Active Directory Adapter Reference
Connect Password Filter
The Active Directory adapter depends on the Connect Active Directory Password Filter to be able to capture password changes in AD.
Install and configure the password filter only if the environment is using Active Directory.
addADGroupMember
Adds a member to a Group on the Active Directory Server.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
groupDn* | text, expression, variable | theDN of the Group |
memberDn* | text, expression, variable | the DN of the member |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection()
groupDn = "CN=TestGroup,OU=Groups,DC=test,DC=local"
newDn = "CN=Test User,OU=People,DC=test,DC=local"
result = addADGroupMember(session, groupDn, newDn)
if(result) {
log("User added to Group " + groupDn)
} else {
log("User not added to Group " + groupDn)
}
close(session)addADGroupMembers
Adds members to a Group on the Active Directory Server.
Property | Value | Description |
|---|---|---|
memberDns* | expression, variable | array of DNs of the members |
groupDn* | text, expression, variable | theDN of the Group |
adConnection* | expression, variable | the AD connection |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
groupDn = "CN=TestGroup,OU=Groups,DC=test,DC=local"
newMembers = createArray()
appendArrayItem(newMembers, "CN=Test User 1,OU=People,DC=test,DC=local")
appendArrayItem(newMembers, "CN=Test User 2,OU=People,DC=test,DC=local")
appendArrayItem(newMembers, "CN=Test User 3,OU=People,DC=test,DC=local")
result = addADGroupMembers(session, groupDn, newMembers)
if(result) {
log("Users added to Group " + groupDn)
} else {
log("Users not added to Group " + groupDn)
}
close(session)addADUser
Add a User to the Active Directory server.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
record* | expression, variable | the Record containing fields to set - must contain the dn in the @dn field |
password* | password, string, expression, variable | the initial password |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
record = createRecord()
# Set default values
setRecordFieldValue(record, "objectClass", "User")
setRecordFieldValue(record, "sn", "User")
setRecordFieldValue(record, "givenName", "Test")
setRecordFieldValue(record, "mail", "TestUser@test.local")
setRecordFieldValue(record, "sAMAccountName", "TestUser")
setRecordFieldValue(record, "homeDirectory", "\\\\Server\\Share\\Users\\"
+ record['sAMAccountName'])
setRecordFieldValue(record, "homeDrive", "H:")
password = "changeme"
# Set DN
destinationDN = "OU=People,DC=test,DC=local"
setRecordFieldValue(record, "cn", record['givenName'] + " " + record['sn'])
setRecordFieldValue(record, "@dn", "cn=\"" + record.cn + "\","
+ destinationDN)
removeRecordField(record, "cn")
if(!record['sn'] || !record['givenName'] || !record['mail'] ||
!record['sAMAccountName']) {
log("Minimum requirements not met for add - " + record)
return()
} else {
}
# Add User
result = addADUser(session, record, *********)
if(result) {
log("Record added - " + record)
if(record['homeDirectory']) {
result = createADHomeDirectory(system['session'],
reco
rd['@dn'], record['homeDirectory'])
if(result) {
log("Directory created - " + record['homeDirectory'])
} else {
log("Unable to create directory - " + record['homeDirectory'])
}
} else {
}
} else {
log("Record not added - " + record)
}
close(session)addADUsers
Add an array of Users to the Active Directory Server.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
records* | expression, variable | array of Records containing fields to set - must contain the dn in the @dn field |
passwords* | expression, variable | array of initial passwords |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
# Build arrays of User records and passwords to add
newUserRecords = createArray()
newUserPasswords = createArray()
i = 0
while(i < 10) {
record = createRecord()
# Set default values
setRecordFieldValue(record, "objectClass", "User")
setRecordFieldValue(record, "sn", "User" + i)
setRecordFieldValue(record, "givenName", "Test")
setRecordFieldValue(record, "mail", "TestUser" + i "@test.local")
setRecordFieldValue(record, "sAMAccountName", "TestUser" + i)
setRecordFieldValue(record, "homeDirectory", "\\\\Server\\Share\\
Users\\" +
record['sAMAccountName'])
setRecordFieldValue(record, "homeDrive", "H:")
password = "changeme"
# Set DN
destinationDN = "OU=People,DC=test,DC=local"
setRecordFieldValue(record, "cn", record['givenName']
+ " " + record['sn'])
