Active Directory Adapter Reference
Connect Password Filter
The Active Directory adapter depends on the Connect Active Directory Password Filter to be able to capture password changes in AD.
Install and configure the password filter only if the environment is using Active Directory.
Adds a member to a Group on the Active Directory Server.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
groupDn* | text, expression, variable | theDN of the Group |
memberDn* | text, expression, variable | the DN of the member |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection()
groupDn = "CN=TestGroup,OU=Groups,DC=test,DC=local"
newDn = "CN=Test User,OU=People,DC=test,DC=local"
result = addADGroupMember(session, groupDn, newDn)
if(result) {
log("User added to Group " + groupDn)
} else {
log("User not added to Group " + opegroupDn)
}
close(session)Adds members to a Group on the Active Directory Server.
Property | Value | Description |
|---|---|---|
memberDns* | expression, variable | array of DNs of the members |
groupDn* | text, expression, variable | theDN of the Group |
adConnection* | expression, variable | the AD connection |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
groupDn = "CN=TestGroup,OU=Groups,DC=test,DC=local"
newMembers = createArray()
appendArrayItem(newMembers, "CN=Test User 1,OU=People,DC=test,DC=local")
appendArrayItem(newMembers, "CN=Test User 2,OU=People,DC=test,DC=local")
appendArrayItem(newMembers, "CN=Test User 3,OU=People,DC=test,DC=local")
result = addADGroupMembers(session, groupDn, newMembers)
if(result) {
log("Users added to Group " + groupDn)
} else {
log("Users not added to Group " + groupDn)
}
close(session)Add a User to the Active Directory server.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
record* | expression, variable | the Record containing fields to set - must contain the dn in the @dn field |
password* | password, string, expression, variable | the initial password |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
record = createRecord()
# Set default values
setRecordFieldValue(record, "objectClass", "User")
setRecordFieldValue(record, "sn", "User")
setRecordFieldValue(record, "givenName", "Test")
setRecordFieldValue(record, "mail", "TestUser@test.local")
setRecordFieldValue(record, "sAMAccountName", "TestUser")
setRecordFieldValue(record, "homeDirectory", "\\\\Server\\Share\\Users\\"
+ record['sAMAccountName'])
setRecordFieldValue(record, "homeDrive", "H:")
password = "changeme"
# Set DN
destinationDN = "OU=People,DC=test,DC=local"
setRecordFieldValue(record, "cn", record['givenName'] + " "
+ record['sn'])
setRecordFieldValue(record, "@dn", "cn=\"" + record.cn + "\","
+ destinationDN)
removeRecordField(record, "cn")
if(!record['sn'] || !record['givenName'] || !record['mail'] ||
!record['sAMAccountName']) {
log("Minimum requirements not met for add - " + record)
return null
} else {
}
# Add User
result = addADUser(session, record, *********)
if(result) {
log("Record added - " + record)
if(record['homeDirectory']) {
result = createADHomeDirectory(system['session'],
record['@dn'], record['homeDirectory'])
if(result) {
log("Directory created - " + record['homeDirectory'])
} else {
log("Unable to create directory - "
+ record['homeDirectory'])
}
} else {
}
} else {
log("Record not added - " + record)
}
close(session)Add an array of Users to the Active Directory Server.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
records* | expression, variable | array of Records containing fields to set - must contain the dn in the @dn field |
passwords* | expression, variable | array of initial passwords |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
# Build arrays of User records and passwords to add
newUserRecords = createArray()
newUserPasswords = createArray()
i = 0
while(i < 10) {
record = createRecord()
# Set default values
setRecordFieldValue(record, "objectClass", "User")
setRecordFieldValue(record, "sn", "User" + i)
setRecordFieldValue(record, "givenName", "Test")
setRecordFieldValue(record, "mail", "TestUser" + i "@test.local")
setRecordFieldValue(record, "sAMAccountName", "TestUser" + i)
setRecordFieldValue(record, "homeDirectory",
"\\\\Server\\Share\\Users\\" +
record['sAMAccountName'])
setRecordFieldValue(record, "homeDrive", "H:")
password = "changeme"
# Set DN
destinationDN = "OU=People,DC=test,
DC=local"setRecordFieldValue(record, "cn",
record['givenName']
+ " " + record['sn'])
setRecordFieldValue(record, "@dn", "cn=\"" + record['cn'] + "\"," + destinationDN)
