Active Directory Adapter Reference
  • 12 May 2023
  • 20 Minutes to read
  • Dark
    Light

Active Directory Adapter Reference

  • Dark
    Light

Article summary

Active Directory Adapter Reference

Connect Password Filter

The Active Directory adapter depends on the Connect Active Directory Password Filter to be able to capture password changes in AD.

addADGroupMember

Adds a member to a Group on the Active Directory Server.

Property

Value

Description

adConnection*

expression, variable

the AD connection

groupDn*

text, expression, variable

theDN of the Group

memberDn*

text, expression, variable

the DN of the member

returnVariable

expression, variable

name of the variable to be assigned to the return value

session = openADConnection()
groupDn = "CN=TestGroup,OU=Groups,DC=test,DC=local"
newDn = "CN=Test User,OU=People,DC=test,DC=local"
result = addADGroupMember(session, groupDn, newDn)
if(result) {
log("User added to Group " + groupDn)
} else {
log("User not added to Group " + opegroupDn)
}
close(session)

addADGroupMembers

Adds members to a Group on the Active Directory Server.

Property

Value

Description

memberDns*

expression, variable

array of DNs of the members

groupDn*

text, expression, variable

theDN of the Group

adConnection*

expression, variable

the AD connection

returnVariable

expression, variable

name of the variable to be assigned to the return value

session = openADConnection(...)
groupDn = "CN=TestGroup,OU=Groups,DC=test,DC=local"
newMembers = createArray()
appendArrayItem(newMembers, "CN=Test User 1,OU=People,DC=test,DC=local")
appendArrayItem(newMembers, "CN=Test User 2,OU=People,DC=test,DC=local")
appendArrayItem(newMembers, "CN=Test User 3,OU=People,DC=test,DC=local")
result = addADGroupMembers(session, groupDn, newMembers)
if(result) {
log("Users added to Group " + groupDn)
} else {
log("Users not added to Group " + groupDn)
}
close(session)

addADUser

Add a User to the Active Directory server.

Property

Value

Description

adConnection*

expression, variable

the AD connection

record*

expression, variable

the Record containing fields to set - must contain the dn in the @dn field

password*

password, string, expression, variable

the initial password

returnVariable

expression, variable

name of the variable to be assigned to the return value

session = openADConnection(...)
record = createRecord()
# Set default values
setRecordFieldValue(record, "objectClass", "User")
setRecordFieldValue(record, "sn", "User")
setRecordFieldValue(record, "givenName", "Test")
setRecordFieldValue(record, "mail", "TestUser@test.local")
setRecordFieldValue(record, "sAMAccountName", "TestUser")
setRecordFieldValue(record, "homeDirectory", "\\\\Server\\Share\\Users\\"
+ record['sAMAccountName'])
setRecordFieldValue(record, "homeDrive", "H:")
password = "changeme"
# Set DN
destinationDN = "OU=People,DC=test,DC=local"
setRecordFieldValue(record, "cn", record['givenName'] + " "
+ record['sn'])
setRecordFieldValue(record, "@dn", "cn=\"" + record.cn + "\","
+ destinationDN)
removeRecordField(record, "cn")
if(!record['sn'] || !record['givenName'] || !record['mail'] ||
!record['sAMAccountName']) {
log("Minimum requirements not met for add - " + record)
return null
} else {
}
# Add User
result = addADUser(session, record, *********)
if(result) {
log("Record added - " + record)
if(record['homeDirectory']) {
result = createADHomeDirectory(system['session'],
record['@dn'], record['homeDirectory'])
if(result) {
log("Directory created - " + record['homeDirectory'])
} else {
log("Unable to create directory - "
+ record['homeDirectory'])
}
} else {
}
} else {
log("Record not added - " + record)
}
close(session)

addADUsers

Add an array of Users to the Active Directory Server.

