Difference between revisions of "Active Directory User Management"
Jump to navigation
Jump to search
(Created page with "{{bluebanner|Home > Administration > IT Operations Management > ITOM Packages > Active Directory User Manageme...") |
|||
| (26 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
| − | {{bluebanner|[[Main_Page|Home]] > [[Administration]] > [[IT_Operations_Management|IT Operations Management]] > [[ | + | {{bluebanner|[[Main_Page|Home]] > [[Administration]] > [[IT_Operations_Management|IT Operations Management]] > [[ITOM_Package_Library|ITOM Package Library]] > Active Directory User Management|[[:Category:ITOM|Index]]}} |
[[File:activedirectory_logo.png|activedirectory_logo.png|300px]] | [[File:activedirectory_logo.png|activedirectory_logo.png|300px]] | ||
| − | {{IntroAndLinks|The Active Directory User Management package for Hornbill's IT Operations Management (ITOM) contains a number of administrative operations that can be carried out on User objects within your behind-the-firewall Active Directory domains | + | {{IntroAndLinks|The Active Directory User Management package for Hornbill's IT Operations Management (ITOM) contains a number of administrative operations that can be carried out on User objects within your behind-the-firewall Active Directory domains: |
| + | |||
| | | | ||
<!-- Related Links go here --> | <!-- Related Links go here --> | ||
| Line 9: | Line 10: | ||
}} | }} | ||
| − | == | + | :{| |
| + | |- valign="top" | ||
| + | |style="width:300px"| | ||
| + | :* Create User | ||
| + | :* Disable User | ||
| + | :* Enable User | ||
| + | :* Delete User | ||
| + | :* Move OU | ||
| + | |style="width:300px"| | ||
| + | :* Reset Password | ||
| + | :* Unlock User | ||
| + | :* Update User | ||
| + | :* Get User | ||
| + | |} | ||
| + | |||
| + | ==Target Environment Requirements== | ||
===Domain Requirements=== | ===Domain Requirements=== | ||
| Line 21: | Line 37: | ||
==KeySafe Configuration== | ==KeySafe Configuration== | ||
| − | [[File:ad_keysafe.png|300px|right]] | + | [[File:ad_keysafe.png|300px|right|link=https://wiki.hornbill.com/images/b/bd/Ad_keysafe.png]] |
When creating SIS jobs for operations contained within this package, they need to be run on the target machine as a user who has the correct privileges within your environment. | When creating SIS jobs for operations contained within this package, they need to be run on the target machine as a user who has the correct privileges within your environment. | ||
| Line 29: | Line 45: | ||
* Navigate to: System > Security > KeySafe; | * Navigate to: System > Security > KeySafe; | ||
* Click on + then select <code>Username + Password</code>; | * Click on + then select <code>Username + Password</code>; | ||
| − | * Give the KeySafe Key a Title (this is the name/identifier for the AD account as you will see it when creating an IT Automation Job, or adding an IT Automation node to a Business Process or Runbook) | + | * Give the KeySafe Key a Title (this is the name/identifier for the AD account as you will see it when creating an IT Automation Job, or adding an IT Automation node to a Business Process or Runbook); |
| − | * Optionally add a description | + | * Optionally add a description; |
| − | * Populate the Username field with the domain username for the account being used (<code>DOMAINNAME\yourusername</code> for example) | + | * Populate the Username field with the domain username for the account being used (<code>DOMAINNAME\yourusername</code> for example); |
| − | * Populate the Password field with the password for the above account | + | * Populate the Password field with the password for the above account; |
| − | * Select Create Key to save | + | * Select Create Key to save. |
| + | |||
| + | Once you have created your KeySafe Key, you can then use it when creating IT Automation Jobs from this package. See screenshots to the right for examples. | ||
==Package Operations== | ==Package Operations== | ||
| − | + | [[File:ad_users_runbook.png|300px|right|link=https://wiki.hornbill.com/images/6/69/Ad_users_runbook.png]] | |
