RapidIdentity Product Guide: New UI

Active Directory Adapter Reference

Connect Password Filter

The Active Directory adapter depends on the Connect Active Directory Password Filter to be able to capture password changes in AD.

Install and configure the password filter only if the environment is using Active Directory.

Adds a member to a Group on the Active Directory Server.

Property

Value

Description

adConnection*

expression, variable

the AD connection

groupDn*

text, expression, variable

theDN of the Group

memberDn*

text, expression, variable

the DN of the member

returnVariable

expression, variable

name of the variable to be assigned to the return value

Example

session = openADConnection()
groupDn = "CN=TestGroup,OU=Groups,DC=test,DC=local"
newDn = "CN=Test User,OU=People,DC=test,DC=local"
result = addADGroupMember(session, groupDn, newDn)
if(result) {
    log("User added to Group " + groupDn)
} else {
    log("User not added to Group " + opegroupDn)
}
close(session)

Adds members to a Group on the Active Directory Server.

Property

Value

Description

memberDns*

expression, variable

array of DNs of the members

groupDn*

text, expression, variable

theDN of the Group

adConnection*

expression, variable

the AD connection

returnVariable

expression, variable

name of the variable to be assigned to the return value

Example

session = openADConnection(...)
groupDn = "CN=TestGroup,OU=Groups,DC=test,DC=local"
newMembers = createArray()
appendArrayItem(newMembers, "CN=Test User 1,OU=People,DC=test,DC=local")
appendArrayItem(newMembers, "CN=Test User 2,OU=People,DC=test,DC=local")
appendArrayItem(newMembers, "CN=Test User 3,OU=People,DC=test,DC=local")
result = addADGroupMembers(session, groupDn, newMembers)
if(result) {
    log("Users added to Group " + groupDn)
} else {
    log("Users not added to Group " + groupDn)
}
close(session)

Add a User to the Active Directory server.

Property

Value

Description

adConnection*

expression, variable

the AD connection

record*

expression, variable

the Record containing fields to set - must contain the dn in the @dn field

password*

password, string, expression, variable

the initial password

returnVariable

expression, variable

name of the variable to be assigned to the return value

Example

session = openADConnection(...)
record = createRecord()
# Set default values
setRecordFieldValue(record, "objectClass", "User")
setRecordFieldValue(record, "sn", "User")
setRecordFieldValue(record, "givenName", "Test")
setRecordFieldValue(record, "mail", "TestUser@test.local")
setRecordFieldValue(record, "sAMAccountName", "TestUser")
setRecordFieldValue(record, "homeDirectory", "\\\\Server\\Share\\Users\\" 
    + record['sAMAccountName'])
setRecordFieldValue(record, "homeDrive", "H:")
password = "changeme"
# Set DN
destinationDN = "OU=People,DC=test,DC=local"
setRecordFieldValue(record, "cn", record['givenName'] + " " 
    + record['sn'])
setRecordFieldValue(record, "@dn", "cn=\"" + record.cn + "\"," 
    + destinationDN)
removeRecordField(record, "cn")
if(!record['sn'] || !record['givenName'] || !record['mail'] || 
    !record['sAMAccountName']) {
    log("Minimum requirements not met for add - " + record)
    return null
} else {
}
# Add User
result = addADUser(session, record, *********)
if(result) {
    log("Record added - " + record)
    if(record['homeDirectory']) {
        result = createADHomeDirectory(system['session'], 
            record['@dn'], record['homeDirectory'])
        if(result) {
            log("Directory created - " + record['homeDirectory'])
        } else {
            log("Unable to create directory - " 
                + record['homeDirectory'])
        }
    } else {
}
} else {
    log("Record not added - " + record)
}
close(session)

Add an array of Users to the Active Directory Server.

