
  Specifies the Advanced Server user name to be mapped to an OpenVMS server name. An Advanced Server user can be mapped to only one OpenVMS user. Optionally, you can specify a network user in a trusted domain. To specify a network user, include the domain name ( domain-name\) with the user name, as in KANSAS\DOLE, where KANSAS is the trusted domain in which the network user account resides, and DOLE is the user name of the user account in the trusted domain.
host-user-name Specifies the OpenVMS user name to which the Advanced Server user name is to be mapped. More than one Advanced Server user can be mapped to the same OpenVMS user.
computer-name Specifies a computer name as a name that identifies the computer on the network. The computer-name must be unique in the network.

The maximum number of characters is 15.

domain-name Specifies the name of the domain. Except where noted, the default is the domain currently being administered.

The maximum number of characters is 15.

server-name Specifies the name of a server that is a member of the domain. The default is the server currently being administered.

The maximum number of characters is 15.

full-user-name Specifies the full, or complete, name for the user. Enclose the full-user-name in quotation marks if it contains lowercase letters, blanks (spaces) or other nonalphanumeric characters.

The maximum number of characters is 256.

group-name Specifies the name of an Advanced Server group. A group name cannot be identical to any other group or user name of the domain or computer being administered.

The maximum number of characters is 20.

[domain-name\] member-name
  Specifies the users or groups as members of the group. Enclose the member-name in quotation marks if it contains blanks (spaces) or other nonalphanumeric characters.

When adding members to, or removing members from, a local group, you can specify user accounts or global groups from the domain being administered and from domains it trusts. To specify a user account or global group in a trusted domain, enter a domain-qualified name in the format domain-name\member-name, such as KANSAS\DOLE, where KANSAS is the name of the trusted domain, and DOLE is the user or group name defined in the trusted domain.

The maximum number of characters is 20.

password Specifies the password for the user. Passwords are case sensitive. Enclose the password in quotation marks if it contains lowercase letters, blanks (spaces) or other nonalphanumeric characters. If you enter /PASSWORD with no value or an asterisk (*), you are prompted for the password and its confirmation; the password is not echoed on your terminal. When you are prompted, you need not use quotation marks.

The maximum number of characters is 14.

old-password Specifies the current password for the user account. Passwords are case sensitive. Enclose the old-password in quotation marks if it contains lowercase letters, blanks (spaces) or other nonalphanumeric characters. If you do not specify old-password, or specify it as an asterisk (*), you are prompted for the password, which is not echoed on your terminal. When you are prompted, you need not include quotation marks.

The maximum number of characters is 14.

queue-name Specifies the name of the queue. The maximum number of characters is 12.
share-name The name of the share. If MS-DOS computers will connect to the share, the share-name can be up to 8 characters long, optionally followed by a period and up to 3 more characters.

The maximum number of characters is 12.

string Specifies descriptive information. Enclose the string in quotation marks if it contains lowercase letters, blanks (spaces) or other nonalphanumeric characters.

The maximum number of characters is 256.

user-name Specifies the name of the user to be added. The user-name must be unique within the domain or computer being administered.

The maximum number of characters is 20.

new-user-name Specifies the user name for the new user account.

The maximum number of characters is 20.

workstation-name Specifies a workstation from which the user can log on to the domain. The workstation-name is the name of a workstation, or an asterisk (*), to specify all workstations.

The maximum number of characters is 15.


ADD COMPUTER

Adds a computer account to a domain's security database. Before a computer can join a domain, a computer account must be added to the domain's security database.

The ADD COMPUTER command is useful only if you do not wish to give out the user name and password of an Administrator account in your domain to the administrator of the computer that will join your domain. If you do not wish to supply this information, use the ADD COMPUTER command to add the computer account to your domain before the computer's administrator joins the domain. If you supply password information to the administrator of the other computer, the administrator can use it when joining and the computer account will be added to the domain automatically.

The ADD COMPUTER command is not necessary for the primary domain controller; that computer is added automatically.

Note that until the intended computer account actually joins the domain, it is possible for a malicious user to give a different computer that computer name, and then have it join the domain using the computer account you have just created. If the added computer is a backup domain controller when it joins, it receives a copy of the domain's security database.


Format

ADD COMPUTER computer-name [/qualifiers]

restrictions

Use of this command requires membership in the Administrators local group.

Related Commands


Parameters

computer-name

Specifies a 1 to 15 character name for the computer account to be added to the domain. The specified name cannot be the same as any other computer or domain name in the network.

Qualifiers

/DOMAIN=domain-name

Specifies the name of the domain to which to add the computer account. The default is the domain currently being administered. Do not specify both /DOMAIN and /SERVER on the same command line.

