Active Directory

 

This property can be specified in one of three ways: enumeration, ADSpath syntax and variable. Regardless of how you initially enter the specification, the syntax will ultimately be encoded in ADSpath syntax.

 

To enumerate the Organization Unit and determine the proper OU or CN path, you must enter the domain name into the Domain property. This property cannot be left blank. For example:

 

 

In the image below, Engineering is selected for the Organizational Unit property.

 

 

Folders with an icon are organizational units and regular folder icons are containers.

 

Several of the job steps in this section provide the ability to add attributes to an Active Directory object. Both attributes and group memberships are collections. To add an attribute click on the Attribute value (usually initialized to <empty>). You will see two (2) buttons: Add and Delete All. Click the Add button to add a new attribute pair.

 

 

You’ll see a Name and Value pair. If you click on the dropdown for the Name property you’ll be presented with a list of attributes suitable for the object selected.

 

 

Once you select an attribute you would specify a corresponding value (which can be a variable).

 

 

In the above figure, the attribute givenName is assigned a value represented by the variable givenName. Attribute names can also be represented by variables. Note that the property ADAttribute contains a shorthand representation. This make it convenient to see the name/value pairs without drilling into the Attribute collection itself.

 

 

To delete an individual attribute, click on the individual attribute and then click on the red stylized “x” on the far right. To delete all attributes, click on the “Delete All” button on the Attributes property.

 

Several of the job steps in this section provide the ability to add group memberships in one or more groups to an Active Directory object. To add a Group Membership click on the Membership value (usually initialized to <empty>). You will see two (2) buttons: Add and Delete All. Click the Add button to add a new group membership.

 

 

Under AD Group you’ll find a Name property which represents the Group Membership name. To the right is a dropdown which will enumerate the available groups. You can select one, type one in or specify a variable name. For example,

 

 

To delete an individual group membership, click on the individual group and then click on the red stylized “x” on the far right. To delete all memberships, click on the “Delete All” button on the Membership property.

 

Note: A word about dropdown enumerators: Depending on the job step, you may not be able to use an enumerator if you decide to use a variable. The reason is simple. Variables get there values at run-time. During design time, some of the enumerators require multiple pieces of information in order to provide the assistance. For example, the RemoveUserFromGroup job step requires an actual domain name and username in order to enumerate the groups. If either domain name or account name is a variable, the enumeration for groups will fail. This note only applies to the dropdown enumerators. If you’re using variables then you probably understand the information requirements and don’t need the dropdown assistance as much.

 

This job step adds a Group to Active Directory.

 

 

Platforms Supported

Windows

 

Software Pre-Requisites

None

 

Job Step Properties

 

Active Directory – This dropdown allows for a domain and credentials specification.

 

• Domain – This property contains the name of the Active Directory domain.

• Credentials – The path of a User Account object that is authorized to perform this operation. If omitted, the current Execution User credentials are used.

 

Group Name – This property contains the name of the Group you wish to add.

 

Group Description – This property contains the description of the group

 

Organizational Unit – While this property indicates an organizational unit and/or container using ADSpath syntax as described in Active Directory.

 

Group Scope – This optional property indicates scope of the group being created. Local, Global and Universal are valid scope selections.

 

Group Type – This optional property indicates the type of group being created. Distribution and Security are valid selections.

 

This job step adds a User to Active Directory.

 

 

Platforms Supported

Windows

 

Software Pre-Requisites

None

 

Job Step Properties

 

Active Directory – This dropdown allows for a domain and credentials specification.

 

• Domain – This property contains the name of the Active Directory domain.

• Credentials – The path of a User Account object that is authorized to perform this operation. If omitted, the current Execution User credentials are used.

 

New Account Name – This property contains the name of the User you wish to add.

 

New Account Password – This property contains the name of the password for the newly created user.

 

Organizational Unit – While this property indicates an organizational unit and/or container using ADSpath syntax as described in Active Directory.

 

Attributes – This collection of properties represents ADSI properties/attributes for the object. One or more attributes can be specified as described in Active Directory – Attributes.

 

Membership – This optional property represents one or more groups that the user is to be associated as a member in. The groups themselves are enumerable through a dropdown. Read Active Directory – Group Memberships for more information.

 

This job step adds a User to a Group.

 

 

Platforms Supported

Windows

 

Software Pre-Requisites

None

 

Job Step Properties

 

Domain – This property contains the name of the Active Directory domain.

 

Account Name – This property is the name of the User.

 

Membership – This property represents one or more groups that the user is to be associated as a member in. The groups themselves are enumerable through a dropdown. Read Active Directory – Group Memberships for more information.

