Active Directory User Create
Version 1
This handler will use the server information and user credentials configured in the task info values to authenticate and connect to the specified Active Directory server (using LDAP) and create a user entry.
In order to build up the Distinguished Name (a unique identifier for the active directory user entry), the handler uses a template specified as a task info value.
The following entry attributes are set once the user entry is created:
Direct Mappings
- givenname => First Name
- sn => Last Name
- displayname => Full Name
- description => Description
- physicaldeliveryofficename => Office
- telephonenumber => Telephone
- mail => Email
- title => Title
- department => Department
- company => Company
Computed Mappings
- userprincipalname => Is set the the "User Logon" parameter if it was provided using the User Principal Name format. This attribute is not set if the "User Logon" parameter was provided without the "@domain" suffix.
- samaccountname => Is set to the username portion of the "User Logon" parameter.
- initials => A concatenated string of the capitalized first letters of each word in the "Full Name" parameter.
Special Attributes
- objectclass => [top,person,organizationalPerson,user]
If the node parameter "Activated" is set to 'Yes', the user will be activated immediately after the entry attributes have been set.
Task Info Configuration
- dn_format - This value is used to specify the distinguished name of the Active Directory user entry to be created. Anything within curly braces {} will be replaced with the value of the entry attribute or task info value associated with that key. For example, the default format is 'CN={displayname},CN=Users,{base}'. In this case {displayname} is replaced with the displayname attribute value and {base} is replaced with the value of the 'base' task info value. A full list of available entry attributes is available above. If you use organizational units they can be substituted into the distinguished name in this manner.
Parameters
| Name |
Description |
| User Logon |
The user's logon id. This value should be specified as a User Principal Name (UPN) using the format 'username@domain.com'. By convention, the User Logon is typically set to the same value as the user's email addresses. In older Active Directory implementations, the domain may be omitted and the User Logon may be provided using the format 'username'. |
| First Name |
The first name of the user. |
| Last Name |
The last name of the user. |
| Full Name |
The full name of the user. In most Active Directory implementations, this value must be unique. |
| Description |
The description of the user. This value is displayed within the Active Directory user list and is often used to describe the role or purpose of a user account. |
| Office |
A string representing the location of the user's office. This could be a building name or number, floor, room or cube number, or any combination of values. |
| Telephone |
The primary telephone number of the user. |
| Email |
The email address of the user. |
| Title |
The user's job title. |
| Department |
The primary department that the user is a member of. |
| Company |
The name of the company that the user is employed by. |
| Activated |
Indicates whether or not the the user's account should be activated upon creation. |
Sample Configuration
| Name |
Description |
| User Logon |
<%=@results['First Name']%>.<%=@results['Last Name']%>@domain.com |
| First Name |
<%=@results['First Name']%> |
| Last Name |
<%=@results['Last Name']%> |
| Full Name |
<%=@results['Full Name']%> |
| Description |
<%=@results['Employee Type']%> |
| Office |
<%=@results['Office Location']%> |
| Telephone |
<%=@results['Business phone']%> |
| Email |
<%=@results['Email Address']%> |
| Title |
<%=@results['Title']%> |
| Department |
<%=@results['Dept']%> |
| Company |
<%=@results['Company']%> |
| Activated |
Yes |
Results
| Name |
Description |
| Distinguished Name |
The distinguished name of the user entry that was created. For example: CN=Daniel R Thompson,CN=Users,DC=kineticdata,DC=com |
Changelog
Active Directory User Create V1 (2011-01-14)
- Initial version. See README for details.
Related Handlers
- Active Directory Computer Add Groups
- Finds a user in active directory by Distinguished Name and adds the computer as a member to one or more groups.
- Active Directory Computer Remove Groups
- Finds a user in active directory by Distinguished Name (Computer Name) and adds the computer as a member to one or more groups.
- Active Directory Distribution List Member Retrieve
- Finds a Distribution List in active directory by Distinguished Name, or Email Address and returns a comma delimited list of immediate members (e-mail addresses)
- Active Directory Group Create
- Creates an Active Directory group entry and uses the provided parameter values to specify common attributes. This handler will fail if the group already exists.
- Active Directory User Add Groups
- Finds a user in active directory by Distinguished Name, Full Name, Email Address, or User Logon and adds the user as a member to one or more groups.
- Active Directory User Change Attribute
- Finds a user in active directory by Distinguished Name, Full Name, Email Address, or User Name and changes the specified LDAP attribute.
- Active Directory User Disable
- Finds a user in active directory by Distinguished Name, Full Name, Email Address, or User Name and disables the user's account.
- Active Directory User Enable
- Finds a user in active directory by Distinguished Name, Full Name, Email Address, or User Name and enables the user's account.
- Active Directory User Expire Password
- Finds a user in active directory by Distinguished Name, Full Name, Email Address, or User Name and sets the password to expired, requiring the user to change it.
- Active Directory User Permanent Password
- Finds a user in active directory by Distinguished Name, Full Name, Email Address, or User Name and sets the 'password never expires' flag.
- Active Directory User Remove Groups
- Finds a user in active directory by Distinguished Name, Full Name, Email Address, or User Logon and remove that user as a member from one or more groups.
- Active Directory User Retrieve
- Finds a user in active directory by Distinguished Name, Full Name, Email Address, or User Name and returns a predefined set of attributes to include the Distinguished Name(dn).
- Active Directory User Temporal Password
- Finds a user in active directory by Distinguished Name, Full Name, Email Address, or User Name and sets the 'password never expires' flag.
1-651-556-1030
sales@kineticdata.com