setRecordFieldValue(record, "@dn", "cn=\"" + record['cn'] +
"\"," + destinationDN)
removeRecordField(record, "cn")
if(record['sn'] && record['givenName'] && record['mail'] &&
record['sAMAccountName']) {
appendArrayItem(newUserRecords, record)
appendArrayItem(newUserPasswords, password)
} else {
log("Minimum requirements not met for add - " + record)
}
i = i + i
}
if(newUserRecords['length'] == 0) {
# No users to add
return
}
# Add Users
results = addADUsers(session, newUserRecords, newUserPasswords)
i = 0;
forEach(record, newUserRecords) {
result = results && results[i];
if(result) {
log("Record added - " + record)
if(record['homeDirectory']) {
result = createADHomeDirectory(system['session'], record['@dn'],
record['homeDirectory'])
if(result) {
log("Directory created - " + record['homeDirectory'])
} else {
log("Unable to create directory - " + record['homeDirectory'])
}
} else {
}
} else {
log("Record not added - " + record)
}
i = i + 1
}
close(session)compareADField
Compare a Record field on the Active Directory server.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
dn* | expression, variable | the DN of the Record |
fieldName | text, expression, variable | name of the field to be compared |
fieldValue | text, expression, variable | value of the field to be compared |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
mail = "testuser@test.local"
isEqual = compareADField(session, dn, "mail", mail)
if(isEqual == true) {
log("mail = " + mail)
} else {
log("mail <> " + mail)
}
close(session)createADHomeDirectory
Create a Home Directory for a User on the Active Directory server.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
userDn* | text, expression, variable | the DN of the User |
uncPath* | text, expression, variable | the UNC path of the home directory |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
setRecordFieldValue(record, "homeDirectory",
"\\\\server1.test.local\\share\\users\\testuser")
setRecordFieldValue(record, "@dn", "CN=test user,OU=People,
DC=test,DC=local")
result = createADHomeDirectory(session, record['@dn'], record['homeDirectory'])
if(result) {
log("Directory created - " + record['homeDirectory'])
} else {
log("Unable to create directory - " + record['homeDirectory'])
}
close(session)deleteADHomeDirectory
Delete a Home Directory for a User on the Active Directory server.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
userDn* | text, expression, variable | the DN of the User |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
setRecordFieldValue(record, "homeDirectory", "\\\\server1.test.local\\share\\users\\testuser")
setRecordFieldValue(record, "@dn", "CN=test user,OU=People,DC=test,DC=local")
result = deleteADHomeDirectory(session, record['@dn'], record['homeDirectory'])
if(result) {
log("Directory deleted - " + record['homeDirectory'])
} else {
log("Unable to delete directory - " + record['homeDirectory'])
}
close(session)deleteADRecord
Delete a record from the Active Directory server.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
dn* | text, expression, variable | the DN of the Record |
recursive | boolean, expression, variable | recursively delete subtree rooted at dn (default: false) |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
dn = "CN=test user,OU=People,DC=test,DC=local"
result = deleteADRecord(session, dn)
if(result) {
log("Record deleted - " + dn)
} else {
log("Unable to delete record - " + dn)
}
close(session)deleteADRecords
Delete array of Records from the Active Directory server.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
dns* | expression, variable | array of DNs of the Records |
recursive | boolean, expression, variable | recursively delete subtree rooted at dn (default: false) |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
dns = createArray()
appendArrayItem(dns, "CN=Test User 1,OU=People,DC=test,DC=local")
appendArrayItem(dns, "CN=Test User 2,OU=People,DC=test,DC=local")
appendArrayItem(dns, "CN=Test User 3,OU=People,DC=test,DC=local")
results = deleteADRecords(session, dns)
i = 0
forEach(dn, dns) {
result = results && results[i]
if(result) {
log("Record deleted - " + dn)
} else {
log("Unable to delete record - " + dn
}
i = i + 1
}
close(session)getADAccountDisabled
Get 'Account is Disabled' flag.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
accountDn* | text, expression, variable | the DN of the account |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
setRecordFieldValue(record, "@dn", "CN=test user,OU=People,DC=test,DC=local")
