Online Manual: "User Management Resource Adminstrator"
Go to: User Management Resource Administrator homepage
Script Action: Get attribute (AD)
Function
Get the value of an attribute of an Active Directory user account or
other object. The attribute is specified by the LDAP display name of the
attribute. For the most common properties, the LDAP name can be selected
from a list.
Deployment
This action is typically used in a script that is intended to manage
existing user accounts or other Active Directory objects. Once the attribute
is found for the object, the attribute value is saved in a variable that
can be used by subsequent actions of the script. The actions supports
multi-value attributes: When an attribute has multiple values, the values
can be stored as multi-values or converted to a single value.
The attribute can be obtained from any Active Directory object. In most
scripts, the Active Directory object is an user account. The Active Directory
object must be specified as a variable. This variable is used for property
User Object or property Active Directory Object. The
script action Get user (AD)
can be used to set the value for the variable used for property User Object.
For property Active Directory
Object the action Script
Action: Get object (AD) can be used. Only one of the properties User Object and
Active Directory Object msut
be used.
Properties
|
Property Name |
Description |
Typical setting |
Remarks |
|
User Object |
An data structure representing a user account.
If you want to obtain the property of a user account object, you can use
this property to specify the Active Directory object for this action.
Use the action 'Get user (AD)' to find the user account in Active Directory
and setup the variable that contains the 'User Object'. |
%UserObject% |
The User Object must always be specified as
a variable. This variable must have been set by a previous script action,
for example Script Action: Get
user (AD). |
|
Active Directory Object |
A data structure representing a Active Directory
object for which an attribute must obtained. This property can only be
used as a input variable. Earlier in the script, another script action
must have generated the value for this variable. |
|
|
|
Convert to text |
By default, this is set to Yes |
Yes |
See section How
attribute values are stored below |
|
Multi-value flag |
By default, this is set to "No". |
No |
See section How
attribute values are stored below |
|
LDAP attribute display name |
The LDAP name of the attribute. The name identifies
the attribute of the Active Directory object. For a number of well-known
attributes, the LDAP name can be selected from a list but you can specify
any other valid name. |
|
A LDAP attribute has several names.
In the Windows 2003/2000 schema, for instance the common name and the
LDAP-Display-Name are used. (example: for the NT-style name of a user,
the common name is 'SAM-Account-Name' and the LDAP display name is sAmAccountName.
Note that these names are case sensitive. |
|
Error if no attribute found |
Generate an error for this script action if
the specified attribute is not found. |
Yes |
|
|
Error if empty |
Generate an error for this script action if
the attribute is found but attribute value is empty. |
Yes |
|
|
Attribute value |
The value found for the attribute. This property
is an 'output only' property and is generated by the application automatically.
By default, the value for this property is stored in variable %AttributeValue%. |
|
In most cases, you must specify a output
variable for this property. Otherwise, the value of the attribute cannot
be used in other script actions. |
How attribute values are stored
Active Directory contains many different
data types. In UMRA, the following data types are supported:
text numeric date-time long integer Boolean
The way in which the values of output
variables are stored, depends on your settings. The table below provides
an overview of the various possible settings and the resulting effect
for the way in which the output variable is stored.
An instance of a single-valued attribute can contain a single value
(e.g. givenName, surname, title). An instance of a multivalued
attribute (e.g. group membership lists)
can contain either a single value or multiple values. Depending
on the Multi-value flag and Convert
to text properties (Yes or No),
the data types will be stored as follows:
|
Stored as type |
Convert to text |
Multi value |
|
text |
Yes |
No |
|
text list |
Yes |
Yes |
|
table |
No |
Yes |
|
single unconverted data |
No |
No |
If you are not sure what the original data type of an attribute value
is, the best option is to choose the table type (original value is not
converted).
More information:
Principle of operation
Project operations - Input data
Project operations - Manage script actions
Project operations - Variables
Script Action: Set user attribute (AD)
Help on help
|
