home
about us
forum
testimonials
sitemap
 
 
PREV
NEXT
  

User Management Resource Administrator


Online Manual: "User Management Resource Adminstrator"
Go to: User Management Resource Administrator homepage

Script Action: Get user (AD)

Function

Access an user account in Active Directory. The action is used always in combination with other subsequent actions. Once the user is found, an internal data structure representing the user account is setup. This structure is stored in a variable (%UserObject%) that can be used by other actions. The action supports several methods to find the user.

Deployment

This action is typically used in a script that is used to manage, edit or delete existing user accounts. A number of actions are available to manage user accounts. Most of these actions require a input variable (%UserObject%) that holds the user account. When this action is executed successfully, the subsequent actions in the script have access to the user account using this variable.

You have three options to identify the user account.

  1. LDAP name: The user account is identified by its full LDAP name. Example: cn=John Williams, ou=Schools, dc=Tools4ever, dc=Com. You only need to specify the property LDAP name to identify the user account. Optionally you can specify a domain controller. The user account is always searched for using LDAP. By specifying the name of a domain controller, the program directly binds to the domain controller instead of a domain controller chosen by Active Directory.

  2. Domain, Organizational Unit-Container, FullName: From these components, User Management Resource Administrator will compose the LDAP name. If necessary, the components are converted to a suitable format. If the FullName is specified but no Organizational Unit-Container is specified, User Management Resource Administrator will not be able to find the user account. Optionally you can specify a domain controller. The user account is always searched for using LDAP. By specifying the name of a domain controller, the program directly binds to the domain controller instead of a domain controller chosen by Active Directory.

  3. Domain, Username: The user account is specified using the NT-style format Domain/UserName. User Management Resource Administrator will convert the name to the full LDAP name. This method requires most resources but does not need the organizational unit to be specified.

If none of these options can be used, you can use the Script Action: Search object (AD) to search for the user account. The result of the Search object action is the LDAP name of the user account that can be used for option 1.

Properties

Property Name

Description

Typical setting

Remarks

Domain

The name of the domain (DNS or NETBIOS style, e.g. tools4ever.com or TOOLS4EVER) of the user account. The user account is specified using LDAP. To specify the user account, you have three options. 1: LDAP name (available from network tree browse operations), 2: Domain + Organizational Unit-Container + FullName (the LDAP name is composed from the individual components), 3: Domain + Username (NT-style, LDAP name is searched for). For each option, you need to specify the corresponding properties.

%Domain%

See Deployment section.

Organizational Unit-Container

The name of the Organizational Unit-Container of the user account (example: Students or Students\\Group1). The user account is specified using LDAP. To specify the user account, you have three options. 1: LDAP name (available from network tree browse operations), 2: Domain + Organizational Unit-Container + FullName (the LDAP name is composed from the individual components), 3: Domain + Username (NT-style, LDAP name is searched for). For each option, you need to specify the corresponding properties.

 

See Deployment section.

Full name

The full name, more precisely known as the common name of the user account in the Organizational Unit-Container - Domain (example: John Williams). The user account is specified using LDAP. To specify the user account, you have three options. 1: LDAP name (available from network tree browse operations), 2: Domain + Organizational Unit-Container + FullName (the LDAP name is composed from the individual components), 3: Domain + Username (NT-style, LDAP name is searched for). For each option, you need to specify the corresponding properties.

%FullName%

See Deployment section.

Username

The pre-Windows 2000 logon name of the user account (example: JWilliams). The user account is specified using LDAP. To specify the user account, you have three options. 1: LDAP name (available from network tree browse operations), 2: Domain + Organizational Unit-Container + FullName (the LDAP name is composed from the individual components), 3: Domain + Username (NT-style, LDAP name is searched for). For each option, you need to specify the corresponding properties.

%UserName%

See Deployment section. 

LDAP name

The full LDAP name of the user account. (example: cn=John Williams, ou=Schools, dc=Tools4ever, dc=Com). If this value is specified, it takes precedence and the values for the properties 'Domain', 'Organizational Unit-Container', 'Full name' and 'Username' are ignored and do not have to be specified.

 

See Deployment section.

Domain controller

Optional: The name of the domain controller, used to access to the domain, container or organizational unit where the account exists. This property can be used for any of the methods used to specify the user account. If this value is not specified, Active Directory chooses one automatically (serverless binding).

 

See Deployment section.

User Object

An internal data structure representing the user account. This property is an 'output only' property and is generated automatically when the user is found in Active Directory. This property can be used in other script actions, for instance to create an Exchange mailbox, setup group memberships or modify user attributes.

No input value can be specified. Always specify an output variable, for example %UserObject%

 

User Security Identifier (SID)

The security identifier (SID) of the new user account. This property is an 'output only' property and can be determined when the user is found in Active Directory. The 'User Security Identifier (SID) is created by the Active Directory automatically when the user account was created. The SID is used when setting permissions, for instance on home directories, Exchange mailboxes etc. The SID is stored by default in the variable %UserSid%.

No input value can be specified.

Specify an output variable value if the SID is needed in subsequent actions.

Remarks

Each of the properties Full name, Username and LDAP name can be specified as output variables, even if the user account is determined by other than the output properties.

Related topics

Help on help
Principle of operation
Project operations - Manage script action properties


Tools4ever User Forum
Topic namePosterRepliesTime
ASP script access errorRemco527/08/08
Set group membershipRemco126/08/08
UMRA Trainingxjumper65025/08/08
Form securitybarrythave211/08/08
Create a email-aliasM.Kellers128/07/08
Alter Date/Time default formatrobdos125/07/08
Special CharactersAndresg123/07/08
Expire an account when creatingJohnZ111/07/08
Error creating mailboxJohnZ110/07/08
Unlock accounttmowatt113/06/08

Home | Products | Support | Pricing | Download | Press | About Us | Contact | Sitemap
QUICK LINKS: Mass / Bulk Import Software | Network Monitoring Software | Disk Quota Management
QUICK LINKS: User and Active Directory Management | Remote Desktop Control | Free Software