result = getADAccountDisabled (Session, record['@dn'])
if(result) {
log("Active Directory Account Disabled", "green")
} else {
log("Active Directory Account NOT Disabled", "red")
}
close(session)getADAccountsDisabled
Get 'Account is Disabled' flag from multiple accounts.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
accountDns* | expression, variable | array of DNs of the accounts |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
dns = createArray()
appendArrayItem(dns, "CN=Test User 1,OU=People,DC=test,DC=local")
appendArrayItem(dns, "CN=Test User 2,OU=People,DC=test,DC=local")
appendArrayItem(dns, "CN=Test User 3,OU=People,DC=test,DC=local")
results = getADAccountsDisabled(session, dns)
i = 0
forEach(dn, dns) {
result = results && results[i]
if(result) {
log("Account is disabled - " + dn)
} else {
log("Account is enabled - " + dn)
}
i = i + 1
}
close(session)getADChanges
Get changed Records from an Active Directory server.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
baseDn* | text, expression, variable | the search base dn |
scope* | choice (sub, one, base), text, expression, variable | the search scope |
filter* | text, expression, variable | the search filter expression or an example Record |
attributes | text, expression, variable | comma separated list of attributes to return (default: none) |
cookie | expression, variable | cookie returned from previous invocation (default: none, which will return all objects) |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Warning
This action, as shown in the example below, provides valid results when configured properly. However, getADChanges is no longer the preferred method to obtain changed record results within an Action Set.
The current preferred method to obtain changed record results is to use the openADChangeIterator action, as shown below.
Example
session = openADConnection(...)
cookieFile = "/cookie/studentsAD.cookie"
fileExists = isFile(cookieFile)
if(!fileExists) {
saveToFile(cookieFile, "")
} else {
}
varCookie = loadFileAsBytes(cookieFile)
# getRecords
moreResults = 1
while(moreResults != 0) {
recordChanges = getADChanges(session, "OU=People,DC=test,DC=local", "sub",
"(employeeType=Student)", "cn,sn,givenName", varCookie)
moreResults = 0
if(recordChanges) {
log("Count: " + recordChanges.length)
} else {
}
# foreach
forEach(recordChange, recordChanges) {
if(recordChange.objectClass == "cookie") {
saveToFile(cookieFile, recordChange.cookie)
varCookie = recordChange.cookiemoreResults =
Number(recordChange.moreResults)
} else {
record = getADRecord(session, recordChange['@dn'], "*")
# transformations
if(!record) {
continue()
} else {
log("Name information has changed: " +
record.sn + " " + record['givenName'])
}
}
}
}
# Close Connections
close(session)getADDontExpirePassword
Get 'Password does not expire' flag.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
accountDn* | text, expression, variable | the DN of the account |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
dn = "CN=Test User,OU=People,DC=test,DC=local"
result = getADDontExpirePassword(session, dn)
if(result != null) {
if(result == true) {
log("Password expires")
} else {
log("Password does not expire")
}
} else {
log("Unable to get UserCannotChangePassword")
}
close(session)getADDontExpirePasswords
Get 'Password does not expire' flag from multiple accounts.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
accountDns* | expression, variable | array of DNs of the accounts |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
dns = createArray()
appendArrayItem(dns, "CN=Test User 1,OU=People,DC=test,DC=local")
appendArrayItem(dns, "CN=Test User 2,OU=People,DC=test,DC=local")
appendArrayItem(dns, "CN=Test User 3,OU=People,DC=test,DC=local")
results = getADDontExpirePasswords(session, dns)
i = 0
forEach(dn, dns) {
result = results && results[i]
if(result) {
log("Account password doesn't expire - " + dn)
} else {
log("Account password expires - " + dn)
}
i = i + 1
}
close(session)getADPassword
Gets decrypted password stored by RapidIdentity password filter from an Active Directory entry.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
dn* | text, expression, variable | the DN of the Record |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
password = "password1"
dn = "CN=Test User,OU=People,DC=test,DC=local"
adPwd = getADPassword(session, dn)
if(adPwd && adPwd == password) {
log("User has not changed their default password!")
