If - Object exists

Declaration

<AMIF ACTIVITY="adobjectexist" AUTHTYPE="FastBind" USERNAME="text" LDAPPATH="text" ADOBJECT="text (options)" OBJECTNAME="text" PASSWORD="text (encrypted)" />

Description

Allows task execution to continue to the next step if the Active Directory object at the specified path exists. Otherwise, task execution flows to the next Else or End If step.

NOTE: All If activities must be followed at some point with an End If step to mark the end of the code block that is to be executed if the expression is TRUE. For ease of use, by default, any If activity added to the Task Builder's Steps panel is always followed by an End If activity.

Practical usage

Ideally used as a conditional step to perform specific actions depending on whether an Active Directory object exists. For instance, if object exists, execute the Active Directory - Move object activity to move the object to a new location or execute the Active Directory - Delete object activity to delete the object.

Parameters

General

Property	Type	Required	Default	Markup	Description
Parent LDAP path	Text	Yes	(Empty)	LDAPPATH="LDAP://DC=netauto,DC=com"	The Lightweight Directory Access Protocol (LDAP) path of the parent Active Directory container. This is usually the top most container or rootDSE path, the root of the directory data tree on a directory server. Click the Select Container button to launch a standard Windows dialog that allows for the selection an Active Directory container.
Type	Text (options)	Yes	User	ADOBJECT="group" ADOBJECT="computer" ADOBJECT="organizationalunit" ADOBJECT="printqueue"	The type of Active Directory object to search for. The available options are: User (Default) - Determine existence of Active Directory user object. Computer - Determine existence of Active Directory computer object. Group - Determine existence of Active Directory group. OrganizationUnit - Determine existence of Active Directory organizational unit. Printer - Determine existence of Active Directory printer object.
Name	Text	Yes	(Empty)	OBJECTNAME="printer"	The name of the Active Directory object to search for. This parameter accepts wildcard characters (that is, * or ?). For example, entering S* will return objects whose names start with "S" in the active directory.

Credentials

Property	Type	Required	Default	Markup	Description
Authentication type	Text (options)	Yes	Default	AUTHTYPE="None" AUTHTYPE="Secure" AUTHTYPE="Encryption" AUTHTYPE="SecureSocketLayer" AUTHTYPE="Anonymous" AUTHTYPE="FastBind" AUTHTYPE="ReadonlyServer" AUTHTYPE="Signing" AUTHTYPE="Sealing" AUTHTYPE="Delegation" AUTHTYPE="ServerBind"	The Active Directory authentication mechanism to use. The available options are: Default - Use default system authentication mechanism. None - Equates to zero, which means to use basic authentication (simple bind) in the LDAP provider. Secure - Requests secure authentication. When this flag is set, the WinNT provider uses NTLM to authenticate the client. Active Directory Domain Services uses Kerberos, and possibly NTLM, to authenticate the client. Encryption - Attaches a cryptographic signature to the message that both identifies the sender and ensures that the message has not been modified in transit. SecureSocketLayer - Attaches a cryptographic signature to the message that both identifies the sender and ensures that the message has not been modified in transit. Active Directory Domain Services requires the Certificate Server be installed to support Secure Sockets Layer (SSL) encryption. Anonymous - No authentication is performed. ReadOnlyServer - For a WinNT provider, ADSI tries to connect to a domain controller. For Active Directory Domain Services, this flag indicates that a writable server is not required for a serverless binding. FastBind - Specifies that ADSI will not attempt to query the Active Directory Domain Services objectClass property. Therefore, only the base interfaces that are supported by all ADSI objects will be exposed. Signing - Verifies data integrity to ensure that the data received is the same as the data sent. The Secure flag must also be set to use signing. Sealing - Encrypts data using Kerberos. The Secure flag must also be set to use sealing. Delegation - Enables Active Directory Services Interface (ADSI) to delegate the user's security context, which is necessary for moving objects across domains. ServerBind - If your ADsPath includes a server name, specify this flag when using the LDAP provider. Do not use this flag for paths that include a domain name or for serverless paths. Specifying a server name without also specifying this flag results in unnecessary network traffic.
Username	Text	Yes	User	USERNAME="ADUser"	Specifies the username of the Active Directory user. NOTE: Leave the Username and Password fields blank in order to use the logon user's credentials. If only accessing Active Directory information, then any Domain user is valid. However, a Domain Administrator is required in order to modify an Active Directory user or group. We recommend using the credentials of a Domain Administrator for all Automate Desktop Active Directory actions.
Password	Text	Yes	(Empty)	PASSWORD="encrypted"	Specifies the password of the Active Directory user. NOTE: Leave the Username and Password fields blank in order to use the logon user's credentials. If only accessing Active Directory information, then any Domain user is valid. However, a Domain Administrator is required in order to modify an Active Directory user or group. We recommend using the credentials of a Domain Administrator for all AutoMate Active Directory actions.