removeRecordField(record, "cn")
if(record['sn'] && record['givenName'] && record['mail'] &&
record['sAMAccountName']) {
appendArrayItem(newUserRecords, record)
appendArrayItem(newUserPasswords, password)
} else {
log("Minimum requirements not met for add - " + record)
}
i = i + i
}
if(newUserRecords['length'] == 0) {
# No users to add
return
}
# Add Users
results = addADUsers(session, newUserRecords, newUserPasswords)
i = 0;
forEach(record, newUserRecords) {
result = results && results[i];
if(result) {
log("Record added - " + record)
if(record['homeDirectory']) {
result = createADHomeDirectory(system['session'],
record['@dn'],
record['homeDirectory'])
if(result) {
log("Directory created - "
+ record['homeDirectory'])
} else {
log("Unable to create directory - "
+ record['homeDirectory'])
}
} else {
}
} else {
log("Record not added - " + record)
}
i = i + 1
}
close(session)Compare a Record field on the Active Directory server.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
dn* | expression, variable | the DN of the Record |
fieldName | text, expression, variable | name of the field to be compared |
fieldValue | text, expression, variable | value of the field to be compared |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
mail = "testuser@test.local"
isEqual = compareADField(session, dn, "mail", mail)
if(isEqual == true) {
log("mail = " + mail)
} else {
log("mail <> " + mail)
}
close(session)Create a Home Directory for a User on the Active Directory server.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
record* | expression, variable | The record to save |
uncPath* | text, expression, variable | the UNC path of the home directory |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
extraProperties | expression, variable | extra possible properties supported for JCIFS NG |
Example
session = openADConnection(...)
setRecordFieldValue(record, "homeDirectory",
"\\\\server1.test.local\\share\\users\\testuser")
setRecordFieldValue(userRecord, "userPrincipalName", idautotestuser@test1.local
result = createADHomeDirectory(session, record['userPrincipalName'],
record['homeDirectory'])
if(result) {
log("Directory created - " + record['homeDirectory'])
} else {
log("Unable to create directory - " + record['homeDirectory'])
}
close(session)Delete a Home Directory for a User on the Active Directory server.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
userDn* | text, expression, variable | the DN of the User |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
extraProperties | expression, variable | extra possible properties supported for JCIFS NG |
Example
session = openADConnection(...)
setRecordFieldValue(record, "homeDirectory",
"\\\\server1.test.local\\share\\users\\testuser")
setRecordFieldValue(record, "@dn",
"CN=test user,OU=People,DC=test,DC=local")
result = deleteADHomeDirectory(session, record['@dn'],
record['homeDirectory'])
if(result) {
log("Directory deleted - " + record['homeDirectory'])
} else {
log("Unable to delete directory - " + record['homeDirectory'])
}
close(session)Delete a record from the Active Directory server.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
dn* | text, expression, variable | the DN of the Record |
recursive | boolean, expression, variable | recursively delete subtree rooted at dn (default: false) |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
dn = "CN=test user,OU=People,DC=test,DC=local"
result = deleteADRecord(session, dn)
if(result) {
log("Record deleted - " + dn)
} else {
log("Unable to delete record - " + dn)
}
close(session)Delete array of Records from the Active Directory server.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
dns* | expression, variable | array of DNs of the Records |
recursive | boolean, expression, variable | recursively delete subtree rooted at dn (default: false) |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
dns = createArray()
appendArrayItem(dns, "CN=Test User 1,OU=People,DC=test,DC=local")
appendArrayItem(dns, "CN=Test User 2,OU=People,DC=test,DC=local")
appendArrayItem(dns, "CN=Test User 3,OU=People,DC=test,DC=local")
results = deleteADRecords(session, dns)
i = 0
forEach(dn, dns) {
result = results && results[i]
if(result) {
log("Record deleted - " + dn)
} else {
log("Unable to delete record - " + dn
}
i = i + 1
}
close(session)Get 'Account is Disabled' flag.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
accountDn* | text, expression, variable | the DN of the account |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