} else {
log("Password has been changed from default.")
}
close(session)getADPasswords
Gets an array of decrypted passwords stored by RapidIdentity password filter from Active Directory entries.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
dns* | expression, variable | array of DNs of the Records |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
password = "password1"
dns = createArray()
appendArrayItem(newMembers, "CN=Test User 1,OU=People,DC=test,DC=local")
appendArrayItem(newMembers, "CN=Test User 2,OU=People,DC=test,DC=local")
appendArrayItem(newMembers, "CN=Test User 3,OU=People,DC=test,DC=local")
adPwds = getADPasswords(session, dns)
i = 0
forEach(dn, dns) {
adPwd = adPwds && adPwds[i]
if(adPwd == password) {
log("User has not changed their default password!")
} else {
log("Password has been changed from default.")
}
i = i + i
}
close(session)getADRecord
Get a Record from the Active Directory server.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
dn* | expression, variable | the DN of the Record |
attributes | text, expression, variable | comma separated list of attributes to return (default: none) |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
dn = "CN=Test User,OU=People,DC=test,DC=local"
record = getADRecord(session, dn, "cn,sn,givenName")
if(record) {
log("User found: " + record)
} else {
log("User not found: " + dn)
}
close(session)getADRecords
Get multiple Records from the Active Directory server.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
baseDn* | text, expression, variable | the search base dn |
scope* | choice (sub, one, base), text, expression, variable | the search scope |
filter* | text, expression, variable | the search filter expression or an example Record |
maxResults | expression, variable | maximum number of Records to return (default: the server maximum) |
attributes | text, expression, variable | comma separated list of attributes to return (default: none) |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
baseDn = "OU=People,DC=test,DC=local"
filter = "(objectClass=user)"
records = getADRecords(session, baseDn, "sub", filter, "cn,sn,givenName")
log("Found: " + records.length)
forEach(record,records) {
log("User found: " + record)
}
close(session)getADRecordsByDN
Get an array of Records from the Active Directory server by DN.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
dns* | expression, variable | array of DNs of the Records |
attributes | text, expression, variable | comma separated list of attributes to return (default: none) |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
dns = createArray()
appendArrayItem(newMembers, "CN=Test User 1,OU=People,DC=test,DC=local")
appendArrayItem(newMembers, "CN=Test User 2,OU=People,DC=test,DC=local")
appendArrayItem(newMembers, "CN=Test User 3,OU=People,DC=test,DC=local")
records = getADRecordsByDN(session, dns, "cn,sn,givenName")
i = 0
forEach(dn, dns) {
record = records && records[i]
if(record) {
log("User found: " + record)
} else {
log("User not found: " + dn)
}
i = i + 1
}
close(session)getADUserCannotChangePassword
Get AD 'User Cannot Change Password' flag.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
userDn* | text, expression, variable | the DN of the User |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
dn = "CN=Test User,OU=People,DC=test,DC=local"
result = getADUserCannotChangePassword(session, dn)
if(result != null) {
if(result == true) {
log("User cannot change password")
} else {
log("User can change password")
}
} else {
log("Unable to get UserCannotChangePassword")
}
close(session)getADUsersCannotChangePassword
Get AD 'User Cannot Change Password' flag from multiple Users.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
userDns* | expression, variable | array of DNs of the Users |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
dns = createArray()
appendArrayItem(dns, "CN=Test User 1,OU=People,DC=test,DC=local")
appendArrayItem(dns, "CN=Test User 2,OU=People,DC=test,DC=local")
appendArrayItem(dns, "CN=Test User 3,OU=People,DC=test,DC=local")
results = getADUsersCannotChangePassword(session, dns)
i = 0
forEach(dn, dns) {
result = results && results[i]
if(result) {
log("User cannot change password - " + dn)
} else {
