Active Directory User Management

From Hornbill
Revision as of 14:00, 16 March 2020 by SteveGoldthorpe (talk | contribs)
Jump to navigation Jump to search
Home > Administration > IT Operations Management > ITOM Package Library > Active Directory User Management Index

activedirectory_logo.png

Introduction

The Active Directory User Management package for Hornbill's IT Operations Management (ITOM) contains a number of administrative operations that can be carried out on User objects within your behind-the-firewall Active Directory domains.

Related Articles

Package Requirements

Domain Requirements

The Active Directory domain that you wish to manage requires an Active Directory Web Services to be present. See the ADWS Documentation for more information.

Script Execution Machine Requirements

  • The Active Directory PowerShell module needs to installed on the machine that will be executing the scripts (the correct Remote Server Administration Tools (RSAT) package for your OS);
  • If the script execution policy on the machine executing these operations is set to Restricted, then this will need to be updated to something less restrictive. See the PowerShell Documentation for more information.

KeySafe Configuration

Ad keysafe.png

When creating SIS jobs for operations contained within this package, they need to be run on the target machine as a user who has the correct privileges within your environment.

To create and securely store one or more Keys for these operations, in the admin console:

  • Navigate to: System > Security > KeySafe;
  • Click on + then select Username + Password;
  • Give the KeySafe Key a Title (this is the name/identifier for the AD account as you will see it when creating an IT Automation Job, or adding an IT Automation node to a Business Process or Runbook);
  • Optionally add a description;
  • Populate the Username field with the domain username for the account being used (DOMAINNAME\yourusername for example);
  • Populate the Password field with the password for the above account;
  • Select Create Key to save.

Once you have created your KeySafe Key, you can then use it when creating IT Automation Jobs from this package. See screenshots to the right for more details.

Package Operations

The Active Directory User Management package contains the following operations, than can be used to create ITOM Jobs directly, or included in your Business Processes and/or IT Operations Management Rubooks.

Create

This operation will create a new User in Active Directory.

Input Parameters

  • GivenName (MANDATORY)- The Given Name of the new User.
  • Surname (MANDATORY) - The Surname of the new User.
  • Name (MANDATORY) - The Name of the new User. Must be unique within your Active Directory.
  • SamAccountName (MANDATORY) - The sAMAccountName of the new User. Must be unique within your Active Directory.
  • Path (MANDATORY) - The distinguished name of the OU/Container where you wish to create the User.
  • AccountPassword (MANDATORY) - The Password for the new User.
  • DisplayName (MANDATORY) - The Display Name for the new User.
  • Initials - The Initials of the new User.
  • AccountEnabled - Should the account be enabled. Defaults to false.
  • PasswordNeverExpires - Should the password be set to never expire. Defaults to false.
  • City - The users City.
  • Company - The users Company.
  • CountryCode - The users Country Code.
  • Department - The users Department.
  • Description - The users Description.
  • EmailAddress - The users Email Address.
  • EmployeeID - The users Employee ID.
  • HomeDirectory - The users Home Directory.
  • HomeDrive - The users Home Drive.
  • Manager - The users Managers Identity (distinguished, objectGUID, objectSid or sAMAccountName).
  • MiddleName - The users Middle Name.
  • OfficeName - The users Office Name.
  • Phone - The users Phone Number.
  • PostalCode - The users Postal Code.
  • ProfilePath - The users Profile Path.
  • ProxyAddresses - The Proxy Addresses to set against the user. Seperated by semi-colon characters.
  • ScriptPath - The users logon script path.
  • State - The users State.
  • StreetAddress - The users Street Address.
  • Title - The users Title

Output Parameters

  • Errors - Any errors returned by the operation.
  • Outcome - Outcome of the operation. Can be OK, WARN or FAIL.
  • distingiuishedName - The Distinguished Name of the new User.
  • objectGUID - the Object GUID of the new User.
  • sid - the SID of the new User.

Disable

This operation will disable an Active Directory User account.

Input Parameters

  • UserIdentity (MANDATORY) - Provide the Identity of the User (distinguished, objectGUID, objectSid or sAMAccountName)

Output Parameters

  • Errors - Any errors returned by the operation.
  • Outcome - Outcome of the operation. Can be OK or FAIL.

Enable

This operation will enable a disabled Active Directory User account.

Input Parameters

  • UserIdentity (MANDATORY) - Provide the Identity of the User (distinguished, objectGUID, objectSid or sAMAccountName)

Output Parameters

  • Errors - Any errors returned by the operation.
  • Outcome - Outcome of the operation. Can be OK or FAIL.

Move OU

This operation will move an Active Directory User account into a different OU.

Input Parameters

  • UserIdentity (MANDATORY) - Provide the Identity of the User (distinguished, objectGUID, objectSid or sAMAccountName)
  • Path (MANDATORY) - The distinguished name of the OU where the user should be moved to.

Output Parameters

  • Errors - Any errors returned by the operation.
  • Outcome - Outcome of the operation. Can be OK or FAIL.

Delete

This operation will delete an Active Directory User account.

Input Parameters

  • UserIdentity (MANDATORY) - Provide the Identity of the User (distinguished, objectGUID, objectSid or sAMAccountName)

Output Parameters

  • Errors - Any errors returned by the operation.
  • Outcome - Outcome of the operation. Can be OK or FAIL.

Reset Password

This operation will reset the password of an Active Directory User account.

Input Parameters

  • UserIdentity (MANDATORY) - Provide the Identity of the User (distinguished, objectGUID, objectSid or sAMAccountName)
  • Password (MANDATORY) - The new password.

Output Parameters

  • Errors - Any errors returned by the operation.
  • Outcome - Outcome of the operation. Can be OK or FAIL.

Unlock

This operation will unlock an Active Directory User account.

Input Parameters

  • UserIdentity (MANDATORY) - Provide the Identity of the User (distinguished, objectGUID, objectSid or sAMAccountName)

Output Parameters

  • Errors - Any errors returned by the operation.
  • Outcome - Outcome of the operation. Can be OK or FAIL.

Update

This operation will update a user details in Active Directory.

Input Parameters

  • UserIdentity (MANDATORY) - Provide the Identity of the User (distinguished, objectGUID, objectSid or sAMAccountName)
  • GivenName - The Given Name of the User.
  • Initials - The Initials of the User.
  • Surname (MANDATORY) - The Surname of the User.
  • DisplayName (MANDATORY) - The Display Name of the User.
  • City - The users City.
  • Company - The users Company.
  • CountryCode - The users Country Code.
  • Department - The users Department.
  • Description - The users Description.
  • EmailAddress - The users Email Address.
  • EmployeeID - The users Employee ID.
  • Manager - The users Managers Identity (distinguished, objectGUID, objectSid or sAMAccountName).
  • MiddleName - The users Middle Name.
  • OfficeName - The users Office Name.
  • Phone - The users Phone Number.
  • PostalCode - The users Postal Code.
  • ProfilePath - The users Profile Path.
  • ScriptPath - The users logon script path.
  • State - The users State.
  • StreetAddress - The users Street Address.
  • Title - The users Title

Output Parameters

  • Errors - Any errors returned by the operation.
  • Outcome - Outcome of the operation. Can be OK or FAIL.
Retrieved from "https://wiki.hornbill.com/index.php?title=Active_Directory_User_Management&oldid=22491"