Active Directory - List object path

Declaration

<AMACTIVEDIRECTORY ACTIVITY="list_object_path" AUTHTYPE="text (options)" USERNAME="text" PASSWORD="text (encrypted)" LDAPPATH="text" ADOBJECT="text (options)" FILTER="text" RESULTDATASET="text" />

Related Topics    

Description

Retrieves a list of the paths for all Active Directory objects (for example, computers, users, groups, etc.) at and below the specified path and populates a dataset with resulting values. Results can be filtered by object type and/or a filter string.

IMPORTANT: Automate Desktop's Active Directory activities require a basic understanding of Active Directory and related components (for example, Domain Controllers, Trust Relationships, Forests, LDAPs, etc.). Also, to ensure that these activities function appropriately, the target system must be part of a domain.

Practical usage

Can be used along with other Active Directory activities to create a report with essential information on Active Directory infrastructure and objects. Reports can be created for management, distribution and/or auditing purposes.

Parameters

Object

Property Type Required Default Markup Description
Get Active Directory using Text (options) No Simple Filter ACTION="CUSTOMFILTER" The manner in which to retrieve the Active Directory object's LDAP (Lightweight Directory Access Protocol) paths. The available options are:
  • Simple Filter (default) - Selects the Active Directory objects using simple filter.
  • Custom Filter - Selects the Active Directory objects using more advance custom filter.
  • ADO Query (SQL or LDAP syntax) - Selects the Active Directory objects using more advanced SQL or LDAP query.
Parent path Text Yes (Empty) LDAPPATH="LDAP://
DC=networkautomation,DC=com" 		The LDAP path of the parent Active Directory object. Usually the top most container or rootdse path.

Click the Select Container button to select the parent container from the domain. When doing so, this launches a standard Windows Active Directory dialog that allows for selection of the container.
NOTE: The Parent Path parameter is available only if Simple Filter or Custom Filter is selected from the Get Active Directory Using parameter.
Object Text (options) No User ADOBJECT="GROUP The type of object in which to retrieve its path from. The available options are:
  • User (default) - List User object path.
  • Computer - List Computer object path.
  • Group - List Group object path.
  • Organization unit - List Organizational Unit object path.
  • Printer - List Printer object path.
Filter Text Yes (Empty) FILTER="R*" Provides the filter string to search for specific Active Directory objects.
Custom filter Text Yes (Empty) CUSTOMFILTER="(&amp;(objectCategory=user)(name=*))" Allows entry of a custom filter string. This parameter is available only if the Get Active Directory using parameter is set to Custom Filter.  
Query statement (SQL or LDAP syntax) Text Yes (Empty) QUERY="SELECT ADs Path FROM 'LDAP://fortra.com' WHERE objectCategory='organizationalUnit'" Allows entry of a SQL or LDAP ADO query string. This parameter is available only if the Get Active Directory Using parameter is set to ADO Query (SQL or LDAP syntax).
Create and populate dataset with paths Text Yes (Empty) RESULTDATASET="ADObjects" The name of a dataset in which to create and populate with the results. For more details, see Datasets below.

Credentials

Property Type Required Default Markup Description
Authentication type Text (options) No Default
  • AUTHTYPE="Secure"
  • AUTHTYPE="Encryption"
  • AUTHTYPE="SecureSocketLayer"
  • AUTHTYPE="ReadonlyServer"
  • AUTHTYPE="Anonymous"
  • AUTHTYPE="FastBin
  • AUTHTYPE="Signing"
  • AUTHTYPE="Sealing"
  • AUTHTYPE="Delegation"
  • AUTHTYPE="ServerBind"
 Specifies the types of authentication used. The available options are:
  • Default - Use default authentication type.
  • None - Equates to zero, which means to use basic authentication (simple bind) in the LDAP provider.
  • Secure - Requests secure authentication. When this flag is set, the WinNT provider uses NTLM to authenticate the client.
  • Encryption - Attaches a cryptographic signature to the message that both identifies the sender and ensures that the message has not been modified in transit.
  • SecureSocketLayer - Attaches a cryptographic signature to the message that both identifies the sender and ensures that the message has not been modified in transit.
  • ReadonlyServer - For a WinNT provider, ADSI tries to connect to a domain controller. For Active Directory Domain Services, this flag indicates that a writable server is not required for a serverless binding.
  • Anonymous - No authentication is performed.
  • FastBind - Specifies that ADSI will not attempt to query the Active Directory Domain Services objectClass property. Therefore, only the base interfaces that are supported by all ADSI objects will be exposed. Other interfaces that the object supports will not be available.
  • Signing - Verifies data integrity to ensure that the data received is the same as the data sent. The Secure flag must also be set to use signing.
  • Sealing - Encrypts data using Kerberos. The Secure flag must also be set to use sealing.
  • Delegation - Enables Active Directory Services Interface (ADSI) to delegate the user's security context, which is necessary for moving objects across domains.
  • ServerBind - If your ADsPath includes a server name, specify this flag when using the LDAP provider. Do not use this flag for paths that include a domain name or for serverless paths. Specifying a server name without also specifying this flag results in unnecessary network traffic.
Username Text No (Empty) USERNAME="username" The username context that this activity will execute under. Leave the Username and Password parameters blank in order to use the logon user's credentials
NOTE: A Domain User has permission to access Active Directory information. However, only a Domain Administrator has permission to perform Active Directory modifications.
Password Text No (Empty) PASSWORD="password" The password associated to the Username context that this activity will execute under. Leave the Username and Password parameters blank in order to use the logon user's credentials.

Description

Error Causes

On Error

Additional notes

Datasets

A dataset is a multiple column, multiple row container object. This action creates and populates a dataset with the following fields (assuming the dataset name entered was theDataset):

Name Type Return Value
theDataset.ClassName Text The class name.
theDataset.Guid Text The GUID of the Directory Entry.
theDataset.Name Text The name of the object as named with the underlying directory service.
theDataset.NativeGuid Text The GUID of the Directory Entry, as returned from the provider.
theDataset.Path Text The path for this directory entry.

Example

NOTE:
  • Copy and paste the sample AML code below directly into the Task Builder Steps Panel.
  • To successfully run the sample code, update parameters containing user credentials, files, file paths, or other information specific to the task to match your environment.

Description

List all Active Directory object paths and populate dataset "ADObjects" with the results.

Copy 
<AMACTIVEDIRECTORY ACTIVITY="list_object_path" AUTHTYPE="Secure" USERNAME="Administrator" PASSWORD="AM54nZlor7IjQk55PWC/Hh3Fx3/FJY61X2ulq0ptqRCrmQ=aME" QUERYTYPE="customfilter" LDAPPATH="LDAP://servername.com" CUSTOMFILTER="(&amp;; (objectCategory=user) (name=*) )" RESULTDATASET="ADObjects" />