log("User can change password - " + dn)
}
i = i + 1
}
close(session)modifyADRecord
Modify a Record on the Active Directory server.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
dn* | expression, variable | the DN of the Record |
removeRecord | expression, variable | a Record containing attributes/values to be removed |
addRecord | expression, variable | a Record containing attribute values to be added |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
addRecord = createRecord()
removeRecord = createRecord()
setRecordFieldValue(addRecord, "objectClass", "customObjectClass")
addRecordField(removeRecord, "telephoneNumber")
dn = "CN=Test User,OU=People,DC=test,DC=local"
result = modifyADRecord(session, dn, removeRecord, addRecord)
if(result) {
log("Record modified - Added " + addRecord)
log("Record modified - Removed " + removeRecord)
} else {
log("Record not modified - " + dn)
}
close(session)modifyADRecords
Modify an array of Records on the Active Directory server.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
dns* | expression, variable | array of DNs of the Records |
removeRecords | expression, variable | array of Records containing attributes/values to be removed |
addRecords | expression, variable | array of Records containing attribute values to be added |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
addRecord = createRecord()
removeRecord = createRecord()
setRecordFieldValue(addRecord, "objectClass", "customObjectClass")
addRecordField(removeRecord, "telephoneNumber")
addRecords = createArray()
removeRecords = createArray()
dns = createArray()
appendArrayItem(dns, "CN=Test User 1,OU=People,DC=test,DC=local")
appendArrayItem(addRecords, addRecord)
appendArrayItem(removeRecords, removeRecord)
appendArrayItem(dns, "CN=Test User 2,OU=People,DC=test,DC=local")
appendArrayItem(addRecords, addRecord)
appendArrayItem(removeRecords, removeRecord)
appendArrayItem(dns, "CN=Test User 3,OU=People,DC=test,DC=local")
appendArrayItem(addRecords, addRecord)
appendArrayItem(removeRecords, removeRecord)
results = modifyADRecords(session, dns, removeRecords, addRecords)
i = 0
forEach(dn, dns) {
result = results && result[i]
if(result) {
log("Record modified - Added " + addRecords[i] + " to " + dn)
log("Record modified - Removed " + removeRecords[i] + " to " + dn)
} else {
log("Record not modified - " + dn)
}
i = i + 1
}
close(session)moveADHomeDirectory
Moves a Home Directory for a User on the Active Directory server.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
userDn* | text, expression, variable | the DN of the User |
uncPath* | text, expression, variable | the new UNC path of the home directory |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
homeDirectory = "\\\\server1.test.local\\share\\users\\testuser"
dn = "CN=test user,OU=People,DC=test,DC=local"
result = moveADHomeDirectory(session, dn, homeDirectory)
if(result) {
log("Directory moved - " + homeDirectory)
} else {
log("Unable to move directory - " + homeDirectory)
}
close(session)openADChangeIterator
Open AD Change Iterator.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
baseDn* | text, expression, variable | the search base dn |
scope* | choice (sub, one, base), text, expression, variable | the search scope |
filter* | text, expression, variable | the search filter expression or an example Record |
attributes | text, expression, variable | comma separated list of attributes to return (default: none) |
cookieFile* | text, expression, variable | path to file to load/save cookie |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Warning
The cookie file can impact the results obtained when running openADChangeIterator. If the cookie file does not exist in the path, the results when running the Action Set will show all records based on the listed action properties and their values. If the cookie file does exist in the path, the results when running the Action Set will show the results that have changed since the Action Set was last run relative to the existing cookie file. Thus, the presence of a cookie file could lead to inaccurate results when running the Action Set. If it is necessary to ensure the Action Set is run for all targeted records, one option is to rename or move the cookie file.