Property

Value

Description

adConnection*

expression, variable

the AD connection

records*

expression, variable

array of Records containing fields to set - must contain the dn in the @dn field

passwords*

expression, variable

array of initial passwords

returnVariable

expression, variable

name of the variable to be assigned to the return value

session = openADConnection(...)
# Build arrays of User records and passwords to add
newUserRecords = createArray()
newUserPasswords = createArray()
i = 0
while(i < 10) {
record = createRecord()
# Set default values
setRecordFieldValue(record, "objectClass", "User")
setRecordFieldValue(record, "sn", "User" + i)
setRecordFieldValue(record, "givenName", "Test")
setRecordFieldValue(record, "mail", "TestUser" + i "@test.local")
setRecordFieldValue(record, "sAMAccountName", "TestUser" + i)
setRecordFieldValue(record, "homeDirectory",
"\\\\Server\\Share\\Users\\" +
record['sAMAccountName'])
setRecordFieldValue(record, "homeDrive", "H:")
password = "changeme"
# Set DN
destinationDN = "OU=People,DC=test,
DC=local"setRecordFieldValue(record, "cn",
record['givenName']
+ " " + record['sn'])
setRecordFieldValue(record, "@dn", "cn=\"" + record['cn'] + "\"," + destinationDN)
removeRecordField(record, "cn")
if(record['sn'] && record['givenName'] && record['mail'] &&
record['sAMAccountName']) {
appendArrayItem(newUserRecords, record)
appendArrayItem(newUserPasswords, password)
} else {
log("Minimum requirements not met for add - " + record)
}
i = i + i
}
if(newUserRecords['length'] == 0) {
# No users to add
return
}
# Add Users
results = addADUsers(session, newUserRecords, newUserPasswords)
i = 0;
forEach(record, newUserRecords) {
result = results && results[i];
if(result) {
log("Record added - " + record)
if(record['homeDirectory']) {
result = createADHomeDirectory(system['session'],
record['@dn'],
record['homeDirectory'])
if(result) {
log("Directory created - "
+ record['homeDirectory'])
} else {
log("Unable to create directory - "
+ record['homeDirectory'])
}
} else {
}
} else {
log("Record not added - " + record)
}
i = i + 1
}
close(session)

compareADField

Compare a Record field on the Active Directory server.

Property

Value

Description

adConnection*

expression, variable

the AD connection

dn*

expression, variable

the DN of the Record

fieldName

text, expression, variable

name of the field to be compared

fieldValue

text, expression, variable

value of the field to be compared

returnVariable

expression, variable

name of the variable to be assigned to the return value

session = openADConnection(...)
mail = "testuser@test.local"
isEqual = compareADField(session, dn, "mail", mail)
if(isEqual == true) {
log("mail = " + mail)
} else {
log("mail <> " + mail)
}
close(session)

createADHomeDirectory

Create a Home Directory for a User on the Active Directory server.

Property

Value

Description

adConnection*

expression, variable

the AD connection

userDn*

text, expression, variable

the DN of the User

uncPath*

text, expression, variable

the UNC path of the home directory

returnVariable

expression, variable

name of the variable to be assigned to the return value

extraProperties

expression, variable

extra possible properties supported for JCIFS NG

session = openADConnection(...)
setRecordFieldValue(record, "homeDirectory",
"\\\\server1.test.local\\share\\users\\testuser")
setRecordFieldValue(record, "@dn",
"CN=test user,OU=People,DC=test,DC=local")
result = createADHomeDirectory(session, record['@dn'],
record['homeDirectory'])
if(result) {
log("Directory created - " + record['homeDirectory'])
} else {
log("Unable to create directory - " + record['homeDirectory'])
}
close(session)

deleteADHomeDirectory

Delete a Home Directory for a User on the Active Directory server.

Property

Value

Description

adConnection*

expression, variable

the AD connection

userDn*

text, expression, variable

the DN of the User

returnVariable

expression, variable

name of the variable to be assigned to the return value

extraProperties

expression, variable

extra possible properties supported for JCIFS NG

session = openADConnection(...)
setRecordFieldValue(record, "homeDirectory",
"\\\\server1.test.local\\share\\users\\testuser")
setRecordFieldValue(record, "@dn",
"CN=test user,OU=People,DC=test,DC=local")
result = deleteADHomeDirectory(session, record['@dn'],
record['homeDirectory'])
if(result) {
log("Directory deleted - " + record['homeDirectory'])
} else {
log("Unable to delete directory - " + record['homeDirectory'])
}
close(session)

deleteADRecord

Delete a record from the Active Directory server.

Property

Value

Description

adConnection*

expression, variable

the AD connection

dn*

text, expression, variable

the DN of the Record

recursive

boolean, expression, variable

recursively delete subtree rooted at dn (default: false)

returnVariable

expression, variable

name of the variable to be assigned to the return value

session = openADConnection(...)
dn = "CN=test user,OU=People,DC=test,DC=local"
result = deleteADRecord(session, dn)
if(result) {
log("Record deleted - " + dn)
} else {
log("Unable to delete record - " + dn)
}
close(session)

deleteADRecords

Delete array of Records from the Active Directory server.

Property

Value

Description

adConnection*

expression, variable

the AD connection

dns*

expression, variable

array of DNs of the Records

recursive

boolean, expression, variable

recursively delete subtree rooted at dn (default: false)

returnVariable

expression, variable

name of the variable to be assigned to the return value

session = openADConnection(...)
dns = createArray()
appendArrayItem(dns, "CN=Test User 1,OU=People,DC=test,DC=local")
appendArrayItem(dns, "CN=Test User 2,OU=People,DC=test,DC=local")
appendArrayItem(dns, "CN=Test User 3,OU=People,DC=test,DC=local")
results = deleteADRecords(session, dns)
i = 0
forEach(dn, dns) {
result = results && results[i]
if(result) {
log("Record deleted - " + dn)
} else {
log("Unable to delete record - " + dn
}
i = i + 1
}
close(session)

getADAccountDisabled

Get 'Account is Disabled' flag.