The Active Directory User Management package contains the following operations, than can be used to create ITOM Jobs directly, or included in your [[Business_Process_Designer|Business Processes]] and/or IT Operations Management Rubooks. | The Active Directory User Management package contains the following operations, than can be used to create ITOM Jobs directly, or included in your [[Business_Process_Designer|Business Processes]] and/or IT Operations Management Rubooks. | ||
| − | + | <div class="mw-collapsible mw-collapsed" data-collapsetext="Show Less" data-expandtext="Read More" style="width:1050px"> | |
===Create=== | ===Create=== | ||
| + | <div class="mw-collapsible-content"> | ||
This operation will create a new User in Active Directory. | This operation will create a new User in Active Directory. | ||
| + | |||
| + | ====Extra Credentials==== | ||
| + | |||
| + | None required. | ||
====Input Parameters==== | ====Input Parameters==== | ||
| Line 53: | Line 76: | ||
* <code>DisplayName</code> '''(MANDATORY)''' - The Display Name for the new User. | * <code>DisplayName</code> '''(MANDATORY)''' - The Display Name for the new User. | ||
* <code>Initials</code> - The Initials of the new User. | * <code>Initials</code> - The Initials of the new User. | ||
| + | * <code>Server</code> - The AD DS instance to connect to. | ||
* <code>AccountEnabled</code> - Should the account be enabled. Defaults to false. | * <code>AccountEnabled</code> - Should the account be enabled. Defaults to false. | ||
| − | * <code>PasswordNeverExpires</code> - Should the password be set to never expire. Defaults to false. | + | * <code>PasswordNeverExpires</code> - Should the password be set to never expire. Defaults to false. |
| + | * <code>Initials</code> - Specifies the initials that represent part of a user's name. | ||
* <code>City</code> - The users City. | * <code>City</code> - The users City. | ||
* <code>Company</code> - The users Company. | * <code>Company</code> - The users Company. | ||
| Line 83: | Line 108: | ||
* <code>objectGUID</code> - the Object GUID of the new User. | * <code>objectGUID</code> - the Object GUID of the new User. | ||
* <code>sid</code> - the SID of the new User. | * <code>sid</code> - the SID of the new User. | ||
| − | + | </div></div> | |
| + | <div class="mw-collapsible mw-collapsed" data-collapsetext="Show Less" data-expandtext="Read More" style="width:1050px"> | ||
===Disable=== | ===Disable=== | ||
| + | <div class="mw-collapsible-content"> | ||
This operation will disable an Active Directory User account. | This operation will disable an Active Directory User account. | ||
| + | |||
| + | ====Extra Credentials==== | ||
| + | |||
| + | None required. | ||
====Input Parameters==== | ====Input Parameters==== | ||
| Line 92: | Line 123: | ||
* <code>UserIdentity</code> '''(MANDATORY)''' - Provide the Identity of the User (distinguished, objectGUID, objectSid or sAMAccountName) | * <code>UserIdentity</code> '''(MANDATORY)''' - Provide the Identity of the User (distinguished, objectGUID, objectSid or sAMAccountName) | ||
| − | Output Parameters | + | ====Output Parameters==== |
* <code>Errors</code> - Any errors returned by the operation. | * <code>Errors</code> - Any errors returned by the operation. | ||
* <code>Outcome</code> - Outcome of the operation. Can be OK or FAIL. | * <code>Outcome</code> - Outcome of the operation. Can be OK or FAIL. | ||
| − | + | </div></div> | |
| + | <div class="mw-collapsible mw-collapsed" data-collapsetext="Show Less" data-expandtext="Read More" style="width:1050px"> | ||
===Enable=== | ===Enable=== | ||
| + | <div class="mw-collapsible-content"> | ||
This operation will enable a disabled Active Directory User account. | This operation will enable a disabled Active Directory User account. | ||
| + | |||
| + | ====Extra Credentials==== | ||
| + | |||
| + | None required. | ||
====Input Parameters==== | ====Input Parameters==== | ||
| Line 109: | Line 146: | ||
* <code>Errors</code> - Any errors returned by the operation. | * <code>Errors</code> - Any errors returned by the operation. | ||
* <code>Outcome</code> - Outcome of the operation. Can be OK or FAIL. | * <code>Outcome</code> - Outcome of the operation. Can be OK or FAIL. | ||
| − | + | </div></div> | |
| + | <div class="mw-collapsible mw-collapsed" data-collapsetext="Show Less" data-expandtext="Read More" style="width:1050px"> | ||