Property

Type

Required

Default

Markup

Description

Authentication type

Text (options)

Yes

Default

AUTHTYPE="None"
AUTHTYPE="Secure"
AUTHTYPE="Encryption"
AUTHTYPE="SecureSocketLayer"
AUTHTYPE="Anonymous"
AUTHTYPE="FastBind"
AUTHTYPE="ReadonlyServer"
AUTHTYPE="Signing"
AUTHTYPE="Sealing"
AUTHTYPE="Delegation"
AUTHTYPE="ServerBind"

The Active Directory authentication mechanism to use. The available options are:

Default - Use default system authentication mechanism.
None - Equates to zero, which means to use basic authentication (simple bind) in the LDAP provider.
Secure - Requests secure authentication. When this flag is set, the WinNT provider uses NTLM to authenticate the client. Active Directory Domain Services uses Kerberos, and possibly NTLM, to authenticate the client.
Encryption - Attaches a cryptographic signature to the message that both identifies the sender and ensures that the message has not been modified in transit.
SecureSocketLayer - Attaches a cryptographic signature to the message that both identifies the sender and ensures that the message has not been modified in transit. Active Directory Domain Services requires the Certificate Server be installed to support Secure Sockets Layer (SSL) encryption.
Anonymous - No authentication is performed.
ReadOnlyServer - For a WinNT provider, ADSI tries to connect to a domain controller. For Active Directory Domain Services, this flag indicates that a writable server is not required for a serverless binding.
FastBind - Specifies that ADSI will not attempt to query the Active Directory Domain Services objectClass property. Therefore, only the base interfaces that are supported by all ADSI objects will be exposed.
Signing - Verifies data integrity to ensure that the data received is the same as the data sent. The Secure flag must also be set to use signing.
Sealing - Encrypts data using Kerberos. The Secure flag must also be set to use sealing.
Delegation - Enables Active Directory Services Interface (ADSI) to delegate the user's security context, which is necessary for moving objects across domains.
ServerBind - If your ADsPath includes a server name, specify this flag when using the LDAP provider. Do not use this flag for paths that include a domain name or for serverless paths. Specifying a server name without also specifying this flag results in unnecessary network traffic.

Username

Text

Yes

User

USERNAME="ADUser"

Specifies the username of the Active Directory user.

NOTE: Leave the Username and Password fields blank in order to use the logon user's credentials. If only accessing Active Directory information, then any Domain user is valid. However, a Domain Administrator is required in order to modify an Active Directory user or group. We recommend using the credentials of a Domain Administrator for all Automate Desktop Active Directory actions.

Password

Text

Yes

(Empty)

PASSWORD="encrypted"

Specifies the password of the Active Directory user.

Description

Error Causes

On Error

Example

NOTE:

Copy and paste the sample AML code below directly into the Task Builder Steps Panel.
To successfully run the sample code, update parameters containing user credentials, files, file paths, or other information specific to the task to match your environment.

Description

Determines if an Active Directory computer object named "computerUsers" exists. If the object exists, rename it to "AutomateUsers." If the object does not exist, create a new computer object named "AutomateUsers."

Copy

1
2
3
<AMIF ACTIVITY="adobjectexist" LDAPPATH="LDAP://servtest.com/OU=TestUsers,DC=servtest,DC=com" ADOBJECT="computer" OBJECTNAME="computerUsers" />
<AMACTIVEDIRECTORY ACTIVITY="rename_object" LDAPPATH="LDAP://servtest.com/OU=TestUsers,DC=servtest,DC=com" OBJECTNAME="AutomateUsers" /><AMELSE />
<AMACTIVEDIRECTORY ACTIVITY="create_object" LDAPPATH="LDAP://servtest.com/OU=TestUsers,DC=servtest,DC=com" OBJECTNAME="AutomateUsers" /></AMIF>

Copyright © Fortra, LLC and its group of companies.
All trademarks and registered trademarks are the property of their respective owners.
24.2.0 | 202409100515 | September 2024

If - Object exists

Declaration

Related Topics

Description

Practical usage

Parameters

General

Credentials

Example

Description