Property

Value

Description

adConnection*

expression, variable

the AD connection

accountDn*

text, expression, variable

the DN of the account

returnVariable

expression, variable

name of the variable to be assigned to the return value

session = openADConnection(...)
setRecordFieldValue(record, "@dn",
"CN=test user,OU=People,DC=test,DC=local")
result = getADAccountDisabled (Session, record['@dn'])
if(result) {
log("Active Directory Account Disabled", "green")
} else {
log("Active Directory Account NOT Disabled", "red")
}
close(session)

getADAccountsDisabled

Get 'Account is Disabled' flag from multiple accounts.

Property

Value

Description

adConnection*

expression, variable

the AD connection

accountDns*

expression, variable

array of DNs of the accounts

returnVariable

expression, variable

name of the variable to be assigned to the return value

session = openADConnection(...)
dns = createArray()
appendArrayItem(dns, "CN=Test User 1,OU=People,DC=test,DC=local")
appendArrayItem(dns, "CN=Test User 2,OU=People,DC=test,DC=local")
appendArrayItem(dns, "CN=Test User 3,OU=People,DC=test,DC=local")
results = getADAccountsDisabled(session, dns)
i = 0
forEach(dn, dns) {
result = results && results[i]
if(result) {
log("Account is disabled - " + dn)
} else {
log("Account is enabled - " + dn)
}
i = i + 1
}
close(session)

getADChanges

Get changed Records from an Active Directory server.

Property

Value

Description

adConnection*

expression, variable

the AD connection

baseDn*

text, expression, variable

the search base dn

scope*

choice (sub, one, base), text, expression, variable

the search scope

filter*

text, expression, variable

the search filter expression or an example Record

attributes

text, expression, variable

comma separated list of attributes to return (default: none)

cookie

expression, variable

cookie returned from previous invocation (default: none, which will return all objects)

returnVariable

expression, variable

name of the variable to be assigned to the return value

Warning

This action, as shown in the example below, provides valid results when configured properly. However, getADChanges is no longer the preferred method to obtain changed record results within an Action Set.

The current preferred method to obtain changed record results is to use the openADChangeIterator action, as shown below.

session = openADConnection(...)
cookieFile = "/cookie/studentsAD.cookie"
fileExists = isFile(cookieFile)
if(!fileExists) {
saveToFile(cookieFile, "")
} else {
}
varCookie = loadFileAsBytes(cookieFile)
# getRecords
moreResults = 1
while(moreResults != 0) {
recordChanges = getADChanges(session,
"OU=People,DC=test,DC=local", "sub",
"(employeeType=Student)", "cn,sn,givenName", varCookie)
moreResults = 0
if(recordChanges) {
log("Count: " + recordChanges.length)
} else {
}
# foreach
forEach(recordChange, recordChanges) {
if(recordChange.objectClass == "cookie") {
saveToFile(cookieFile, recordChange.cookie)
varCookie = recordChange.cookiemoreResults =
Number(recordChange.moreResults)
} else {
record = getADRecord(session, recordChange['@dn'], "*")
# transformations
if(!record) {
continue()
} else {
log("Name information has changed: " + record.sn
+ " " + record['givenName'])
}
}
}
}
# Close Connections
close(session)

getADDontExpirePassword

Get 'Password does not expire' flag.

Property

Value

Description

adConnection*

expression, variable

the AD connection

accountDn*

text, expression, variable

the DN of the account

returnVariable

expression, variable

name of the variable to be assigned to the return value

session = openADConnection(...)
dn = "CN=Test User,OU=People,DC=test,DC=local"
result = getADDontExpirePassword(session, dn)
if(result != null) {
if(result == true) {
log("Password expires")
} else {
log("Password does not expire")
}
} else {
log("Unable to get UserCannotChangePassword")
}
close(session)

getADDontExpirePasswords

Get 'Password does not expire' flag from multiple accounts.

Property

Value

Description

adConnection*

expression, variable

the AD connection

accountDns*

expression, variable

array of DNs of the accounts

returnVariable

expression, variable

name of the variable to be assigned to the return value

session = openADConnection(...)
dns = createArray()
appendArrayItem(dns, "CN=Test User 1,OU=People,DC=test,DC=local")
appendArrayItem(dns, "CN=Test User 2,OU=People,DC=test,DC=local")
appendArrayItem(dns, "CN=Test User 3,OU=People,DC=test,DC=local")
results = getADDontExpirePasswords(session, dns)
i = 0
forEach(dn, dns) {
result = results && results[i]
if(result) {
log("Account password doesn't expire - " + dn)
} else {
log("Account password expires - " + dn)
}
i = i + 1
}
close(session)

getADPassword

Gets decrypted password stored by RapidIdentity password filter from an Active Directory entry.