===Move OU=== | ===Move OU=== | ||
| + | <div class="mw-collapsible-content"> | ||
This operation will move an Active Directory User account into a different OU. | This operation will move an Active Directory User account into a different OU. | ||
| + | |||
| + | ====Extra Credentials==== | ||
| + | |||
| + | None required. | ||
====Input Parameters==== | ====Input Parameters==== | ||
| Line 123: | Line 166: | ||
* <code>Errors</code> - Any errors returned by the operation. | * <code>Errors</code> - Any errors returned by the operation. | ||
* <code>Outcome</code> - Outcome of the operation. Can be OK or FAIL. | * <code>Outcome</code> - Outcome of the operation. Can be OK or FAIL. | ||
| − | + | </div></div> | |
| + | <div class="mw-collapsible mw-collapsed" data-collapsetext="Show Less" data-expandtext="Read More" style="width:1050px"> | ||
===Delete=== | ===Delete=== | ||
| + | <div class="mw-collapsible-content"> | ||
This operation will delete an Active Directory User account. | This operation will delete an Active Directory User account. | ||
| + | |||
| + | ====Extra Credentials==== | ||
| + | |||
| + | None required. | ||
====Input Parameters==== | ====Input Parameters==== | ||
| Line 136: | Line 185: | ||
* <code>Errors</code> - Any errors returned by the operation. | * <code>Errors</code> - Any errors returned by the operation. | ||
* <code>Outcome</code> - Outcome of the operation. Can be OK or FAIL. | * <code>Outcome</code> - Outcome of the operation. Can be OK or FAIL. | ||
| − | + | </div></div> | |
| + | <div class="mw-collapsible mw-collapsed" data-collapsetext="Show Less" data-expandtext="Read More" style="width:1050px"> | ||
===Reset Password=== | ===Reset Password=== | ||
| + | <div class="mw-collapsible-content"> | ||
This operation will reset the password of an Active Directory User account. | This operation will reset the password of an Active Directory User account. | ||
| + | |||
| + | ====Extra Credentials==== | ||
| + | |||
| + | None required. | ||
====Input Parameters==== | ====Input Parameters==== | ||
| Line 150: | Line 205: | ||
* <code>Errors</code> - Any errors returned by the operation. | * <code>Errors</code> - Any errors returned by the operation. | ||
* <code>Outcome</code> - Outcome of the operation. Can be OK or FAIL. | * <code>Outcome</code> - Outcome of the operation. Can be OK or FAIL. | ||
| − | + | </div></div> | |
| + | <div class="mw-collapsible mw-collapsed" data-collapsetext="Show Less" data-expandtext="Read More" style="width:1050px"> | ||
===Unlock=== | ===Unlock=== | ||
| + | <div class="mw-collapsible-content"> | ||
This operation will unlock an Active Directory User account. | This operation will unlock an Active Directory User account. | ||
| + | |||
| + | ====Extra Credentials==== | ||
| + | |||
| + | None required. | ||
====Input Parameters==== | ====Input Parameters==== | ||
| Line 163: | Line 224: | ||
* <code>Errors</code> - Any errors returned by the operation. | * <code>Errors</code> - Any errors returned by the operation. | ||
* <code>Outcome</code> - Outcome of the operation. Can be OK or FAIL. | * <code>Outcome</code> - Outcome of the operation. Can be OK or FAIL. | ||
| − | + | </div></div> | |
| + | <div class="mw-collapsible mw-collapsed" data-collapsetext="Show Less" data-expandtext="Read More" style="width:1050px"> | ||
===Update=== | ===Update=== | ||
| + | <div class="mw-collapsible-content"> | ||
This operation will update a user details in Active Directory. | This operation will update a user details in Active Directory. | ||
| + | |||
| + | ====Extra Credentials==== | ||
| + | |||
| + | None required. | ||
====Input Parameters==== | ====Input Parameters==== | ||
| Line 176: | Line 243: | ||
* <code>DisplayName</code> '''(MANDATORY)''' - The Display Name of the User. | * <code>DisplayName</code> '''(MANDATORY)''' - The Display Name of the User. | ||
* <code>City</code> - The users City. | * <code>City</code> - The users City. | ||
| − | * <code>Company<code> - The users Company. | + | * <code>Company</code> - The users Company. |
* <code>CountryCode</code> - The users Country Code. | * <code>CountryCode</code> - The users Country Code. | ||