setRecordFieldValue(record, "@dn",
"CN=test user,OU=People,DC=test,DC=local")
result = getADAccountDisabled (Session, record['@dn'])
if(result) {
log("Active Directory Account Disabled", "green")
} else {
log("Active Directory Account NOT Disabled", "red")
}
close(session)Get 'Account is Disabled' flag from multiple accounts.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
accountDns* | expression, variable | array of DNs of the accounts |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
dns = createArray()
appendArrayItem(dns, "CN=Test User 1,OU=People,DC=test,DC=local")
appendArrayItem(dns, "CN=Test User 2,OU=People,DC=test,DC=local")
appendArrayItem(dns, "CN=Test User 3,OU=People,DC=test,DC=local")
results = getADAccountsDisabled(session, dns)
i = 0
forEach(dn, dns) {
result = results && results[i]
if(result) {
log("Account is disabled - " + dn)
} else {
log("Account is enabled - " + dn)
}
i = i + 1
}
close(session)Get changed Records from an Active Directory server.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
baseDn* | text, expression, variable | the search base dn |
scope* | choice (sub, one, base), text, expression, variable | the search scope |
filter* | text, expression, variable | the search filter expression or an example Record |
attributes | text, expression, variable | comma separated list of attributes to return (default: none) |
cookie | expression, variable | cookie returned from previous invocation (default: none, which will return all objects) |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Warning
This action, as shown in the example below, provides valid results when configured properly. However, getADChanges is no longer the preferred method to obtain changed record results within an Action Set.
The current preferred method to obtain changed record results is to use the openADChangeIterator action, as shown below.
Example
session = openADConnection(...)
cookieFile = "/cookie/studentsAD.cookie"
fileExists = isFile(cookieFile)
if(!fileExists) {
saveToFile(cookieFile, "")
} else {
}
varCookie = loadFileAsBytes(cookieFile)
# getRecords
moreResults = 1
while(moreResults != 0) {
recordChanges = getADChanges(session,
"OU=People,DC=test,DC=local", "sub",
"(employeeType=Student)", "cn,sn,givenName", varCookie)
moreResults = 0
if(recordChanges) {
log("Count: " + recordChanges.length)
} else {
}
# foreach
forEach(recordChange, recordChanges) {
if(recordChange.objectClass == "cookie") {
saveToFile(cookieFile, recordChange.cookie)
varCookie = recordChange.cookiemoreResults =
Number(recordChange.moreResults)
} else {
record = getADRecord(session, recordChange['@dn'], "*")
# transformations
if(!record) {
continue()
} else {
log("Name information has changed: " + record.sn
+ " " + record['givenName'])
}
}
}
}
# Close Connections
close(session)Get 'Password does not expire' flag.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
accountDn* | text, expression, variable | the DN of the account |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
dn = "CN=Test User,OU=People,DC=test,DC=local"
result = getADDontExpirePassword(session, dn)
if(result != null) {
if(result == true) {
log("Password expires")
} else {
log("Password does not expire")
}
} else {
log("Unable to get UserCannotChangePassword")
}
close(session)Get 'Password does not expire' flag from multiple accounts.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
accountDns* | expression, variable | array of DNs of the accounts |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
dns = createArray()
appendArrayItem(dns, "CN=Test User 1,OU=People,DC=test,DC=local")
appendArrayItem(dns, "CN=Test User 2,OU=People,DC=test,DC=local")
appendArrayItem(dns, "CN=Test User 3,OU=People,DC=test,DC=local")
results = getADDontExpirePasswords(session, dns)
i = 0
forEach(dn, dns) {
result = results && results[i]
if(result) {
log("Account password doesn't expire - " + dn)
} else {
log("Account password expires - " + dn)
}
i = i + 1
}
close(session)Gets decrypted password stored by RapidIdentity password filter from an Active Directory entry.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
dn* | text, expression, variable | the DN of the Record |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
password = "password1"
dn = "CN=Test User,OU=People,DC=test,DC=local"
adPwd = getADPassword(session, dn)
if(adPwd && adPwd == password) {
log("User has not changed their default password!")