Property

Value

Description

adConnection*

expression, variable

the AD connection

dn*

text, expression, variable

the DN of the Record

returnVariable

expression, variable

name of the variable to be assigned to the return value

session = openADConnection(...)
password = "password1"
dn = "CN=Test User,OU=People,DC=test,DC=local"
adPwd = getADPassword(session, dn)
if(adPwd && adPwd == password) {
log("User has not changed their default password!")
} else {
log("Password has been changed from default.")
}
close(session)

getADPasswords

Gets an array of decrypted passwords stored by RapidIdentity password filter from Active Directory entries.

Property

Value

Description

adConnection*

expression, variable

the AD connection

dns*

expression, variable

array of DNs of the Records

returnVariable

expression, variable

name of the variable to be assigned to the return value

session = openADConnection(...)
password = "password1"
dns = createArray()
appendArrayItem(newMembers,
"CN=Test User 1,OU=People,DC=test,DC=local")
appendArrayItem(newMembers,
"CN=Test User 2,OU=People,DC=test,DC=local")
appendArrayItem(newMembers,
"CN=Test User 3,OU=People,DC=test,DC=local")
adPwds = getADPasswords(session, dns)
i = 0
forEach(dn, dns) {
adPwd = adPwds && adPwds[i]
if(adPwd == password) {
log("User has not changed their default password!")
} else {
log("Password has been changed from default.")
}
i = i + i
}
close(session)

getADRecord

Get a Record from the Active Directory server.

Property

Value

Description

adConnection*

expression, variable

the AD connection

dn*

expression, variable

the DN of the Record

attributes

text, expression, variable

comma separated list of attributes to return (default: none)

returnVariable

expression, variable

name of the variable to be assigned to the return value

session = openADConnection(...)
dn = "CN=Test User,OU=People,DC=test,DC=local"
record = getADRecord(session, dn, "cn,sn,givenName")
if(record) {
log("User found: " + record)
} else {
log("User not found: " + dn)
}
close(session)

getADRecords

Get multiple Records from the Active Directory server.

Property

Value

Description

adConnection*

expression, variable

the AD connection

baseDn*

text, expression, variable

the search base dn

scope*

choice (sub, one, base), text, expression, variable

the search scope

filter*

text, expression, variable

the search filter expression or an example Record

maxResults

expression, variable

maximum number of Records to return (default: the server maximum)

attributes

text, expression, variable

comma separated list of attributes to return (default: none)

returnVariable

expression, variable

name of the variable to be assigned to the return value

session = openADConnection(...)
baseDn = "OU=People,DC=test,DC=local"
filter = "(objectClass=user)"
records = getADRecords(session, baseDn, "sub", filter,
"cn,sn,givenName")
log("Found: " + records.length)
forEach(record,records) {
log("User found: " + record)
}
close(session)

getADRecordsByDN

Get an array of Records from the Active Directory server by DN.

Property

Value

Description

adConnection*

expression, variable

the AD connection

dns*

expression, variable

array of DNs of the Records

attributes

text, expression, variable

comma separated list of attributes to return (default: none)

returnVariable

expression, variable

name of the variable to be assigned to the return value

session = openADConnection(...)
dns = createArray()
appendArrayItem(newMembers,
"CN=Test User 1,OU=People,DC=test,DC=local")
appendArrayItem(newMembers,
"CN=Test User 2,OU=People,DC=test,DC=local")
appendArrayItem(newMembers,
"CN=Test User 3,OU=People,DC=test,DC=local")
records = getADRecordsByDN(session, dns, "cn,sn,givenName")
i = 0
forEach(dn, dns) {
record = records && records[i]
if(record) {
log("User found: " + record)
} else {
log("User not found: " + dn)
}
i = i + 1
}
close(session)

getADUserCannotChangePassword

Get AD 'User Cannot Change Password' flag.

Property

Value

Description

adConnection*

expression, variable

the AD connection

userDn*

text, expression, variable

the DN of the User

returnVariable

expression, variable

name of the variable to be assigned to the return value

session = openADConnection(...)
dn = "CN=Test User,OU=People,DC=test,DC=local"
result = getADUserCannotChangePassword(session, dn)
if(result != null) {
if(result == true) {
log("User cannot change password")
} else {
log("User can change password")
}
} else {
log("Unable to get UserCannotChangePassword")
}
close(session)

getADUsersCannotChangePassword

Get AD 'User Cannot Change Password' flag from multiple Users.