* <code>Department</code> - The users Department. | * <code>Department</code> - The users Department. | ||
| Line 197: | Line 264: | ||
* <code>Errors</code> - Any errors returned by the operation. | * <code>Errors</code> - Any errors returned by the operation. | ||
* <code>Outcome</code> - Outcome of the operation. Can be OK or FAIL. | * <code>Outcome</code> - Outcome of the operation. Can be OK or FAIL. | ||
| + | |||
| + | </div></div> | ||
| + | |||
| + | <div class="mw-collapsible mw-collapsed" data-collapsetext="Show Less" data-expandtext="Read More" style="width:1050px"> | ||
| + | ===Get=== | ||
| + | <div class="mw-collapsible-content"> | ||
| + | This operation will retrieve information about a user from Active Directory. | ||
| + | |||
| + | ====Extra Credentials==== | ||
| + | |||
| + | None required. | ||
| + | |||
| + | ====Input Parameters==== | ||
| + | |||
| + | * <code>UserIdentity</code> '''(MANDATORY)''' - Provide the Identity of the User (distinguished, objectGUID, objectSid or sAMAccountName) | ||
| + | |||
| + | ====Output Parameters==== | ||
| + | |||
| + | * <code>Errors</code> - Any errors returned by the operation. | ||
| + | * <code>Outcome</code> - Outcome of the operation. Can be OK or FAIL. | ||
| + | * <code>AccountExpirationDate</code> | ||
| + | * <code>BadLogonCount</code> | ||
| + | * <code>badPwdCount</code> | ||
| + | * <code>CannotChangePassword</code> | ||
| + | * <code>CanonicalName</code> | ||
| + | * <code>City</code> | ||
| + | * <code>CN</code> | ||
| + | * <code>Company</code> | ||
| + | * <code>Country</code> | ||
| + | * <code>countryCode</code> | ||
| + | * <code>Department</code> | ||
| + | * <code>Description</code> | ||
| + | * <code>DisplayName</code> | ||
| + | * <code>DistinguishedName</code> | ||
| + | * <code>Division</code> | ||
| + | * <code>EmailAddress</code> | ||
| + | * <code>EmployeeID</code> | ||
| + | * <code>EmployeeNumber</code> | ||
| + | * <code>Enabled</code> | ||
| + | * <code>GivenName</code> | ||
| + | * <code>HomeDirectory</code> | ||
| + | * <code>HomeDrive</code> | ||
| + | * <code>HomePage</code> | ||
| + | * <code>HomePhone</code> | ||
| + | * <code>Initials</code> | ||
| + | * <code>isDeleted</code> | ||
| + | * <code>LastLogonDate</code> | ||
| + | * <code>LockedOut</code> | ||
| + | * <code>Manager</code> | ||
| + | * <code>MemberOf</code> | ||
| + | * <code>MobilePhone</code> | ||
| + | * <code>Modified</code> | ||
| + | * <code>modifyTimeStamp</code> | ||
| + | * <code>Name</code> | ||
| + | * <code>ObjectGUID</code> | ||
| + | * <code>objectSid</code> | ||
| + | * <code>Office</code> | ||
| + | * <code>OfficePhone</code> | ||
| + | * <code>Organization</code> | ||
| + | * <code>OtherName</code> | ||
| + | * <code>PasswordExpired</code> | ||
| + | * <code>PasswordLastSet</code> | ||
| + | * <code>PasswordNeverExpires</code> | ||
| + | * <code>PasswordNotRequired</code> | ||
| + | * <code>POBox</code> | ||
| + | * <code>PostalCode</code> | ||
| + | * <code>PrimaryGroup</code> | ||
| + | * <code>ProfilePath</code> | ||
| + | * <code>ProtectedFromAccidentalDeletion</code> | ||
| + | * <code>SamAccountName</code> | ||
| + | * <code>sn</code> | ||
| + | * <code>State</code> | ||
| + | * <code>StreetAddress</code> | ||
| + | * <code>Title</code> | ||
| + | * <code>userAccountControl</code> | ||
| + | * <code>UserPrincipalName</code> | ||
| + | * <code>whenChanged</code> | ||
| + | * <code>whenCreated</code> | ||
| + | |||
| + | </div></div> | ||
[[Category:ITOM]] | [[Category:ITOM]] | ||
Revision as of 11:47, 16 March 2021
| Home > Administration > IT Operations Management > ITOM Package Library > Active Directory User Management | Index |
IntroductionThe Active Directory User Management package for Hornbill's IT Operations Management (ITOM) contains a number of administrative operations that can be carried out on User objects within your behind-the-firewall Active Directory domains:
|
|
- Create User
- Disable User
- Enable User
- Delete User
- Move OU
- Reset Password
- Unlock User
- Update User
- Get User
Target Environment Requirements
Domain Requirements
The Active Directory domain that you wish to manage requires an Active Directory Web Services to be present. See the ADWS Documentation for more information.
