Active Directory - Modify user |
Declaration
<AMACTIVEDIRECTORY ACTIVITY="modify_user" LDAPPATH="text" ACTION="text (options)" NEWUSERNAME="text" />
Description
Enables, disables, deletes, or renames an existing Active Directory user. This action can also be used to change or reset the password of an Active Directory user.
IMPORTANT: Automate's Active
Directory activities require a basic understanding of Active Directory
and related components (for example, Domain Controllers, Trust Relationships,
Forests, LDAPs, etc.). Also, to ensure that these activities function
appropriately, the target system must be part of a domain.
Practical Usage
Can be used in combination with other Active Directory activities to locate user accounts and disable, delete, enable or rename them as well as reset their passwords.
Parameters
User
Property | Type | Required | Default | Markup | Description |
---|---|---|---|---|---|
Path | Text | Yes | (Empty) | LDAPPATH="LDAP://netauto.com/CN=Tac Shore,OU=Sales,OU=Network Automation Employees,DC=networkautomation,DC=com" | Specifies
the LDAP (Lightweight Directory Access Protocol) path of the Active
Directory group to modify. Clicking Select Group launches a standard Windows Active Directory dialog box that allows for the selection of a group. |
Action | Text (Options) | Yes | Enable | ACTION="rename" | Specifies
the action to perform on the Active Directory user. The available
options are:
|
New user name | Text | Yes | (Empty) | NEWUSERNAME="Dallas" | Specifies the new name of the Active Directory user. Only available if the Rename option is selected in the Action drop-down. |
New password | Text | Yes | (Empty) | NEWPASSWORD="encrypted" | Specifies the new password to set for the Active Directory user. Only available if the Reset password option is selected in the Action drop-down. |
Credentials
Property | Type | Required | Default | Markup | Description |
---|---|---|---|---|---|
Authentication type | Text (options) | No | Default |
|
Specifies
the types of authentication used. The available options are:
|
Username | Text | No | (Empty) | USERNAME="username" | The
username context that this activity will execute under. Leave
the Username and Password parameters blank in
order to use the logon user's credentials NOTE: A Domain User has
permission to access Active Directory information. However, only
a Domain Administrator has permission to perform Active Directory
modifications. |
Password | Text | No | (Empty) | PASSWORD="password" | The password associated to the Username context that this activity will execute under. Leave the Username and Password parameters blank in order to use the logon user's credentials. |
Example
NOTE:
- The sample AML code below can be copied and pasted directly into the Steps Panel of the Task Builder.
- Parameters containing user credentials, files, file paths, and/or other information specific to the task must be customized before the sample code can run successfully.
Description
Change the Active Directory user's password at "LDAP://mycompany.com/CN=Guests,CN=Builtin,DC=mycompany,DC=com."
Copy
<AMACTIVEDIRECTORY ACTIVITY="modify_user" AUTHTYPE="Secure" USERNAME="Administrator" PASSWORD="AM59PqqTzq6pFncbdhvPDCbOc2u2c6W02PMz1AP1Q0y/uI=aME" LDAPPATH="LDAP://mycompany.com/CN=Guests,CN=Builtin,DC=mycompany,DC=com" ACTION="resetpwd" NEWPASSWORD="AM5qk+f+H/MIvunoAzGuPCJRQ==aME" />