Property

Value

Description

adConnection*

expression, variable

the AD connection

userDns*

expression, variable

array of DNs of the Users

returnVariable

expression, variable

name of the variable to be assigned to the return value

session = openADConnection(...)
dns = createArray()
appendArrayItem(dns, "CN=Test User 1,OU=People,DC=test,DC=local")
appendArrayItem(dns, "CN=Test User 2,OU=People,DC=test,DC=local")
appendArrayItem(dns, "CN=Test User 3,OU=People,DC=test,DC=local")
results = getADUsersCannotChangePassword(session, dns)
i = 0
forEach(dn, dns) {
result = results && results[i]
if(result) {
log("User cannot change password - " + dn)
} else {
log("User can change password - " + dn)
}
i = i + 1
}
close(session)

modifyADRecord

Modify a Record on the Active Directory server.

Property

Value

Description

adConnection*

expression, variable

the AD connection

dn*

expression, variable

the DN of the Record

removeRecord

expression, variable

a Record containing attributes/values to be removed

addRecord

expression, variable

a Record containing attribute values to be added

returnVariable

expression, variable

name of the variable to be assigned to the return value

session = openADConnection(...)
addRecord = createRecord()
removeRecord = createRecord()
setRecordFieldValue(addRecord, "objectClass", "customObjectClass")
addRecordField(removeRecord, "telephoneNumber")
dn = "CN=Test User,OU=People,DC=test,DC=local"
result = modifyADRecord(session, dn, removeRecord, addRecord)
if(result) {
log("Record modified - Added " + addRecord)
log("Record modified - Removed " + removeRecord)
} else {
log("Record not modified - " + dn)
}
close(session)

modifyADRecords

Modify an array of Records on the Active Directory server.

Property

Value

Description

adConnection*

expression, variable

the AD connection

dns*

expression, variable

array of DNs of the Records

removeRecords

expression, variable

array of Records containing attributes/values to be removed

addRecords

expression, variable

array of Records containing attribute values to be added

returnVariable

expression, variable

name of the variable to be assigned to the return value

session = openADConnection(...)
addRecord = createRecord()
removeRecord = createRecord()
setRecordFieldValue(addRecord, "objectClass", "customObjectClass")
addRecordField(removeRecord, "telephoneNumber")
addRecords = createArray()
removeRecords = createArray()
dns = createArray()
appendArrayItem(dns, "CN=Test User 1,OU=People,DC=test,DC=local")
appendArrayItem(addRecords, addRecord)
appendArrayItem(removeRecords, removeRecord)
appendArrayItem(dns, "CN=Test User 2,OU=People,DC=test,DC=local")
appendArrayItem(addRecords, addRecord)
appendArrayItem(removeRecords, removeRecord)
appendArrayItem(dns, "CN=Test User 3,OU=People,DC=test,DC=local")
appendArrayItem(addRecords, addRecord)
appendArrayItem(removeRecords, removeRecord)
results = modifyADRecords(session, dns, removeRecords, addRecords)
i = 0
forEach(dn, dns) {
result = results && result[i]
if(result) {
log("Record modified - Added " + addRecords[i] + " to "
+ dn)
log("Record modified - Removed " + removeRecords[i]
+ " to " + dn)
} else {
log("Record not modified - " + dn)
}
i = i + 1
}
close(session)

moveADHomeDirectory

Moves a Home Directory for a User on the Active Directory server.

Property

Value

Description

adConnection*

expression, variable

the AD connection

userDn*

text, expression, variable

the DN of the User

uncPath*

text, expression, variable

the new UNC path of the home directory

returnVariable

expression, variable

name of the variable to be assigned to the return value

extraProperties

expression, variable

extra possible properties supported for JCIFS NG

session = openADConnection(...)
homeDirectory = "\\\\server1.test.local\\share\\users\\testuser"
dn = "CN=test user,OU=People,DC=test,DC=local"
result = moveADHomeDirectory(session, dn, homeDirectory)
if(result) {
log("Directory moved - " + homeDirectory)
} else {
log("Unable to move directory - " + homeDirectory)
}
close(session)

openADChangeIterator

Open AD Change Iterator.

Property

Value

Description

adConnection*

expression, variable

the AD connection

baseDn*

text, expression, variable

the search base dn

scope*

choice (sub, one, base), text, expression, variable

the search scope

filter*

text, expression, variable

the search filter expression or an example Record

attributes

text, expression, variable

comma separated list of attributes to return (default: none)

cookieFile*

text, expression, variable

path to file to load/save cookie

returnVariable

expression, variable

name of the variable to be assigned to the return value

Warning
The cookie file can impact the results obtained when running openADChangeIterator. If the cookie file does not exist in the path, the results when running the Action Set will show all records based on the listed action properties and their values. If the cookie file does exist in the path, the results when running the Action Set will show the results that have changed since the Action Set was last run relative to the existing cookie file. Thus, the presence of a cookie file could lead to inaccurate results when running the Action Set. If it is necessary to ensure the Action Set is run for all targeted records, one option is to rename or move the cookie file.
session = openADConnection(...)
cookieFile = "/cookie/studentsAD.cookie"
recordChanges = openADChangeIterator(session,
"OU=People,DC=test,DC=local", "sub",
"(employeeType=Student)", "cn,sn,givenName", cookieFile)
# foreach
forEach(recordChange, recordChanges) {
record = getADRecord(session, recordChange['@dn'], "*")
# transformations
if(!record) {
continue()
} else {
log("Name information has changed: " + record['sn'] + " "
+ record['givenName'])
}
}
# Close Connections
close(session)

openADConnection

Open a connection to an Active Directory server.