Script Execution Machine Requirements
- The Active Directory PowerShell module needs to installed on the machine that will be executing the scripts (the correct Remote Server Administration Tools (RSAT) package for your OS);
- If the script execution policy on the machine executing these operations is set to Restricted, then this will need to be updated to something less restrictive. See the PowerShell Documentation for more information.
KeySafe Configuration
When creating SIS jobs for operations contained within this package, they need to be run on the target machine as a user who has the correct privileges within your environment.
To create and securely store one or more Keys for these operations, in the admin console:
- Navigate to: System > Security > KeySafe;
- Click on + then select
Username + Password; - Give the KeySafe Key a Title (this is the name/identifier for the AD account as you will see it when creating an IT Automation Job, or adding an IT Automation node to a Business Process or Runbook);
- Optionally add a description;
- Populate the Username field with the domain username for the account being used (
DOMAINNAME\yourusernamefor example); - Populate the Password field with the password for the above account;
- Select Create Key to save.
Once you have created your KeySafe Key, you can then use it when creating IT Automation Jobs from this package. See screenshots to the right for examples.
Package Operations
The Active Directory User Management package contains the following operations, than can be used to create ITOM Jobs directly, or included in your Business Processes and/or IT Operations Management Rubooks.
Create
This operation will create a new User in Active Directory.
Extra Credentials
None required.
Input Parameters
GivenName(MANDATORY)- The Given Name of the new User.Surname(MANDATORY) - The Surname of the new User.Name(MANDATORY) - The Name of the new User. Must be unique within your Active Directory.SamAccountName(MANDATORY) - The sAMAccountName of the new User. Must be unique within your Active Directory.Path(MANDATORY) - The distinguished name of the OU/Container where you wish to create the User.AccountPassword(MANDATORY) - The Password for the new User.DisplayName(MANDATORY) - The Display Name for the new User.Initials- The Initials of the new User.Server- The AD DS instance to connect to.AccountEnabled- Should the account be enabled. Defaults to false.PasswordNeverExpires- Should the password be set to never expire. Defaults to false.Initials- Specifies the initials that represent part of a user's name.City- The users City.Company- The users Company.CountryCode- The users Country Code.Department- The users Department.Description- The users Description.EmailAddress- The users Email Address.EmployeeID- The users Employee ID.HomeDirectory- The users Home Directory.HomeDrive- The users Home Drive.Manager- The users Managers Identity (distinguished, objectGUID, objectSid or sAMAccountName).MiddleName- The users Middle Name.OfficeName- The users Office Name.Phone- The users Phone Number.PostalCode- The users Postal Code.ProfilePath- The users Profile Path.ProxyAddresses- The Proxy Addresses to set against the user. Seperated by semi-colon characters.ScriptPath- The users logon script path.State- The users State.StreetAddress- The users Street Address.Title- The users Title
Output Parameters
Errors- Any errors returned by the operation.Outcome- Outcome of the operation. Can be OK, WARN or FAIL.distingiuishedName- The Distinguished Name of the new User.objectGUID- the Object GUID of the new User.sid- the SID of the new User.
Disable
This operation will disable an Active Directory User account.
Extra Credentials
None required.
Input Parameters
UserIdentity(MANDATORY) - Provide the Identity of the User (distinguished, objectGUID, objectSid or sAMAccountName)
Output Parameters
Errors- Any errors returned by the operation.Outcome- Outcome of the operation. Can be OK or FAIL.
