Active Directory User Expire Password
Version 2
This handler will use the server information and user credentials configured in the task info values to authenticate and connect to the specified Active Directory server (using LDAP) and search for the user based on the search parameters provided. If User Logon is the 'search by' parameter, the handler looks for a '@' symbol in the User Logon to determine how to search for the User Logon name. A '@' symbol indicates a search for the LDAP attribute userPrincipalName (up to 100 characters) while the absence of the '@' symbol will result in a search for the LDAP attribute sAMAccountName(pre-Windows 2000). Finally, the handler will set the password to expired. This is analogous to checking the box marked "User must change password at next logon" on the active directory users and computers administration tool.
If 'Distinguished Name' is selected, the 'distinguishedName' attribute will be used directly to retrieve the User entry.
If 'Full Name' is selected, the 'cn' attribute will be used to retrieve the User entry.
If 'User Name' is selected, the 'userprincipalname' value will be used if the "Search Value" parameter includes an '@' sign (IE john.doe@domain.com) and the 'samaccountname' will be used if it does not (IE john.doe).
If 'Email Address' is selected, the 'mail' attribute will be used to retrieve the User entry.
This handler will fail if the user is not found, or if more than one result is found.
Parameters
| Name |
Description |
| Search By |
Choose which attribute of the user to search by |
| Search Value |
The actual search expression to search for |
Sample Configuration
| Name |
Description |
| Search By |
User Logon |
| Search Value |
<%=@answers['ReqFor Login ID']%> |
Results
This handler does not return any results.
Changelog
Active Directory User Expire Password V1 (2011-02-04)
- Initial version. See README for details.
Active Directory User Expire Password V2 (2014-08-05)
- Changed the password info value to be encrypted.
Related Handlers
- Active Directory Computer Add Groups
- Finds a user in active directory by Distinguished Name and adds the computer as a member to one or more groups.
- Active Directory Computer Remove Groups
- Finds a user in active directory by Distinguished Name (Computer Name) and adds the computer as a member to one or more groups.
- Active Directory Distribution List Member Retrieve
- Finds a Distribution List in active directory by Distinguished Name, or Email Address and returns a comma delimited list of immediate members (e-mail addresses)
- Active Directory Group Create
- Creates an Active Directory group entry and uses the provided parameter values to specify common attributes. This handler will fail if the group already exists.
- Active Directory User Add Groups
- Finds a user in active directory by Distinguished Name, Full Name, Email Address, or User Logon and adds the user as a member to one or more groups.
- Active Directory User Change Attribute
- Finds a user in active directory by Distinguished Name, Full Name, Email Address, or User Name and changes the specified LDAP attribute.
- Active Directory User Create
- Creates an Active Directory user entry and uses the provided parameter values to specify common user attributes.
- Active Directory User Disable
- Finds a user in active directory by Distinguished Name, Full Name, Email Address, or User Name and disables the user's account.
- Active Directory User Enable
- Finds a user in active directory by Distinguished Name, Full Name, Email Address, or User Name and enables the user's account.
- Active Directory User Permanent Password
- Finds a user in active directory by Distinguished Name, Full Name, Email Address, or User Name and sets the 'password never expires' flag.
- Active Directory User Remove Groups
- Finds a user in active directory by Distinguished Name, Full Name, Email Address, or User Logon and remove that user as a member from one or more groups.
- Active Directory User Retrieve
- Finds a user in active directory by Distinguished Name, Full Name, Email Address, or User Name and returns a predefined set of attributes to include the Distinguished Name(dn).
- Active Directory User Temporal Password
- Finds a user in active directory by Distinguished Name, Full Name, Email Address, or User Name and sets the 'password never expires' flag.
1-651-556-1030
sales@kineticdata.com