Property

Value

Description

adHost*

text, expression, variable

the host name or IP address of the Active Directory server

adPort

expression, variable

the TCP port of the Active Directory server (default: 636 if using SSL, 389 otherwise.)

useSSL

boolean, expression, variable

use SSL/TLS (default: false.)

userDn

text, expression, variable

the user DN for authenticating to the Active Directory server

password

password, string, expression, variable

the user password for authenticating to the Active Directory server

returnVariable

expression, variable

name of the variable to be assigned to the return value

extraProperties

expression, variable

Defined below as applicable

Booleans

Property

Description

abandonOnTimeout

Indicates whether the LDAP SDK should attempt to abandon any request for which no response is received in the maximum response timeout period

captureConnectStackTrace

Indicates whether the LDAP SDK should capture a thread stack trace for each attempt made to establish a connection

useKeepAlive

Indicates whether to use the SO_KEEPALIVE option for the underlying sockets used by associated connections

useTCPNoDelay

Indicates whether to use the TCP_NODELAY option for the underlying sockets used by associated connections

followReferrals

Indicates whether associated connections should attempt to follow any referrals that they encounter

usePassiveSSLSocketVerifier

If true, corresponds to RapidIdentity setting a SSLSocketVerifier using a passive SSL socket verifier with the connection timeout milliseconds

Integers

Property

Description

connectTimeoutMillis

The maximum length of time in milliseconds that a connection attempt should be allowed to continue before giving up

useLinger

The SO_LINGER timeout for the underlying sockets used by associated connections

referralHopLimit

The maximum number of hops that a connection should take when trying to follow a referral

responseTimeoutMillis

The maximum length of time in milliseconds that an operation should be allowed to block while waiting for a response from the server

host = "server1.test.local"
port = "636"
ssl = true
user = "test.local\\administrator"
password = "mySecur3p@ssw0rd"
session = openADConnection(host,port,ssl,user,password)
if(session) {
log("Successfully connected to AD!")
} else {
log("Unable to connect to AD")
}
close(session)

openADRecordIterator

Open Record Iterator for AD server to sort large sets of records.

Property

Value

Description

adConnection*

expression, variable

the AD connection

baseDn*

text, expression, password, variable

the search base dn

scope*

choice (sub, one, base), text, expression, variable

the search scope

filter*

text, expression, password, variable

the search filter expression or an example record

initialOffset

expression, variable

the number of records to skip initially. (default: 0)

pageSize

expression, variable

the preferred number of records to fetch at a time from AD server. (default: 100)

attributes

text, expression, password, variable

comma-separated list of attributes to check/return (default: none)

sortKey

text, expression, password, variable

comma-separated list of attributes to use as sort keys, with optional +/- to indicate sort direction. (default: unsorted)

returnVariable

expression, variable

name of the variable to be assigned to the return value

sessionAD = openADConnection("10.100.30.35", "636", true,
"administrator@test.local",<Password>)
# Record Iterator
i = 0
recordChanges = openADRecordIterator(sessionAD,
"ou=students,ou=people,dc=test,dc=local", "sub",
"(employeeType=Student)", undefined, undefined, "cn", undefined)
recordIterator: forEach(recordChange, recordChanges) {
log(recordChange)
i = i +1
if(i >= 30) {
break(recordIterator)
} else {
}
}
}
# Close
close(sessionLDAP)

removeADGroupMember

Removes a member from a Group on the Active Directory server.

Property

Value

Description

adConnection*

expression, variable

the AD connection

groupDn*

text, expression, variable

theDN of the Group

memberDn*

text, expression, variable

the DN of the member

returnVariable

expression, variable

name of the variable to be assigned to the return value

session = openADConnection(...)
groupDn = "CN=TestGroup,OU=Groups,DC=test,DC=local"
newDn = "CN=Test User,OU=People,DC=test,DC=local"
result = removeADGroupMember(session, groupDn, newDn)
if(result) {
log("User removed from Group " + groupDn)
} else {
log("User not removed from Group " + groupDn)
}
close(session)

removeADGroupMembers

Removes multiple members from a Group on the Active Directory server.