Example
session = openADConnection(...)
cookieFile = "/cookie/studentsAD.cookie"
recordChanges = openADChangeIterator(session, "OU=People,DC=test,
DC=local", "sub",
"(employeeType=Student)", "cn,sn,givenName", cookieFile)
# foreach
forEach(recordChange, recordChanges) {
record = getADRecord(session, recordChange['@dn'], "*")
# transformations
if(!record) {
continue()
} else {
log("Name information has changed: " + record['sn'] + " " +
record['givenName'])
}
}
# Close Connections
close(session)openADConnection
Open a connection to an Active Directory server.
Property | Value | Description |
|---|---|---|
adHost* | text, expression, variable | the host name or IP address of the Active Directory server |
adPort | expression, variable | the TCP port of the Active Directory server (default: 636 if using SSL, 389 otherwise.) |
useSSL | boolean, expression, variable | use SSL/TLS (default: false.) |
userDn | text, expression, variable | the user DN for authenticating to the Active Directory server |
password | password, string, expression, variable | the user password for authenticating to the Active Directory server |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
host = "server1.test.local"
port = "636"
ssl = true
user = "test.local\\administrator"
password = "mySecur3p@ssw0rd"
session = openADConnection(host,port,ssl,user,password)
if(session) {
log("Successfully connected to AD!")
} else {
log("Unable to connect to AD")
}
close(session)openADRecordIterator
Open Record Iterator for AD server to sort large sets of records.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
baseDn* | text, expression, password, variable | the search base dn |
scope* | choice (sub, one, base), text, expression, variable | the search scope |
filter* | text, expression, password, variable | the search filter expression or an example record |
initialOffset | expression, variable | the number of records to skip initially. (default: 0) |
pageSize | expression, variable | the preferred number of records to fetch at a time from AD server. (default: 100) |
attributes | text, expression, password, variable | comma-separated list of attributes to check/return (default: none) |
sortKey | text, expression, password, variable | comma-separated list of attributes to use as sort keys, with optional +/- to indicate sort direction. (default: unsorted) |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
sessionAD = openADConnection("10.100.30.35", "636", true,
"administrator@test.local",<Password>)
# Record Iterator
i = 0
recordChanges = openADRecordIterator(sessionAD,
"ou=students,ou=people,dc=test,dc=local", "sub",
"(employeeType=Student)", undefined, undefined, "cn", undefined)
recordIterator: forEach(recordChange, recordChanges) {
log(recordChange)
i = i +1
if(i >= 30) {
break(recordIterator)
} else {
}
}
}
# Close
close(sessionLDAP)removeADGroupMember
Removes a member from a Group on the Active Directory server.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
groupDn* | text, expression, variable | theDN of the Group |
memberDn* | text, expression, variable | the DN of the member |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
groupDn = "CN=TestGroup,OU=Groups,DC=test,DC=local"
newDn = "CN=Test User,OU=People,DC=test,DC=local"
result = removeADGroupMember(session, groupDn, newDn)
if(result) {
log("User removed from Group " + groupDn)
} else {
log("User not removed from Group " + groupDn)
}
close(session)removeADGroupMembers
Removes multiple members from a Group on the Active Directory server.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
groupDn* | text, expression, variable | theDN of the Group |
memberDns* | expression, variable | array of DNs of the members |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
groupDn = "CN=TestGroup,OU=Groups,DC=test,DC=local"
newMembers = createArray()
appendArrayItem(newMembers, "CN=Test User 1,OU=People,DC=test,DC=local")
appendArrayItem(newMembers, "CN=Test User 2,OU=People,DC=test,DC=local")
appendArrayItem(newMembers, "CN=Test User 3,OU=People,DC=test,DC=local")
result = removeADGroupMembers(session, groupDn, newMembers)
