Active Directory - Modify user

Declaration

<AMACTIVEDIRECTORY ACTIVITY="modify_user" LDAPPATH="text" ACTION="text (options)" NEWUSERNAME="text" />

Description: Enables, disables, deletes or renames an existing Active Directory user. This action can also be used to change or reset the password of an Active Directory user.

IMPORTANT: Active Directory activities require a basic understanding of Active Directory and related components (e.g., Domain Controllers, Trust Relationships, Forests, LDAPs, etc.). Also, to ensure that these activities function appropriately, the target system must be part of a domain.

Practical Usage

Can be used in combination with other Active Directory activities to locate user accounts and disable, delete, enable or rename them as well as reset their passwords.

User Parameters

Property	Type	Required	Default	Markup	Description
Path	Text	Yes	(Empty)	LDAPPATH="LDAP://netauto.com/CN=Tac Shore,OU=Sales,OU=Network Automation Employees,DC=networkautomation,DC=com"	Specifies the LDAP (Lightweight Directory Access Protocol) path of the Active Directory group to modify. Clicking Select Group launches a standard Windows Active Directory dialog box that allows for the selection of a group.
Action	Text (Options)	Yes	Enable	ACTION="rename"	Specifies the action to perform on the Active Directory user. The available options are: Enable (Default) - Enables the Active Directory user. Disable - Disables the Active Directory user. Delete - Deletes the Active Directory user. Rename - Renames the Active Directory user. Reset Password - Resets the Active Directory user's password.
New user name	Text	Yes	(Empty)	NEWUSERNAME="Dallas"	Specifies the new name of the Active Directory user. Only available if the Rename option is selected in the Action drop-down.
New password	Text	Yes	(Empty)	NEWPASSWORD="encrypted"	Specifies the new password to set for the Active Directory user. Only available if the Reset password option is selected in the Action drop-down.

Credentials Parameters

Property	Type	Required	Default	Markup	Description
Authentication type	Text (options)	No	Default	AUTHTYPE="Encryption"	Specifies the types of authentication used. The available options are: Default - Use default authentication type. None - Equates to zero, which means to use basic authentication (simple bind) in the LDAP provider. Secure - Requests secure authentication. When this flag is set, the WinNT provider uses NTLM to authenticate the client. Encryption - Attaches a cryptographic signature to the message that both identifies the sender and ensures that the message has not been modified in transit. SecureSocketLayer - Attaches a cryptographic signature to the message that both identifies the sender and ensures that the message has not been modified in transit. ReadonlyServer - For a WinNT provider, ADSI tries to connect to a domain controller. For Active Directory Domain Services, this flag indicates that a writable server is not required for a serverless binding. Anonymous - No authentication is performed. FastBind - Specifies that ADSI will not attempt to query the Active Directory Domain Services objectClass property. Therefore, only the base interfaces that are supported by all ADSI objects will be exposed. Other interfaces that the object supports will not be available. Signing - Verifies data integrity to ensure that the data received is the same as the data sent. The Secure flag must also be set to use signing. Sealing - Encrypts data using Kerberos. The Secure flag must also be set to use sealing. Delegation - Enables Active Directory Services Interface (ADSI) to delegate the user's security context, which is necessary for moving objects across domains. ServerBind - If your ADsPath includes a server name, specify this flag when using the LDAP provider. Do not use this flag for paths that include a domain name or for serverless paths. Specifying a server name without also specifying this flag results in unnecessary network traffic.
Username	Text	No	(Empty)	USERNAME="username"	The username context that this activity will execute under. Leave the Username and Password parameters blank in order to use the logon user's credentials. NOTE: A Domain User has permission to access Active Directory information. However, only a Domain Administrator has permission to perform Active Directory modifications.
Password	Text	No	(Empty)	PASSWORD="password"	The password associated to the Username context that this activity will execute under. Leave the Username and Password parameters blank to use the logon user's credentials.

Property

Type

Required

Default

Markup

Description

Authentication type

Text (options)

Default

AUTHTYPE="Encryption"

Specifies the types of authentication used. The available options are:

Default - Use default authentication type.
None - Equates to zero, which means to use basic authentication (simple bind) in the LDAP provider.
Secure - Requests secure authentication. When this flag is set, the WinNT provider uses NTLM to authenticate the client.
Encryption - Attaches a cryptographic signature to the message that both identifies the sender and ensures that the message has not been modified in transit.
SecureSocketLayer - Attaches a cryptographic signature to the message that both identifies the sender and ensures that the message has not been modified in transit.
ReadonlyServer - For a WinNT provider, ADSI tries to connect to a domain controller. For Active Directory Domain Services, this flag indicates that a writable server is not required for a serverless binding.
Anonymous - No authentication is performed.
FastBind - Specifies that ADSI will not attempt to query the Active Directory Domain Services objectClass property. Therefore, only the base interfaces that are supported by all ADSI objects will be exposed. Other interfaces that the object supports will not be available.
Signing - Verifies data integrity to ensure that the data received is the same as the data sent. The Secure flag must also be set to use signing.
Sealing - Encrypts data using Kerberos. The Secure flag must also be set to use sealing.
Delegation - Enables Active Directory Services Interface (ADSI) to delegate the user's security context, which is necessary for moving objects across domains.
ServerBind - If your ADsPath includes a server name, specify this flag when using the LDAP provider. Do not use this flag for paths that include a domain name or for serverless paths. Specifying a server name without also specifying this flag results in unnecessary network traffic.

Username

Text

(Empty)

USERNAME="username"

The username context that this activity will execute under. Leave the Username and Password parameters blank in order to use the logon user's credentials.

NOTE: A Domain User has permission to access Active Directory information. However, only a Domain Administrator has permission to perform Active Directory modifications.

Password

Text

(Empty)

PASSWORD="password"

The password associated to the Username context that this activity will execute under. Leave the Username and Password parameters blank to use the logon user's credentials.

Example

The sample AML code below can be copied and pasted directly into the Steps panel of the Task Builder.

Description: Change the Active Directory user's password at "LDAP://mycompany.com/CN=Guests,CN=Builtin,DC=mycompany,DC=com".

<AMMODIFYADUSER LDAPPATH="LDAP://mycompany.com/CN=Guests,
CN=Builtin,DC=mycompany,DC=com" ACTION="RESETPWD" NEWPASSWORD="one" />

v10 | 202208121109

Copyright Help/Systems LLC and its group of companies.
All trademarks and registered trademarks are the property of their respective owners.