Property

Value

Description

adConnection*

expression, variable

the AD connection

groupDn*

text, expression, variable

theDN of the Group

memberDns*

expression, variable

array of DNs of the members

returnVariable

expression, variable

name of the variable to be assigned to the return value

session = openADConnection(...)
groupDn = "CN=TestGroup,OU=Groups,DC=test,DC=local"
newMembers = createArray()
appendArrayItem(newMembers,
"CN=Test User 1,OU=People,DC=test,DC=local")
appendArrayItem(newMembers,
"CN=Test User 2,OU=People,DC=test,DC=local")
appendArrayItem(newMembers,
"CN=Test User 3,OU=People,DC=test,DC=local")
result = removeADGroupMembers(session, groupDn, newMembers)
if(result) {

log("Users removed from Group " + groupDn)
} else {
log("Users not removed from Group " + groupDn)
}
close(session)

renameADRecord

Rename and/or move an object on the Active Directory server.

Property

Value

Description

adConnection*

expression, variable

the AD connection

oldDn*

text, expression, variable

the original DN of the object

newDn*

text, expression, variable

the new DN of the object

keepOldRdn*

boolean, expression, variable

preserve that attribute values used by the old dn (default: false.)

returnVariable

expression, variable

name of the variable to be assigned to the return value

session = openADConnection(...)
oldDn = "CN=Test User,OU=People,DC=test,DC=local"
newDn = "CN=Test User,OU=Staff,OU=Internal,OU=People,DC=test,DC=local"
result = renameADRecord(session, oldDn, newDn)
if(result) {
log("User moved or renamed to " + newDn)
} else {
log("User not moved or renamed " + oldDn)
}
close(session)

saveADRecord

Save a Record to the Active Directory server.  Please do not use this action for specific records that have AddAD functions such as AddADUser, while it may allow the save it will not properly save the record with all necessary attributes.

Property

Value

Description

adConnection*

expression, variable

the AD connection

record*

expression, variable

the Record to save - must contain the dn in the @dn field

returnVariable

expression, variable

name of the variable to be assigned to the return value

session = openADConnection(...)
record = createRecord()
setRecordFieldValue(record, "telephoneNumber", "555-555-1234")
addRecordFieldValue(record, "telephoneNumber", "555-555-9876")
dn = "CN=Test User,OU=People,DC=test,DC=local"
setRecordFieldValue(record, "@dn", dn)
result = saveADRecord(session, record)
if(result) {
log("Record saved - " + record)
} else {
log("Record not saved - " + record)
}
close(session)

saveADRecords

Save an array of Records to the Active Directory server.

Property

Value

Description

adConnection*

expression, variable

the AD connection

records*

expression, variable

the array of Records to save - must contain the dn in the @dn field

returnVariable

expression, variable

name of the variable to be assigned to the return value

session = openADConnection(...)
records = createArray()
record = createRecord()
setRecordFieldValue(record, "telephoneNumber", "555-555-1234")
addRecordFieldValue(record, "telephoneNumber", "555-555-9876")
setRecordFieldValue(record, "@dn",
"CN=Test User 1,OU=People,DC=test,DC=local")
appendArrayItem(records, record)
record = createRecord()
setRecordFieldValue(record, "telephoneNumber", "555-555-4321")
addRecordFieldValue(record, "telephoneNumber", "555-555-6789")
setRecordFieldValue(record, "@dn",
"CN=Test User 2,OU=People,DC=test,DC=local")
appendArrayItem(records, record)
record = createRecord()
setRecordFieldValue(record, "telephoneNumber", "555-555-2468")
addRecordFieldValue(record, "telephoneNumber", "555-555-1357")
setRecordFieldValue(record, "@dn",
"CN=Test User 3,OU=People,DC=test,DC=local")
appendArrayItem(records, record)
results = saveADRecords(session, records)
i = 0
forEach(dn, dns) {
result = results && result[i]
if(result) {
log("Record saved - " + record)
} else {
log("Record not saved - " + record)
}
i = i + 1
}
close(session)

setADAccountDisabled

Set/clear AD 'Account is Disabled' flag.

Property

Value

Description

connection*

expression, variable

the AD connection

accountDn*

text, expression, variable

the DN of the account

state*

boolean, expression, variable

true to disable the account, false otherwise

returnVariable

expression, variable

name of the variable to be assigned to the return value

session = openADConnection(...)
setRecordFieldValue(record, "@dn",
"CN=test user,OU=People,DC=test,DC=local")
result = setADAccountDisabled (Session, record['@dn'], false)
if(result) {
log("setADAccountDisabled worked", "green")
} else {
log("setADAccountDisabled failed", "red")
}
close(session)

setADAccountsDisabled

Set/clear AD 'Account is Disabled' flag on multiple accounts.

Property

Value

Description

adConnection*

expression, variable

the AD connection

accountDns*

expression, variable

array of DNs of the accounts

state*

boolean, expression, variable

true to disable the account, false otherwise

returnVariable

expression, variable

name of the variable to be assigned to the return value

session = openADConnection(...)
dns = createArray()
appendArrayItem(dns, "CN=Test User 1,OU=People,DC=test,DC=local")
appendArrayItem(dns, "CN=Test User 2,OU=People,DC=test,DC=local")
results = setADAccountsDisabled(session, dns, true)
i = 0
forEach(dn, dns) {
result = results && results[i]
if(result) {
log("Account set to disabled - " + dn)
} else {
log("Account not set to disabled " + dn)
}
i = i + 1
}
close(session)

setADDontExpirePassword

Set/clear AD 'Password does not expire' flag.