if(result) {
log("Users removed from Group " + groupDn)
} else {
log("Users not removed from Group " + groupDn)
}
close(session)renameADRecord
Rename and/or move an object on the Active Directory server.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
oldDn* | text, expression, variable | the original DN of the object |
newDn* | text, expression, variable | the new DN of the object |
keepOldRdn* | boolean, expression, variable | preserve that attribute values used by the old dn (default: false.) |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
oldDn = "CN=Test User,OU=People,DC=test,DC=local"
newDn = "CN=Test User,OU=Staff,OU=Internal,OU=People,DC=test,DC=local"
result = renameADRecord(session, oldDn, newDn)
if(result) {
log("User moved or renamed to " + newDn)
} else {
log("User not moved or renamed " + oldDn)
}
close(session)saveADRecord
Save a Record to the Active Directory server.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
record* | expression, variable | the Record to save - must contain the dn in the @dn field |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
record = createRecord()
setRecordFieldValue(record, "telephoneNumber", "555-555-1234")
addRecordFieldValue(record, "telephoneNumber", "555-555-9876")
dn = "CN=Test User,OU=People,DC=test,DC=local"
setRecordFieldValue(record, "@dn", dn)
result = saveADRecord(session, record)
if(result) {
log("Record saved - " + record)
} else {
log("Record not saved - " + record)
}
close(session)saveADRecords
Save an array of Records to the Active Directory server.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
records* | expression, variable | the array of Records to save - must contain the dn in the @dn field |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
records = createArray()
record = createRecord()
setRecordFieldValue(record, "telephoneNumber", "555-555-1234")
addRecordFieldValue(record, "telephoneNumber", "555-555-9876")
setRecordFieldValue(record, "@dn", "CN=Test User 1,OU=People,
DC=test,DC=local")
appendArrayItem(records, record)
record = createRecord()
setRecordFieldValue(record, "telephoneNumber", "555-555-4321")
addRecordFieldValue(record, "telephoneNumber", "555-555-6789")
setRecordFieldValue(record, "@dn", "CN=Test User 2,OU=People,
DC=test,DC=local")
appendArrayItem(records, record)
record = createRecord()
setRecordFieldValue(record, "telephoneNumber", "555-555-2468")
addRecordFieldValue(record, "telephoneNumber", "555-555-1357")
setRecordFieldValue(record, "@dn", "CN=Test User 3,OU=People,
DC=test,DC=local")
appendArrayItem(records, record)
results = saveADRecords(session, records)
i = 0
forEach(dn, dns) {
result = results && result[i]
if(result) {
log("Record saved - " + record)
} else {
log("Record not saved - " + record)
}
i = i + 1
}
close(session)setADAccountDisabled
Set/clear AD 'Account is Disabled' flag.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
accountDn* | text, expression, variable | the DN of the account |
state* | boolean, expression, variable | true to disable the account, false otherwise |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
setRecordFieldValue(record, "@dn", "CN=test user,OU=People,DC=test,
DC=local")
result = setADAccountDisabled (Session, record['@dn'], false)
if(result) {
log("setADAccountDisabled worked", "green")
} else {
log("setADAccountDisabled failed", "red")
}
close(session)setADAccountsDisabled
Set/clear AD 'Account is Disabled' flag on multiple accounts.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
accountDns* | expression, variable | array of DNs of the accounts |
state* | boolean, expression, variable | true to disable the account, false otherwise |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
dns = createArray()
appendArrayItem(dns, "CN=Test User 1,OU=People,DC=test,DC=local")
appendArrayItem(dns, "CN=Test User 2,OU=People,DC=test,DC=local")
results = setADAccountsDisabled(session, dns, true)
i = 0
forEach(dn, dns) {
result = results && results[i]
if(result) {
log("Account set to disabled - " + dn)
} else {
log("Account not set to disabled " + dn)
}
i = i + 1
}
close(session)setADDontExpirePassword
