Set the value of an attribute of an Active Directory object. You can
select an Active Directory user account by the %UserObject% variable (Use
Script Action: Get user (AD)
to obtain the variable) or every other Active Directory object by the
%ActiveDirectoryObject% variable (Use Script
Action: Get object (AD) to obtain the variable). The attribute is
specified by the LDAP display name of the attribute. For the most common
properties, the LDAP name can be selected from a list. There are several
option to specify which changes are made. You can for example skip or
overwrite an attribute when the attribute value is already present.
This action is typically used in a script that is intended to manage
existing objects and update a particular Active Directory attribute.
|
Property Name |
Description |
Typical setting |
Remarks |
|
User Object |
A data structure representing a user account.
If you want to set the property of a user account object, you can use
this property to specify the Active Directory object for this action.
Use the action 'Get user (AD)' to find the user account in Active Directory
and setup the variable that contains the 'User Object'. |
%UserObject% |
The User Object must always be specified as
a variable. This variable must have been set by a previous script action,
for example Script Action: Get
user (AD) |
|
Active Directory Object |
A data structure representing an Active Directory
Object. If you want to set the property of an Active Directory Object,
you can use this property to specify the Active Directory object for this
action. Use the action 'Get object (AD)' to find the object in Active
Directory and setup the variable that contains the 'Object'. |
%ActiveDirectoryObject% |
The Active Directory Object must always be specified as a variable.
This variable must have been set by a previous script action, for example
Script Action: Get object
(AD)
|
|
Active Directory object LDAP name |
The full LDAP name of the target Active Directory
object. This object can be any object in Active Directory. |
|
|
|
LDAP attribute display name |
The LDAP name of the attribute. The name identifies
the attribute of the Active Directory object. For a number of well-known
attributes, the LDAP name can be selected from a list but you can specify
any other valid name. |
|
A LDAP attribute has several names. In the
Windows 2003/2000 schema, for instance the common name and the LDAP-Display-Name
are used. (example: for the NT-style name of a user, the common name is
'SAM-Account-Name' and the LDAP display name is sAmAccountName. Note that
these names are case sensitive. |
|
Attribute value |
The value of the attribute. The value must
be specified as a text value. When the attribute value is multi-value,
the multi-value flag should be set to 'Yes' |
|
|
|
Skip if new value empty |
Default value: 'No'. Specify 'Yes' to ignore
this action if the new attribute value is empty. In this case, the attribute
is not changed. If this property is not specified or set to 'No', the
target attribute is always updated."), |
|
The new attribute value is empty when the
text value contains no characters. If the value contains a single blank
character, it is considered not empty. |
|
Multi-value flag |
Default value: 'No'. This value must be set
to 'Yes' when multi-value attributes should be set. |
|
|
|
Append versus update multi-value flag |
Default value: ' No'. When set to 'Yes' the
current values will stay the same. When set to 'No' the current values
will be replaced with the specified values |
|
|