 

Credentials – The path of a User Account object that is authorized to perform this operation. If omitted, the current Execution User credentials are used.

 

This job step deletes an Active Directory object.

 

 

Platforms Supported

Windows

 

Software Pre-Requisites

None

 

Job Step Properties

 

Domain – This property contains the name of the Active Directory domain.

 

Object Name – This property identifies the object you want to delete.

 

Credentials – The path of a User Account object that is authorized to perform this operation. If omitted, the current Execution User credentials are used.

 

This job step disables an Active Directory user.

 

 

Platforms Supported

Windows

 

Software Pre-Requisites

None

 

Job Step Properties

 

Domain – This property contains the name of the Active Directory domain.

 

Account Name – This property identifies the user you want to disable.

 

Credentials – The path of a User Account object that is authorized to perform this operation. If omitted, the current Execution User credentials are used.

 

This job step enables an Active Directory User.

 

 

Platforms Supported

Windows

 

Software Pre-Requisites

None

 

Job Step Properties

 

Domain – This property contains the name of the Active Directory domain.

 

Account Name – This property identifies the user you want to enable.

 

Credentials – The path of a User Account object that is authorized to perform this operation. If omitted, the current Execution User credentials are used.

 

This job step allows you to enumerate through Active Directory objects that meet search criteria. Nested job steps are executed for each iteration of the objects that are returned. For example, the job step “Log” below is nested and executed for each AD object that is returned.

 

 

Platforms Supported

Windows

 

Software Pre-Requisites

None

 

Job Step Properties

 

Domain – This property contains the name of the Active Directory domain.

 

Object Filter Options – This collection of properties allows you to search for either specific attributes, custom or mailbox objects. You make your selection using the dropdown. If the search criteria is omitted, all objects are enumerated.

 

For Attribute Search

 

• Attribute Name – Specify the name of the attribute you want to search for.

• Attribute Value – Specify the value of the attribute as noted in “Attribute Name”.

 

For Custom and Mailbox Search:

 

• Search String – You specify the search string as an LDAP format filter expression. For example:(&(objectClass=user)(objectClass=person))

• Denotes that the object to search for is a user and person. Information on the LDAP filter can be found on Microsoft’s website at: http://msdn.microsoft.com/en-us/library/system.directoryservices.directorysearcher.filter.aspx.

 

Search Depth – This property indicates the maximum depth the search will occur to. Three (3) selections are available: Base, OneLevel and Subtree.

 

ContextName – This property indicates the execution variable context name whose values will be populated with the resulting object found in the search. Each iteration of the loop will be populated with the next object that is returned.

 

Credentials – The path of a User Account object that is authorized to perform this operation. If omitted, the current Execution User credentials are used.

 

This job step allows you to modify one or more attributes for a specified object. If the object is a User, you can use the slightly simpler form of “Modify User Attributes”.

 

 

Platforms Supported

Windows

 

Software Pre-Requisites

None

 

Job Step Properties

 

Domain – This property contains the name of the Active Directory domain.

 

Object Category – This dropdown property allows you to select the category of the AD object whose attributes you would like to modify.

 

Object Name – This property indicates the specific object for modification.

 

Credentials – The path of a User Account object that is authorized to perform this operation. If omitted, the current Execution User credentials are used.

 

Attributes – This collection of properties represents ADSI properties/attributes for the object. One or more attributes can be specified as described in Active Directory – Attributes.

 

This job step allows you to modify one or more attributes for a specified User object.

 

 

Platforms Supported

Windows

 

Software Pre-Requisites

None

 

Job Step Properties

 

Domain – This property contains the name of the Active Directory domain.

 

User Name – This property indicates the (by default) Common Name string that should be used for the lookup. The Find By property can modify this behavior and allow the use of a different attribute for lookup.

 

Find By – By default, the “common name” is used when looking up the User specified in the User Name property. This dropdown property allows you to select a different attribute to lookup the object.

 

Credentials – The path of a User Account object that is authorized to perform this operation. If omitted, the current Execution User credentials are used.

 

Attributes – This collection of properties represents ADSI properties/attributes for the user. One or more attributes can be specified as described in Active Directory – Attributes.

This job step removes a user from a group.

 

 

Platforms Supported

Windows

 

Software Pre-Requisites

None

 

Job Step Properties

 

Domain – This property contains the name of the Active Directory domain.

 

Account Name – This property is the name of the User.

 

Membership – This property represents one or more groups that the user is to be removed as a member from. The groups themselves are enumerable through a dropdown. Read Active Directory – Group Memberships for more information.

 

Credentials – The path of a User Account object that is authorized to perform this operation. If omitted, the current Execution User credentials are used.