} else {
log("Password has been changed from default.")
}
close(session)Gets an array of decrypted passwords stored by RapidIdentity password filter from Active Directory entries.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
dns* | expression, variable | array of DNs of the Records |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
password = "password1"
dns = createArray()
appendArrayItem(newMembers,
"CN=Test User 1,OU=People,DC=test,DC=local")
appendArrayItem(newMembers,
"CN=Test User 2,OU=People,DC=test,DC=local")
appendArrayItem(newMembers,
"CN=Test User 3,OU=People,DC=test,DC=local")
adPwds = getADPasswords(session, dns)
i = 0
forEach(dn, dns) {
adPwd = adPwds && adPwds[i]
if(adPwd == password) {
log("User has not changed their default password!")
} else {
log("Password has been changed from default.")
}
i = i + i
}
close(session)Get a Record from the Active Directory server.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
dn* | expression, variable | the DN of the Record |
attributes | text, expression, variable | comma separated list of attributes to return (default: none) |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
dn = "CN=Test User,OU=People,DC=test,DC=local"
record = getADRecord(session, dn, "cn,sn,givenName")
if(record) {
log("User found: " + record)
} else {
log("User not found: " + dn)
}
close(session)Get multiple Records from the Active Directory server.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
baseDn* | text, expression, variable | the search base dn |
scope* | choice (sub, one, base), text, expression, variable | the search scope |
filter* | text, expression, variable | the search filter expression or an example Record |
maxResults | expression, variable | maximum number of Records to return (default: the server maximum) |
attributes | text, expression, variable | comma separated list of attributes to return (default: none) |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
baseDn = "OU=People,DC=test,DC=local"
filter = "(objectClass=user)"
records = getADRecords(session, baseDn, "sub", filter,
"cn,sn,givenName")
log("Found: " + records.length)
forEach(record,records) {
log("User found: " + record)
}
close(session)Get an array of Records from the Active Directory server by DN.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
dns* | expression, variable | array of DNs of the Records |
attributes | text, expression, variable | comma separated list of attributes to return (default: none) |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
dns = createArray()
appendArrayItem(newMembers,
"CN=Test User 1,OU=People,DC=test,DC=local")
appendArrayItem(newMembers,
"CN=Test User 2,OU=People,DC=test,DC=local")
appendArrayItem(newMembers,
"CN=Test User 3,OU=People,DC=test,DC=local")
records = getADRecordsByDN(session, dns, "cn,sn,givenName")
i = 0
forEach(dn, dns) {
record = records && records[i]
if(record) {
log("User found: " + record)
} else {
log("User not found: " + dn)
}
i = i + 1
}
close(session)Get AD 'User Cannot Change Password' flag.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
userDn* | text, expression, variable | the DN of the User |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
dn = "CN=Test User,OU=People,DC=test,DC=local"
result = getADUserCannotChangePassword(session, dn)
if(result != null) {
if(result == true) {
log("User cannot change password")
} else {
log("User can change password")
}
} else {
log("Unable to get UserCannotChangePassword")
}
close(session)Get AD 'User Cannot Change Password' flag from multiple Users.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
userDns* | expression, variable | array of DNs of the Users |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
dns = createArray()
appendArrayItem(dns, "CN=Test User 1,OU=People,DC=test,DC=local")
appendArrayItem(dns, "CN=Test User 2,OU=People,DC=test,DC=local")
appendArrayItem(dns, "CN=Test User 3,OU=People,DC=test,DC=local")
results = getADUsersCannotChangePassword(session, dns)
i = 0
forEach(dn, dns) {
result = results && results[i]
if(result) {
log("User cannot change password - " + dn)
} else {
log("User can change password - " + dn)
}
i = i + 1
}