/ROLE=role-type

Specifies the computer's role in the network. The role-type keyword can be one of the following:
Role-Type Specify if the computer is:
BACKUP_DOMAIN_CONTROLLER
  A Windows NT or compatible backup domain controller
SERVER Windows NT or compatible server, but not a primary or backup domain controller.
WORKSTATION A Windows NT Workstation. This is the default.

/SERVER=server-name

Specifies the name of a server that is a member of the domain to which to add the computer account. Do not specify both /DOMAIN and /SERVER on the same command line.

Example


LANDOFOZ\\TINMAN> ADD COMPUTER DOROTHY/ROLE=SERVER 
%PWRK-S-COMPADD, computer "DOROTHY" added to domain "LANDOFOZ" 
 
      

This example adds the computer named DOROTHY to the default domain (LANDOFOZ), as a Windows NT compatible server.


ADD GROUP

Adds a local or global group to a domain's security database, and optionally adds members to the group.

Format

ADD GROUP group-name [/qualifiers]

restrictions

Use of this command requires membership in the Administrators or Account Operators local group.

Related Commands


Parameters

group-name

Specifies a 1 to 20 character name for the group to be added. A group name cannot be identical to any other group or user name of the domain or server being administered. It can contain any uppercase or lowercase characters except for the following:

" / \ [ ] : ; | = , + * ? < >


Qualifiers

/DESCRIPTION=string

/NODESCRIPTION

Specifies a string of up to 256 characters used to provide descriptive information about the group. Enclose the string in quotation marks to preserve case (the default is uppercase). /NODESCRIPTION, the default, indicates that the description is to be blank.

/DOMAIN=domain-name

Specifies the name of the domain to which to add the group. The default is the domain currently being administered. Do not specify both /DOMAIN and /SERVER on the same command line.

/GLOBAL

Indicates that the specified group is to be added as a global group. This is the default if neither /GLOBAL nor /LOCAL are specified. Do not specify both /GLOBAL and /LOCAL on the same command line.

/LOCAL

Indicates that the specified group is to be added as a local group. By default, a group is added as a global group. Do not specify both /GLOBAL and /LOCAL on the same command line.

/MEMBERS=([domain-name]\member-name[,...])

Adds the specified members to the membership list of the group. If the group being added is a local group, you can add user accounts and global groups from the domain being administered and from domains it trusts.

To specify a user account or global group in a trusted domain, enter a domain-qualified name (domain-name\member-name), such as KANSAS\DOLE, where KANSAS is the name of the trusted domain, and DOLE is the user or group name defined in the trusted domain. If you omit a domain name, the user or group is assumed to be defined in the domain being administered.

If the group being added is a global group, you can add user accounts only from the domain being administered.

/SERVER=server-name

Specifies the name of a server that is a member of the domain to which to add the group. Do not specify both /DOMAIN and /SERVER on the same command line.

Examples

#1

 LANDOFOZ\\TINMAN> ADD GROUP MUNCHKINS/MEMBERS=(SCARECROW,STRAWMAN) 
 %PWRK-S-GROUPADD, group "MUNCHKINS" added to domain "LANDOFOZ" 
      

This example adds the global group named MUNCHKINS to the default domain being administered (LANDOFOZ). The group will contain as members, the users named SCARECROW and STRAWMAN. The group is added as a global group because neither the /GLOBAL nor /LOCAL qualifiers were specified, and /GLOBAL is the default.

#2

 LANDOFOZ\\TINMAN> ADD GROUP WINKIES/LOCAL - 
 _LANDOFOZ\\TINMAN> /MEMBERS=(MUNCHKINS,KANSAS\WIZARD) 
 %PWRK-S-GROUPADD, group "WINKIES" added to domain "LANDOFOZ" 
      

This example adds the local group named WINKIES to the default domain being administered (LANDOFOZ). The group will contain as members, the global group MUNCHKINS from the LANDOFOZ domain, and the user WIZARD from the trusted domain KANSAS.


ADD HOSTMAP

Adds a user account mapping between an Advanced Server user account and an OpenVMS user account.

Format

ADD HOSTMAP [domain-name\]server-user-name host-user-name [/qualifier]

restrictions

Use of this command requires membership in the Administrators local group. This command is valid only for OpenVMS servers.

Related Commands


Parameters

[domain-name\]server-user-name

Specifies the Advanced Server user name to be mapped to an OpenVMS user name. You can map a network user in a trusted domain to an OpenVMS user. Specify the domain-qualified user name in the format domain-name\server-user-name, such as KANSAS\DOLE, where KANSAS is the trusted domain, and DOLE is the user name of the user account defined in the trusted domain. If you omit a domain name, the user account is assumed to be defined in the domain of the server currently being administered.

