Active Directory - Get object path

Declaration

AMACTIVEDIRECTORY ACTIVITY="get_object_path" AUTHTYPE="text (options)" USERNAME="text" PASSWORD="text (encrypted)" LDAPPATH="text" OBJECTNAME="text" RESULTVARIABLE="text" />

Related Topics    

Description

Populates a variable with the Lightweight Directory Access Protocol (LDAP) path of the specified Active Directory object (for example, user, computer, OU, etc.).

IMPORTANT: Automate Desktop's Active Directory activities require a basic understanding of Active Directory and related components (for example, Domain Controllers, Trust Relationships, Forests, LDAPs, etc.). Also, to ensure that these activities function appropriately, the target system must be part of a domain.

Practical usage

Gets the path of a specific Active Directory object. The path can be specified in subsequent Active Directory operations.

Parameters

Object

Property Type Required Default Markup Description
Parent path Text Yes (Empty) LDAPPATH="LDAP://
DC=netauto,DC=com" 		The Lightweight Directory Access Protocol (LDAP) path of the parent Active Directory container. This is usually the top most container or rootDSE path; the root of the directory data tree on a directory server. Click the Select Container button to launch a standard Windows Active Directory dialog that allows for the selection an Active Directory container.
Name Text Yes (Empty) OBJECTNAME="Scott" The name of the Active Directory object in which to retrieve the path from. Wildcard characters (for example, * and ?) can be used to filter the name. For example, entering S* will filter all Active Directory object names starting with the letter S.
Type Text (Options) Yes User ADOBJECT="GROUP" The Active Directory object type in which to retrieve the path from. The available options are:
  • User (default) - Retrieve path of type User.
  • Computer - Retrieve path of type Computer.
  • Group - Retrieve path of type Group.
  • Organization Unit - Retrieve path of type Organizational Unit.
  • Printer - Retrieve path of type Printer.
Populate variable with path Text Yes (Empty) RESULTVARIABLE="varname" The name of an existing variable to be populated with the first object's LDAP path found in the Active Directory matching the name.

Credentials

Property Type Required Default Markup Description
Authentication type Text (options) No Default
  • AUTHTYPE="Secure"
  • AUTHTYPE="Encryption"
  • AUTHTYPE="SecureSocketLayer"
  • AUTHTYPE="ReadonlyServer"
  • AUTHTYPE="Anonymous"
  • AUTHTYPE="FastBin
  • AUTHTYPE="Signing"
  • AUTHTYPE="Sealing"
  • AUTHTYPE="Delegation"
  • AUTHTYPE="ServerBind"
 Specifies the types of authentication used. The available options are:
  • Default - Use default authentication type.
  • None - Equates to zero, which means to use basic authentication (simple bind) in the LDAP provider.
  • Secure - Requests secure authentication. When this flag is set, the WinNT provider uses NTLM to authenticate the client.
  • Encryption - Attaches a cryptographic signature to the message that both identifies the sender and ensures that the message has not been modified in transit.
  • SecureSocketLayer - Attaches a cryptographic signature to the message that both identifies the sender and ensures that the message has not been modified in transit.
  • ReadonlyServer - For a WinNT provider, ADSI tries to connect to a domain controller. For Active Directory Domain Services, this flag indicates that a writable server is not required for a serverless binding.
  • Anonymous - No authentication is performed.
  • FastBind - Specifies that ADSI will not attempt to query the Active Directory Domain Services objectClass property. Therefore, only the base interfaces that are supported by all ADSI objects will be exposed. Other interfaces that the object supports will not be available.
  • Signing - Verifies data integrity to ensure that the data received is the same as the data sent. The Secure flag must also be set to use signing.
  • Sealing - Encrypts data using Kerberos. The Secure flag must also be set to use sealing.
  • Delegation - Enables Active Directory Services Interface (ADSI) to delegate the user's security context, which is necessary for moving objects across domains.
  • ServerBind - If your ADsPath includes a server name, specify this flag when using the LDAP provider. Do not use this flag for paths that include a domain name or for serverless paths. Specifying a server name without also specifying this flag results in unnecessary network traffic.
Username Text No (Empty) USERNAME="username" The username context that this activity will execute under. Leave the Username and Password parameters blank in order to use the logon user's credentials
NOTE: A Domain User has permission to access Active Directory information. However, only a Domain Administrator has permission to perform Active Directory modifications.
Password Text No (Empty) PASSWORD="password" The password associated to the Username context that this activity will execute under. Leave the Username and Password parameters blank in order to use the logon user's credentials.

Description

Error Causes

On Error

Example

NOTE:
  • Copy and paste the sample AML code below directly into the Task Builder Steps Panel.
  • To successfully run the sample code, update parameters containing user credentials, files, file paths, or other information specific to the task to match your environment.

Description

Get the path of the USER Active Directory object with the name of "G*" and store it in variable "ObjectPath."

Copy 
<AMACTIVEDIRECTORY ACTIVITY="get_object_path" AUTHTYPE="Secure" USERNAME="UserName" PASSWORD="AM5QHMF/fSuE3B114w2edNoBhfHPuS0ccAzdmCGna541Dc=aME" LDAPPATH="LDAP://OU=MyCompanyEmployees,DC=mycompany,DC=com" OBJECTNAME="G*" RESULTVARIABLE="ObjectPath" />