close(session)Modify a Record on the Active Directory server.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
dn* | expression, variable | the DN of the Record |
removeRecord | expression, variable | a Record containing attributes/values to be removed |
addRecord | expression, variable | a Record containing attribute values to be added |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
addRecord = createRecord()
removeRecord = createRecord()
setRecordFieldValue(addRecord, "objectClass", "customObjectClass")
addRecordField(removeRecord, "telephoneNumber")
dn = "CN=Test User,OU=People,DC=test,DC=local"
result = modifyADRecord(session, dn, removeRecord, addRecord)
if(result) {
log("Record modified - Added " + addRecord)
log("Record modified - Removed " + removeRecord)
} else {
log("Record not modified - " + dn)
}
close(session)Modify an array of Records on the Active Directory server.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
dns* | expression, variable | array of DNs of the Records |
removeRecords | expression, variable | array of Records containing attributes/values to be removed |
addRecords | expression, variable | array of Records containing attribute values to be added |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
addRecord = createRecord()
removeRecord = createRecord()
setRecordFieldValue(addRecord, "objectClass", "customObjectClass")
addRecordField(removeRecord, "telephoneNumber")
addRecords = createArray()
removeRecords = createArray()
dns = createArray()
appendArrayItem(dns, "CN=Test User 1,OU=People,DC=test,DC=local")
appendArrayItem(addRecords, addRecord)
appendArrayItem(removeRecords, removeRecord)
appendArrayItem(dns, "CN=Test User 2,OU=People,DC=test,DC=local")
appendArrayItem(addRecords, addRecord)
appendArrayItem(removeRecords, removeRecord)
appendArrayItem(dns, "CN=Test User 3,OU=People,DC=test,DC=local")
appendArrayItem(addRecords, addRecord)
appendArrayItem(removeRecords, removeRecord)
results = modifyADRecords(session, dns, removeRecords, addRecords)
i = 0
forEach(dn, dns) {
result = results && result[i]
if(result) {
log("Record modified - Added " + addRecords[i] + " to "
+ dn)
log("Record modified - Removed " + removeRecords[i]
+ " to " + dn)
} else {
log("Record not modified - " + dn)
}
i = i + 1
}
close(session)Moves a Home Directory for a User on the Active Directory server.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
userDn* | text, expression, variable | the DN of the User |
uncPath* | text, expression, variable | the new UNC path of the home directory |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
extraProperties | expression, variable | extra possible properties supported for JCIFS NG |
Example
session = openADConnection(...)
homeDirectory = "\\\\server1.test.local\\share\\users\\testuser"
dn = "CN=test user,OU=People,DC=test,DC=local"
result = moveADHomeDirectory(session, dn, homeDirectory)
if(result) {
log("Directory moved - " + homeDirectory)
} else {
log("Unable to move directory - " + homeDirectory)
}
close(session)Open AD Change Iterator.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
baseDn* | text, expression, variable | the search base dn |
scope* | choice (sub, one, base), text, expression, variable | the search scope |
filter* | text, expression, variable | the search filter expression or an example Record |
attributes | text, expression, variable | comma separated list of attributes to return (default: none) |
cookieFile* | text, expression, variable | path to file to load/save cookie |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Warning
The cookie file can impact the results obtained when running openADChangeIterator. If the cookie file does not exist in the path, the results when running the Action Set will show all records based on the listed action properties and their values. If the cookie file does exist in the path, the results when running the Action Set will show the results that have changed since the Action Set was last run relative to the existing cookie file. Thus, the presence of a cookie file could lead to inaccurate results when running the Action Set. If it is necessary to ensure the Action Set is run for all targeted records, one option is to rename or move the cookie file.