Set/clear AD 'Password does not expire' flag.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
accountDn* | text, expression, variable | the DN of the account |
state* | boolean, expression, variable | true to disable the account, false otherwise |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
dn = "CN=Test User,OU=People,DC=test,DC=local"
result = setADDontExpirePassword(session, dn, true)
if(result) {
log("Password does not expire")
} else {
log("Unable to set DontExpirePassword")
}
close(session)setADDontExpirePasswords
Set/clear AD 'Password does not expire' flag on multiple accounts.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
accountDns* | expression, variable | array of DNs of the accounts |
state* | boolean, expression, variable | true to disable the account, false otherwise |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
dns = createArray()
appendArrayItem(dns, "CN=Test User 1,OU=People,DC=test,DC=local")
appendArrayItem(dns, "CN=Test User 2,OU=People,DC=test,DC=local")
results = setADDontExpirePasswords(session, dns, true)
i = 0
forEach(dn, dns) {
result = results && results[i]
if(result) {
log("Account set to not expire passwords - " + dn)
} else {
log("Account not set to not expire passwords " + dn)
}
i = i + 1
}
close(session)setADPassword
Sets password on a Record on the Active Directory server.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
dn* | text, expression, variable | the DN of the Record |
password* | password, string, expression, variable | the password |
oldPassword | password, string, expression, variable | the old password (default: none) |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
password = "password1"
dn = "CN=Test User,OU=People,DC=test,DC=local"
result = setADPassword(session, dn, password)
if(result) {
log("Password has been set")
} else {
log("Password was not set")
}
close(session)setADPasswords
Sets passwords on Records on the Active Directory server.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
dns* | text, expression, variable | array of DNs of Records |
passwords* | expression, variable | array of passwords |
oldPasswords | expression, variable | array of old passwords (default: none) |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
dns = createArray()
passwords = createArray()
appendArrayItem(dns, "CN=Test User 1,OU=People,DC=test,DC=local")
appendArrayItem(passwords, "password1")
appendArrayItem(dns, "CN=Test User 2,OU=People,DC=test,DC=local")
appendArrayItem(passwords, "password2")
results = setADPasswords(session, dns, passwords)
i = 0
forEach(dn, dns) {
result = results && results[i]
if(result) {
log("Password has been set for " + dn)
} else {
log("Password was not set for " + dn)
}
i = i + 1
}
close(session)setADUserCannotChangePassword
Set/clear AD 'User Cannot Change Password' flag.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
userDn* | text, expression, variable | the DN of the User |
state* | boolean, expression, variable | true to disallow user from changing password, false otherwise |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
dn = "CN=Test User,OU=People,DC=test,DC=local"
result = setADUserCannotChangePassword(session, dn, true)
if(result) {
log("User cannot change password")
} else {
log("Unable to set UserCannotChangePassword")
}
close(session)setADUsersCannotChangePassword
Set/clear AD 'User Cannot Change Password' flag on multiple Users.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
userDns* | expression, variable | array of DNs of the Users |
state* | boolean, expression, variable | true to disallow user from changing password, false otherwise |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
dns = createArray()
appendArrayItem(dns, "CN=Test User 1,OU=People,DC=test,DC=local")
appendArrayItem(dns, "CN=Test User 2,OU=People,DC=test,DC=local")
results = setADUsersCannotChangePassword(session, dns, true)
i = 0
forEach(dn, dns) {
result = results && results[i]
if(result) {
log("Account set to not allow password change - " + dn)
} else {
log("Account not set to not allow password change - " + dn)
}
i = i + 1
}
close(session)