Active Directory - Create user

IMPORTANT: Active Directory activities require a basic understanding of Active Directory and related components (e.g.,Domain Controllers, Trust Relationships, Forests, LDAPs, etc.). Also, to ensure that these activities function appropriately, the target system must be part of a domain.

Property

Type

Required

Default

Markup

Description

Parent path

Text

Yes

(Empty)

LDAPPATH=

"LDAP://DC=netauto,DC=com"

The Lightweight Directory Access Protocol (LDAP) path of the parent Active Directory container. This is usually the top most container or rootDSE path, the root of the directory data tree on a directory server. Click the Select Container button to launch a standard Windows Active Directory dialog box that allows for the selection an Active Directory container.

First name

Text

Yes

(Empty)

FIRSTNAME="Mike"

The first name of the Active Directory user to be created.

Initials

Text

No

(Empty)

INITIALS="R"

The initials of the Active Directory user to be created.

Last name

Text

No

(Empty)

LASTNAME="Rogers"

The last name of the Active Directory user to be created.

Full name

Text

Yes

First, Middle Initial & Last Name parameters combined

FULLNAME="Mike R. Rogers

The full name of the Active Directory user to be created. This property defaults to the data entered in the font-weight: bold;">First name, font-weight: bold;">Initials and font-weight: bold;">Last name parameters combined.

Property

Type

Required

Default

Markup

Description

User logon name (@domain is allowed)

Text

Yes

(Empty)

USER="MRogers@netauto.com"

The logon name of the Active Directory user to be created.

User logon name (Pre-Windows 2000)

Text

Yes

(Empty)

PREWINDOWLOGONUSERNAME="MRogers"

The Pre-Windows 2000 logon name of the Active Directory user to be created. This defaults to the data entered in the User Logon Name (@domain is allowed) property minus the @domain parameter (if applicable).

Password

Text

Yes

(Empty)

NEWPASSWORD="password"

The logon password of the Active Directory user to be created.

E-mail

Text

No

(Empty)

EMAIL="mike@netauto.com"

The e-mail address of the Active Directory user to be created.

User must change password at next login

Yes/No

No

No

MUSTCHANGEPASSWORD="YES"

If set to Yes, specifies that the user must modify his/her password at next login session. If set to No, the user must use the password specified in the Password parameter. The default value is No.

User cannot change password

Yes/No

No

No

USERCANNOTCHANGEPASSWORD="YES"

If set to Yes, specifies that the user cannot change the assigned password. The default value is No. This parameter is available only if the User must change password at next login parameter is set to No.

Password never expires

Yes/No

No

No

PASSWORDNEVEREXPIRES="YES"

If set to Yes, indicates that the assigned password never expires. The default value is No.

Account is disabled

Yes/No

No

No

DISABLEACCOUNT="YES"

If set to Yes, indicates that the account to be created is in a disabled state. The default value is No.

Property

Type

Required

Default

Markup

Description

Authentication type

Text (options)

No

Default

AUTHTYPE="Encryption"

Specifies the types of authentication used. The available options are:

• Default - Use default authentication type.

• None - Equates to zero, which means to use basic authentication (simple bind) in the LDAP provider.

• Secure - Requests secure authentication. When this flag is set, the WinNT provider uses NTLM to authenticate the client.

• Encryption - Attaches a cryptographic signature to the message that both identifies the sender and ensures that the message has not been modified in transit.

• SecureSocketLayer - Attaches a cryptographic signature to the message that both identifies the sender and ensures that the message has not been modified in transit.

• ReadonlyServer - For a WinNT provider, ADSI tries to connect to a domain controller. For Active Directory Domain Services, this flag indicates that a writable server is not required for a serverless binding.

• Anonymous - No authentication is performed.

• FastBind - Specifies that ADSI will not attempt to query the Active Directory Domain Services objectClass property. Therefore, only the base interfaces that are supported by all ADSI objects will be exposed. Other interfaces that the object supports will not be available.

• Signing - Verifies data integrity to ensure that the data received is the same as the data sent. The Secure flag must also be set to use signing.

• Sealing - Encrypts data using Kerberos. The Secure flag must also be set to use sealing.

• Delegation - Enables Active Directory Services Interface (ADSI) to delegate the user's security context, which is necessary for moving objects across domains.

• ServerBind - If your ADsPath includes a server name, specify this flag when using the LDAP provider. Do not use this flag for paths that include a domain name or for serverless paths. Specifying a server name without also specifying this flag results in unnecessary network traffic.

Username

Text

No

(Empty)

USERNAME="username"

The username context that this activity will execute under. Leave the Username and Password parameters blank in order to use the logon user's credentials.

NOTE:  A Domain User has permission to access Active Directory information. However, only a Domain Administrator has permission to perform Active Directory modifications.

Password

Text

No

(Empty)

PASSWORD="password"

The password associated to the Username context that this activity will execute under. Leave the Username and Password parameters blank in order to use the logon user's credentials.

<CREATEADUSER LDAPPATH="LDAP://mycompanyserver.com" FIRSTNAME="Peter" INITIALS="S" LASTNAME="Parker" FULLNAME="Peter S. Parker" USER="PParker" PREWINDOWLOGONUSERNAME="PParker" NEWPASSWORD="AM2KhmMg3vfZtsoGZuDe99x2z8Z6IMd3xXZaME" EMAIL="PParker@mycompany.com" MUSTCHANGEPASSWORD="YES" USERNAME="username" PASSWORD="AM2LRmbg3zfZtstGZuDfN9m20wZ6IMd3xXbaME" />