Example
session = openADConnection(...)
cookieFile = "/cookie/studentsAD.cookie"
recordChanges = openADChangeIterator(session,
"OU=People,DC=test,DC=local", "sub",
"(employeeType=Student)", "cn,sn,givenName", cookieFile)
# foreach
forEach(recordChange, recordChanges) {
record = getADRecord(session, recordChange['@dn'], "*")
# transformations
if(!record) {
continue()
} else {
log("Name information has changed: " + record['sn'] + " "
+ record['givenName'])
}
}
# Close Connections
close(session)Open a connection to an Active Directory server.
Property | Value | Description |
|---|---|---|
adHost* | text, expression, variable | the host name or IP address of the Active Directory server |
adPort | expression, variable | the TCP port of the Active Directory server (default: 636 if using SSL, 389 otherwise.) |
useSSL | boolean, expression, variable | use SSL/TLS (default: false.) |
userDn | text, expression, variable | the user DN for authenticating to the Active Directory server |
password | password, string, expression, variable | the user password for authenticating to the Active Directory server |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
extraProperties | expression, variable | Defined below as applicable |
Property | Description |
|---|---|
abandonOnTimeout | Indicates whether the LDAP SDK should attempt to abandon any request for which no response is received in the maximum response timeout period |
captureConnectStackTrace | Indicates whether the LDAP SDK should capture a thread stack trace for each attempt made to establish a connection |
useKeepAlive | Indicates whether to use the SO_KEEPALIVE option for the underlying sockets used by associated connections |
useTCPNoDelay | Indicates whether to use the TCP_NODELAY option for the underlying sockets used by associated connections |
followReferrals | Indicates whether associated connections should attempt to follow any referrals that they encounter |
usePassiveSSLSocketVerifier | If true, corresponds to RapidIdentity setting a |
Property | Description |
|---|---|
connectTimeoutMillis | The maximum length of time in milliseconds that a connection attempt should be allowed to continue before giving up |
useLinger | The SO_LINGER timeout for the underlying sockets used by associated connections |
referralHopLimit | The maximum number of hops that a connection should take when trying to follow a referral |
responseTimeoutMillis | The maximum length of time in milliseconds that an operation should be allowed to block while waiting for a response from the server |
Example
host = "server1.test.local"
port = "636"
ssl = true
user = "test.local\\administrator"
password = "mySecur3p@ssw0rd"
session = openADConnection(host,port,ssl,user,password)
if(session) {
log("Successfully connected to AD!")
} else {
log("Unable to connect to AD")
}
close(session)Open Record Iterator for AD server to sort large sets of records.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
baseDn* | text, expression, password, variable | the search base dn |
scope* | choice (sub, one, base), text, expression, variable | the search scope |
filter* | text, expression, password, variable | the search filter expression or an example record |
initialOffset | expression, variable | the number of records to skip initially. (default: 0) |
pageSize | expression, variable | the preferred number of records to fetch at a time from AD server. (default: 100) |
attributes | text, expression, password, variable | comma-separated list of attributes to check/return (default: none) |
sortKey | text, expression, password, variable | comma-separated list of attributes to use as sort keys, with optional +/- to indicate sort direction. (default: unsorted) |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
sessionAD = openADConnection("10.100.30.35", "636", true,
"administrator@test.local",<Password>)
# Record Iterator
i = 0
recordChanges = openADRecordIterator(sessionAD,
"ou=students,ou=people,dc=test,dc=local", "sub",
"(employeeType=Student)", undefined, undefined, "cn", undefined)
recordIterator: forEach(recordChange, recordChanges) {
