# File share provisioning {% hint style="info" %} Principal identifier: `UNCPath` {% endhint %} ## Requirements File share operations require **Windows Server 2012 R2 or later** on the target server. The connector connects to each file share server directly using PowerShell remoting. The AD connector service account must have the following permissions on each target file share server: * Membership in the local **Remote Management Users** group — required to discover all file shares on the server. * Membership in the local **Administrators** group — required to collect permissions for each file share. The connector server and target file share server must be joined to the same domain. ## Parameters | Parameter | Description | Required | Type | | ------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ---------------------------------- | | Type | Must be set to `fileshare` to tell the connector this GROUP request is a file share operation. | Yes | String | | Name | Unique name identifying the share on the target server. No duplicates allowed on the same server. | Yes | String | | Path | Physical path on the target server where the share will be located. The connector creates the path (including nested sub-folders) if it does not exist, provided the service account has sufficient permissions. | Yes | String | | FileServerAddress | Network address of the file server — IP or DNS hostname. DNS names are preferred in AD environments. | Yes | String, e.g. `dc1.openiamdemo.com` | | UNCPath | Plays the ID role in OpenIAM. Network name in the format `\\server\ShareName`. | Yes | String | | Description | Optional description of the SMB share. Maximum 256 characters. | No | String | | CachingMode | Offline file caching mode: `None`, `Manual`, `Programs`, `Documents`, or `BranchCache`. | No | String | | PublishedLDAPPath | LDAP path to publish the share link in Active Directory, e.g. `LDAP://OU=Australia,DC=openiamtest,DC=local`. | No | String | | PreviousPublishedLDAPPath | Current LDAP path to move from when `PublishedLDAPPath` contains the new destination. Only works when `PublishedLDAPPath` is set with operation code `2` (replace). | No | String | | ConcurrentUserLimit | JSON array of share permissions. Each entry specifies `Operation` (`Grant` or `Revoke`), `AccountName`, and `AccessRight` (`Full`, `Change`, or `Read`). Share permissions are combined with NTFS permissions — the most restrictive applies. | No | JSON array | | OverwriteWithPermissions | When `True`, removes all existing permissions and applies `DefaultPermissionsSet` before applying `ConcurrentUserLimit`. Requires `DefaultPermissionsSet` to be set. | No | True / False | | DefaultPermissionsSet | Default permissions applied when `OverwriteWithPermissions` is `True`. Same format as `ConcurrentUserLimit`. | No | JSON array | ### Permissions JSON example ```json [ {"Operation": "Grant", "AccountName": "SomeUser", "AccessRight": "Read"}, {"Operation": "Grant", "AccountName": "Alex", "AccessRight": "Change"} ] ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs-beta.openiam.com/application-onboarding/connectors/active-directory-powershell-connector/file-share-provisioning.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.