An Advanced Server user can be mapped to only one OpenVMS user.

host-user-name

Specifies the OpenVMS user name to which the Advanced Server user name is to be mapped. More than one Advanced Server user can be mapped to the same OpenVMS user.

Qualifiers

/SERVER=server-name

Specifies the name of the server to which to add the host account mapping. The default is the server currently being administered.

Example


LANDOFOZ\\TINMAN>ADD HOSTMAP SCARECROW STRAWMAN 
%PWRK-S-HOSTMAPADD, user "SCARECROW" mapped to host user "STRAWMAN" 
      

This example adds a user account mapping for the Advanced Server user SCARECROW, to the OpenVMS user STRAWMAN, on the server currently being administered (TINMAN).


ADD PRINT QUEUE

Creates an Advanced Server print queue. A print queue can be either a printer queue associated with a physical printing device, or a routing queue that routes print requests to one or more printer queues.

Format

ADD PRINT QUEUE queue-name {/PRINTER | /ROUTE_TO} [/qualifiers]

restrictions

Use of this command requires membership in the Administrators, Server Operators, or Print Operators local group. This command is valid only to OpenVMS servers.

Related Commands


Parameters

queue-name

Specifies a name for the queue to be added. The queue name may be 1 to 12 characters if the queue is a routing queue, or 1 to 8 characters if the queue is a printer queue. You specify the type of queue, printer or routing, with the /PRINTER and /ROUTE_TO qualifiers, respectively.

Qualifiers

/DESCRIPTION=string

/NODESCRIPTION

Specifies a string of up to 48 characters used to provide descriptive information about the queue. Enclose the string in quotation marks to preserve case (the default is uppercase). /NODESCRIPTION, the default, indicates that the description is to be blank.

/PRINTER=device-name

Indicates that the queue to be added is a printer queue, and specifies the physical device name or port to which the printer is physically connected. This is the actual OpenVMS system device, for example, OPA0, TTA2, TXA7, or LTA201. You must specify either the /PRINTER or /ROUTE_TO qualifier. Do not specify both /PRINTER and /ROUTE_TO on the same command line.

/ROUTE_TO=(printer-queue[,...])

Indicates that the queue to be added is a routing queue, and specifies one or more printer queues to which to route print jobs. You must specify either the /PRINTER or /ROUTE_TO qualifier. Do not specify both /PRINTER and /ROUTE_TO on the same command line.

/SERVER=server-name

Specifies the name of the server on which to create the print queue. The default is the server currently being administered.

/TYPE=printer-type

Specifies the type of printer when adding a printer queue. The printer-type keyword can be one of the following:
Printer-Type Type of Printer
DL1100 DEClaser 1100
DL2100 DEClaser 2100
DL2100P DEClaser 2100 Plus
DL2200 DEClaser 2200
DL2200P DEClaser 2200 Plus
DL3200 DEClaser 3200
LN03 DIGITAL LN03
LN03P DIGITAL LN03 Plus
LA50 DIGITAL LA50
LA70 DIGITAL LA70
LA75 DIGITAL LA75
LA210 DIGITAL LA210
LA324 DIGITAL LA324
LG01 DIGITAL LG01
LG02 DIGITAL LG02
LG06 DIGITAL LG06
LG31 DIGITAL LG31
LJ250 DIGITAL LJ250
FX850 EPSON FX850
FX1050 EPSON FX1050
HP_LASERJET Hewlett-Packard LaserJet IID
PROPRINTER IBM Proprinter
SILENTWRITER NEC Silentwriter 2, model 290 (not PostScript)
GENERIC All other printer types (the default).

Do not use the /TYPE qualifier with the /ROUTE_TO qualifier.


Examples

#1

 LANDOFOZ\\TINMAN> ADD PRINT QUEUE TOTO/PRINTER=LTA201/TYPE=DL3200 - 
 _LANDOFOZ\\TINMAN> /DESCRIPTION="Dot's Printer" 
 %PWRK-S-QUEADD, queue "TOTO" added on server "TINMAN" 
      

This example adds the printer queue TOTO to the server currently being administered (TINMAN). The printer is connected to LTA201 and is a DEClaser 3200. The description for the print queue is "Dot's Printer."

#2

 LANDOFOZ\\TINMAN> ADD PRINT QUEUE GLENDA/ROUTE_TO=(TOTO,WIZ) - 
 _LANDOFOZ\\TINMAN>) /DESCRIPTION="Printers in the Land of Oz" 
 %PWRK-S-QUEADD, queue "GLENDA" added on server "TINMAN" 
      

This example adds a routing queue named GLENDA to the server currently being administered (TINMAN). The print jobs are routed to either of the two printer queues: TOTO or WIZ. The description for the print queue is "Printers in the Land of Oz."


Previous Next Contents Index