log(recordChange)
i = i +1
if(i >= 30) {
break(recordIterator)
} else {
}
}
}
# Close
close(sessionLDAP)Removes a member from a Group on the Active Directory server.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
groupDn* | text, expression, variable | theDN of the Group |
memberDn* | text, expression, variable | the DN of the member |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
groupDn = "CN=TestGroup,OU=Groups,DC=test,DC=local"
newDn = "CN=Test User,OU=People,DC=test,DC=local"
result = removeADGroupMember(session, groupDn, newDn)
if(result) {
log("User removed from Group " + groupDn)
} else {
log("User not removed from Group " + groupDn)
}
close(session)Removes multiple members from a Group on the Active Directory server.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
groupDn* | text, expression, variable | theDN of the Group |
memberDns* | expression, variable | array of DNs of the members |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
groupDn = "CN=TestGroup,OU=Groups,DC=test,DC=local"
newMembers = createArray()
appendArrayItem(newMembers,
"CN=Test User 1,OU=People,DC=test,DC=local")
appendArrayItem(newMembers,
"CN=Test User 2,OU=People,DC=test,DC=local")
appendArrayItem(newMembers,
"CN=Test User 3,OU=People,DC=test,DC=local")
result = removeADGroupMembers(session, groupDn, newMembers)
if(result) {
log("Users removed from Group " + groupDn)
} else {
log("Users not removed from Group " + groupDn)
}
close(session)Rename and/or move an object on the Active Directory server.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
oldDn* | text, expression, variable | the original DN of the object |
newDn* | text, expression, variable | the new DN of the object |
keepOldRdn* | boolean, expression, variable | preserve that attribute values used by the old dn (default: false.) |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
oldDn = "CN=Test User,OU=People,DC=test,DC=local"
newDn = "CN=Test User,OU=Staff,OU=Internal,OU=People,DC=test,DC=local"
result = renameADRecord(session, oldDn, newDn)
if(result) {
log("User moved or renamed to " + newDn)
} else {
log("User not moved or renamed " + oldDn)
}
close(session)Save a Record to the Active Directory server.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
record* | expression, variable | the Record to save - must contain the dn in the @dn field |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
record = createRecord()
setRecordFieldValue(record, "telephoneNumber", "555-555-1234")
addRecordFieldValue(record, "telephoneNumber", "555-555-9876")
dn = "CN=Test User,OU=People,DC=test,DC=local"
setRecordFieldValue(record, "@dn", dn)
result = saveADRecord(session, record)
if(result) {
log("Record saved - " + record)
} else {
log("Record not saved - " + record)
}
close(session)Save an array of Records to the Active Directory server.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
records* | expression, variable | the array of Records to save - must contain the dn in the @dn field |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
records = createArray()
record = createRecord()
setRecordFieldValue(record, "telephoneNumber", "555-555-1234")
addRecordFieldValue(record, "telephoneNumber", "555-555-9876")
setRecordFieldValue(record, "@dn",
"CN=Test User 1,OU=People,DC=test,DC=local")
appendArrayItem(records, record)
record = createRecord()
setRecordFieldValue(record, "telephoneNumber", "555-555-4321")
addRecordFieldValue(record, "telephoneNumber", "555-555-6789")
setRecordFieldValue(record, "@dn",
"CN=Test User 2,OU=People,DC=test,DC=local")
appendArrayItem(records, record)
record = createRecord()
setRecordFieldValue(record, "telephoneNumber", "555-555-2468")
addRecordFieldValue(record, "telephoneNumber", "555-555-1357")
setRecordFieldValue(record, "@dn",
"CN=Test User 3,OU=People,DC=test,DC=local")
appendArrayItem(records, record)
results = saveADRecords(session, records)
i = 0
forEach(dn, dns) {
result = results && result[i]
if(result) {
log("Record saved - " + record)
} else {
log("Record not saved - " + record)
}
i = i + 1
}
close(session)Set/clear AD 'Account is Disabled' flag.
