Active Directory User Retrieve Version 3

This handler will use the server information and user credentials configured in the task info values to authenticate and connect to the specified Active Directory server (using LDAP) and search for the user based on the search parameters provided. If User Logon is the 'search by' parameter, the handler looks for a '@' symbol in the User Logon to determine how to search for the User Logon name. A '@' symbol indicates a search for the LDAP attribute userPrincipalName (up to 100 characters) while the absence of the '@' symbol will result in a search for the LDAP attribute sAMAccountName (pre-Windows 2000).

  • If 'Distinguished Name' is selected, the 'distinguishedName' attribute will be used directly to retrieve the User entry.

  • If 'Full Name' is selected, the 'cn' attribute will be used to retrieve the User entry.

  • If 'User Name' is selected, the 'userprincipalname' value will be used if the "Search Value" parameter includes an '@' sign (IE john.doe@domain.com) and the 'samaccountname' will be used if it does not (IE john.doe).

  • If 'Email Address' is selected, the 'mail' attribute will be used to retrieve the User entry.

This handler will fail if the user is not found, or if more than one result is found.

Parameters

Name Description
Search By Choose which attribute of the user to search by
Search Value The actual search expression to search for

Sample Configuration

Name Description
Search By User Logon
Search Value <%=@answers['ReqFor Login ID']%>

Results

Name Description
Distinguished Name The globally-unique text string for this user in
First Name The first name of the user
Last Name The last name of the user
Full Name The full name of the user
Manager DN The DN of the user's manager
Initials The initials for the user
Description User description field
Office A string representing the location of the user's
Telephone The primary telephone number of the user
Email Address The email address of the user.
User Logon The User Logon name
User Principal Name The User Principal name
Account Enabled True or False, whether the account is enabled.
Title The user's job title.
Department The primary department that the user is a member of
Company The name of the company that the user is employed by

Changelog

Active Directory User Retrieve V1 (2011-01-17)

  • Initial version. See README for details.

Active Directory User Retrieve V2 (2014-08-05)

  • Changed the password info value to be encrypted.

Active Directory User Retrieve V3 (2015-08-03)

  • Added ability to check if account is enabled or disabled.


Related Handlers

Active Directory Computer Add Groups
Finds a user in active directory by Distinguished Name and adds the computer as a member to one or more groups.
Active Directory Group Create
Creates an Active Directory group entry and uses the provided parameter values to specify common attributes. This handler will fail if the group already exists.
Active Directory User Change Attribute
Finds a user in active directory by Distinguished Name, Full Name, Email Address, or User Name and changes the specified LDAP attribute.
Active Directory User Create
Creates an Active Directory user entry and uses the provided parameter values to specify common user attributes.
Active Directory User Expire Password
Finds a user in active directory by Distinguished Name, Full Name, Email Address, or User Name and sets the password to expired, requiring the user to change it.
Active Directory User Remove Groups
Finds a user in active directory by Distinguished Name, Full Name, Email Address, or User Logon and remove that user as a member from one or more groups.
Active Directory User Temporal Password
Finds a user in active directory by Distinguished Name, Full Name, Email Address, or User Name and sets the 'password never expires' flag.