Property

Value

Description

adConnection*

expression, variable

the AD connection

accountDn*

text, expression, variable

the DN of the account

state*

boolean, expression, variable

true to disable the account, false otherwise

returnVariable

expression, variable

name of the variable to be assigned to the return value

session = openADConnection(...)
dn = "CN=Test User,OU=People,DC=test,DC=local"
result = setADDontExpirePassword(session, dn, true)
if(result) {
log("Password does not expire")
} else {
log("Unable to set DontExpirePassword")
}
close(session)

setADDontExpirePasswords

Set/clear AD 'Password does not expire' flag on multiple accounts.

Property

Value

Description

adConnection*

expression, variable

the AD connection

accountDns*

expression, variable

array of DNs of the accounts

state*

boolean, expression, variable

true to disable the account, false otherwise

returnVariable

expression, variable

name of the variable to be assigned to the return value

session = openADConnection(...)
dns = createArray()
appendArrayItem(dns, "CN=Test User 1,OU=People,DC=test,DC=local")
appendArrayItem(dns, "CN=Test User 2,OU=People,DC=test,DC=local")
results = setADDontExpirePasswords(session, dns, true)
i = 0
forEach(dn, dns) {
result = results && results[i]
if(result) {
log("Account set to not expire passwords - " + dn)
} else {
log("Account not set to not expire passwords " + dn)
}
i = i + 1
}
close(session)

setADPassword

Sets password on a Record on the Active Directory server.

Property

Value

Description

adConnection*

expression, variable

the AD connection

dn*

text, expression, variable

the DN of the Record

password*

password, string, expression, variable

the password

oldPassword

password, string, expression, variable

the old password (default: none)

returnVariable

expression, variable

name of the variable to be assigned to the return value

session = openADConnection(...)
password = "password1"
dn = "CN=Test User,OU=People,DC=test,DC=local"
result = setADPassword(session, dn, password)
if(result) {
log("Password has been set")
} else {
log("Password was not set")
}
close(session)

setADPasswords

Sets passwords on Records on the Active Directory server.

Property

Value

Description

adConnection*

expression, variable

the AD connection

dns*

text, expression, variable

array of DNs of Records

passwords*

expression, variable

array of passwords

oldPasswords

expression, variable

array of old passwords (default: none)

returnVariable

expression, variable

name of the variable to be assigned to the return value

session = openADConnection(...)
dns = createArray()
passwords = createArray()
appendArrayItem(dns, "CN=Test User 1,OU=People,DC=test,DC=local")
appendArrayItem(passwords, "password1")
appendArrayItem(dns, "CN=Test User 2,OU=People,DC=test,DC=local")
appendArrayItem(passwords, "password2")
results = setADPasswords(session, dns, passwords)
i = 0
forEach(dn, dns) {
result = results && results[i]
if(result) {
log("Password has been set for " + dn)
} else {
log("Password was not set for " + dn)
}
i = i + 1
}
close(session)

setADUserCannotChangePassword

Set/clear AD 'User Cannot Change Password' flag.

Property

Value

Description

adConnection*

expression, variable

the AD connection

userDn*

text, expression, variable

the DN of the User

state*

boolean, expression, variable

true to disallow user from changing password, false otherwise

returnVariable

expression, variable

name of the variable to be assigned to the return value

session = openADConnection(...)
dn = "CN=Test User,OU=People,DC=test,DC=local"
result = setADUserCannotChangePassword(session, dn, true)
if(result) {
log("User cannot change password")
} else {
log("Unable to set UserCannotChangePassword")
}
close(session)

setADUsersCannotChangePassword

Set/clear AD 'User Cannot Change Password' flag on multiple Users.

Property

Value

Description

adConnection*

expression, variable

the AD connection

userDns*

expression, variable

array of DNs of the Users

state*

boolean, expression, variable

true to disallow user from changing password, false otherwise

returnVariable

expression, variable

name of the variable to be assigned to the return value

session = openADConnection(...)
dns = createArray()
appendArrayItem(dns, "CN=Test User 1,OU=People,DC=test,DC=local")
appendArrayItem(dns, "CN=Test User 2,OU=People,DC=test,DC=local")
results = setADUsersCannotChangePassword(session, dns, true)
i = 0
forEach(dn, dns) {
result = results && results[i]
if(result) {
log("Account set to not allow password change - " + dn)
} else {
log("Account not set to not allow password change - " + dn)
}
i = i + 1
}
close(session)

Was this article helpful?

ESC

Eddy AI, facilitating knowledge discovery through conversational intelligence