Property | Value | Description |
|---|---|---|
connection* | expression, variable | the AD connection |
accountDn* | text, expression, variable | the DN of the account |
state* | boolean, expression, variable | true to disable the account, false otherwise |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
setRecordFieldValue(record, "@dn",
"CN=test user,OU=People,DC=test,DC=local")
result = setADAccountDisabled (Session, record['@dn'], false)
if(result) {
log("setADAccountDisabled worked", "green")
} else {
log("setADAccountDisabled failed", "red")
}
close(session)Set/clear AD 'Account is Disabled' flag on multiple accounts.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
accountDns* | expression, variable | array of DNs of the accounts |
state* | boolean, expression, variable | true to disable the account, false otherwise |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
dns = createArray()
appendArrayItem(dns, "CN=Test User 1,OU=People,DC=test,DC=local")
appendArrayItem(dns, "CN=Test User 2,OU=People,DC=test,DC=local")
results = setADAccountsDisabled(session, dns, true)
i = 0
forEach(dn, dns) {
result = results && results[i]
if(result) {
log("Account set to disabled - " + dn)
} else {
log("Account not set to disabled " + dn)
}
i = i + 1
}
close(session)Set/clear AD 'Password does not expire' flag.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
accountDn* | text, expression, variable | the DN of the account |
state* | boolean, expression, variable | true to disable the account, false otherwise |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
dn = "CN=Test User,OU=People,DC=test,DC=local"
result = setADDontExpirePassword(session, dn, true)
if(result) {
log("Password does not expire")
} else {
log("Unable to set DontExpirePassword")
}
close(session)Set/clear AD 'Password does not expire' flag on multiple accounts.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
accountDns* | expression, variable | array of DNs of the accounts |
state* | boolean, expression, variable | true to disable the account, false otherwise |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
dns = createArray()
appendArrayItem(dns, "CN=Test User 1,OU=People,DC=test,DC=local")
appendArrayItem(dns, "CN=Test User 2,OU=People,DC=test,DC=local")
results = setADDontExpirePasswords(session, dns, true)
i = 0
forEach(dn, dns) {
result = results && results[i]
if(result) {
log("Account set to not expire passwords - " + dn)
} else {
log("Account not set to not expire passwords " + dn)
}
i = i + 1
}
close(session)Sets password on a Record on the Active Directory server.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
dn* | text, expression, variable | the DN of the Record |
password* | password, string, expression, variable | the password |
oldPassword | password, string, expression, variable | the old password (default: none) |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
password = "password1"
dn = "CN=Test User,OU=People,DC=test,DC=local"
result = setADPassword(session, dn, password)
if(result) {
log("Password has been set")
} else {
log("Password was not set")
}
close(session)Sets passwords on Records on the Active Directory server.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
dns* | text, expression, variable | array of DNs of Records |
passwords* | expression, variable | array of passwords |
oldPasswords | expression, variable | array of old passwords (default: none) |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
dns = createArray()
passwords = createArray()
appendArrayItem(dns, "CN=Test User 1,OU=People,DC=test,DC=local")
appendArrayItem(passwords, "password1")
appendArrayItem(dns, "CN=Test User 2,OU=People,DC=test,DC=local")
appendArrayItem(passwords, "password2")
results = setADPasswords(session, dns, passwords)
i = 0
forEach(dn, dns) {
result = results && results[i]
if(result) {
log("Password has been set for " + dn)
} else {
log("Password was not set for " + dn)
}
i = i + 1
}
close(session)Set/clear AD 'User Cannot Change Password' flag.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
userDn* | text, expression, variable | the DN of the User |
state* | boolean, expression, variable | true to disallow user from changing password, false otherwise |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
dn = "CN=Test User,OU=People,DC=test,DC=local"
result = setADUserCannotChangePassword(session, dn, true)
if(result) {
log("User cannot change password")
} else {
log("Unable to set UserCannotChangePassword")
}
close(session)Set/clear AD 'User Cannot Change Password' flag on multiple Users.
Property | Value | Description |
|---|---|---|
adConnection* | expression, variable | the AD connection |
userDns* | expression, variable | array of DNs of the Users |
state* | boolean, expression, variable | true to disallow user from changing password, false otherwise |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
session = openADConnection(...)
dns = createArray()
appendArrayItem(dns, "CN=Test User 1,OU=People,DC=test,DC=local")
appendArrayItem(dns, "CN=Test User 2,OU=People,DC=test,DC=local")
results = setADUsersCannotChangePassword(session, dns, true)
i = 0
forEach(dn, dns) {
result = results && results[i]
if(result) {
log("Account set to not allow password change - " + dn)
} else {
log("Account not set to not allow password change - " + dn)
}
i = i + 1
}
close(session)