Enable
This operation will enable a disabled Active Directory User account.
Extra Credentials
None required.
Input Parameters
UserIdentity(MANDATORY) - Provide the Identity of the User (distinguished, objectGUID, objectSid or sAMAccountName)
Output Parameters
Errors- Any errors returned by the operation.Outcome- Outcome of the operation. Can be OK or FAIL.
Move OU
This operation will move an Active Directory User account into a different OU.
Extra Credentials
None required.
Input Parameters
UserIdentity(MANDATORY) - Provide the Identity of the User (distinguished, objectGUID, objectSid or sAMAccountName)Path(MANDATORY) - The distinguished name of the OU where the user should be moved to.
Output Parameters
Errors- Any errors returned by the operation.Outcome- Outcome of the operation. Can be OK or FAIL.
Delete
This operation will delete an Active Directory User account.
Extra Credentials
None required.
Input Parameters
UserIdentity(MANDATORY) - Provide the Identity of the User (distinguished, objectGUID, objectSid or sAMAccountName)
Output Parameters
Errors- Any errors returned by the operation.Outcome- Outcome of the operation. Can be OK or FAIL.
Reset Password
This operation will reset the password of an Active Directory User account.
Extra Credentials
None required.
Input Parameters
UserIdentity(MANDATORY) - Provide the Identity of the User (distinguished, objectGUID, objectSid or sAMAccountName)Password(MANDATORY) - The new password.
Output Parameters
Errors- Any errors returned by the operation.Outcome- Outcome of the operation. Can be OK or FAIL.
Unlock
This operation will unlock an Active Directory User account.
Extra Credentials
None required.
Input Parameters
UserIdentity(MANDATORY) - Provide the Identity of the User (distinguished, objectGUID, objectSid or sAMAccountName)
Output Parameters
Errors- Any errors returned by the operation.Outcome- Outcome of the operation. Can be OK or FAIL.
Update
This operation will update a user details in Active Directory.
Extra Credentials
None required.
Input Parameters
UserIdentity(MANDATORY) - Provide the Identity of the User (distinguished, objectGUID, objectSid or sAMAccountName)GivenName- The Given Name of the User.Initials- The Initials of the User.Surname(MANDATORY) - The Surname of the User.DisplayName(MANDATORY) - The Display Name of the User.City- The users City.Company- The users Company.CountryCode- The users Country Code.Department- The users Department.Description- The users Description.EmailAddress- The users Email Address.EmployeeID- The users Employee ID.Manager- The users Managers Identity (distinguished, objectGUID, objectSid or sAMAccountName).MiddleName- The users Middle Name.OfficeName- The users Office Name.Phone- The users Phone Number.PostalCode- The users Postal Code.ProfilePath- The users Profile Path.ScriptPath- The users logon script path.State- The users State.StreetAddress- The users Street Address.Title- The users Title
Output Parameters
Errors- Any errors returned by the operation.Outcome- Outcome of the operation. Can be OK or FAIL.
Get
This operation will retrieve information about a user from Active Directory.
Extra Credentials
None required.
Input Parameters
UserIdentity(MANDATORY) - Provide the Identity of the User (distinguished, objectGUID, objectSid or sAMAccountName)
Output Parameters
Errors- Any errors returned by the operation.Outcome- Outcome of the operation. Can be OK or FAIL.AccountExpirationDateBadLogonCountbadPwdCountCannotChangePasswordCanonicalNameCityCNCompanyCountrycountryCodeDepartmentDescriptionDisplayNameDistinguishedNameDivisionEmailAddressEmployeeIDEmployeeNumberEnabledGivenNameHomeDirectoryHomeDriveHomePageHomePhoneInitialsisDeletedLastLogonDateLockedOutManagerMemberOfMobilePhoneModifiedmodifyTimeStampNameObjectGUIDobjectSidOfficeOfficePhoneOrganizationOtherNamePasswordExpiredPasswordLastSetPasswordNeverExpiresPasswordNotRequiredPOBoxPostalCodePrimaryGroupProfilePathProtectedFromAccidentalDeletionSamAccountNamesnStateStreetAddressTitleuserAccountControlUserPrincipalNamewhenChangedwhenCreated