Property

Value

Description

adConnection*

expression, variable

the AD connection

records*

expression, variable

array of Records containing fields to set - must contain the dn in the @dn field

passwords*

expression, variable

array of initial passwords

returnVariable

expression, variable

name of the variable to be assigned to the return value

Example

session = openADConnection(...)
# Build arrays of User records and passwords to add
newUserRecords = createArray()
newUserPasswords = createArray()
i = 0
while(i < 10) {
    record = createRecord()
    # Set default values
    setRecordFieldValue(record, "objectClass", "User")
    setRecordFieldValue(record, "sn", "User" + i)
    setRecordFieldValue(record, "givenName", "Test")
    setRecordFieldValue(record, "mail", "TestUser" + i "@test.local")
    setRecordFieldValue(record, "sAMAccountName", "TestUser" + i)
    setRecordFieldValue(record, "homeDirectory", 
        "\\\\Server\\Share\\Users\\" +
    record['sAMAccountName'])
    setRecordFieldValue(record, "homeDrive", "H:")
    password = "changeme"
    # Set DN
    destinationDN = "OU=People,DC=test,
        DC=local"setRecordFieldValue(record, "cn", 
        record['givenName'] 
    + " " + record['sn'])
    setRecordFieldValue(record, "@dn", "cn=\"" + record['cn'] + "\"," + destinationDN)
    removeRecordField(record, "cn")
    if(record['sn'] && record['givenName'] && record['mail'] && 
        record['sAMAccountName']) {
        appendArrayItem(newUserRecords, record)
        appendArrayItem(newUserPasswords, password)
    } else {
        log("Minimum requirements not met for add - " + record)
    }
    i = i + i
}
if(newUserRecords['length'] == 0) {
    # No users to add
    return
}
# Add Users
results = addADUsers(session, newUserRecords, newUserPasswords)
i = 0;
forEach(record, newUserRecords) {
    result = results && results[i];
    if(result) {
        log("Record added - " + record)
        if(record['homeDirectory']) {
            result = createADHomeDirectory(system['session'], 
                    record['@dn'],
            record['homeDirectory'])
            if(result) {
                log("Directory created - " 
                    + record['homeDirectory'])
            } else {
                log("Unable to create directory - " 
                    + record['homeDirectory'])
            }
        } else {
        }
    } else {
        log("Record not added - " + record)
    }
    i = i + 1
}
close(session)

Compare a Record field on the Active Directory server.

Property

Value

Description

adConnection*

expression, variable

the AD connection

dn*

expression, variable

the DN of the Record

fieldName

text, expression, variable

name of the field to be compared

fieldValue

text, expression, variable

value of the field to be compared

returnVariable

expression, variable

name of the variable to be assigned to the return value

Example

session = openADConnection(...)
mail = "testuser@test.local"
isEqual = compareADField(session, dn, "mail", mail)
if(isEqual == true) {
    log("mail = " + mail)
} else {
    log("mail <> " + mail)
}
close(session)

Create a Home Directory for a User on the Active Directory server.

Property

Value

Description

adConnection*

expression, variable

the AD connection

userDn*

text, expression, variable

the DN of the User

uncPath*

text, expression, variable

the UNC path of the home directory

returnVariable

expression, variable

name of the variable to be assigned to the return value

extraProperties

expression, variable

extra possible properties supported for JCIFS NG

Example

session = openADConnection(...)
setRecordFieldValue(record, "homeDirectory", 
    "\\\\server1.test.local\\share\\users\\testuser")
setRecordFieldValue(record, "@dn", 
    "CN=test user,OU=People,DC=test,DC=local")
result = createADHomeDirectory(session, record['@dn'], 
    record['homeDirectory'])
if(result) {
    log("Directory created - " + record['homeDirectory'])
} else {
    log("Unable to create directory - " + record['homeDirectory'])
}
close(session)

Delete a Home Directory for a User on the Active Directory server.

Property

Value

Description

adConnection*

expression, variable

the AD connection

userDn*

text, expression, variable

the DN of the User

returnVariable

expression, variable

name of the variable to be assigned to the return value

extraProperties

expression, variable

extra possible properties supported for JCIFS NG

Example

session = openADConnection(...)
setRecordFieldValue(record, "homeDirectory", 
    "\\\\server1.test.local\\share\\users\\testuser")
setRecordFieldValue(record, "@dn", 
    "CN=test user,OU=People,DC=test,DC=local")
result = deleteADHomeDirectory(session, record['@dn'], 
    record['homeDirectory'])
if(result) {
    log("Directory deleted - " + record['homeDirectory'])
} else {
    log("Unable to delete directory - " + record['homeDirectory'])
}
close(session)

Delete a record from the Active Directory server.

Property

Value

Description

adConnection*

expression, variable

the AD connection

dn*

text, expression, variable

the DN of the Record

recursive

boolean, expression, variable

recursively delete subtree rooted at dn (default: false)

returnVariable

expression, variable

name of the variable to be assigned to the return value

Example

session = openADConnection(...)
dn = "CN=test user,OU=People,DC=test,DC=local"
result = deleteADRecord(session, dn)
if(result) {
    log("Record deleted - " + dn)
} else {
    log("Unable to delete record - " + dn)
}
close(session)

Delete array of Records from the Active Directory server.

Property

Value

Description

adConnection*

expression, variable

the AD connection

dns*

expression, variable

array of DNs of the Records

recursive

boolean, expression, variable

recursively delete subtree rooted at dn (default: false)

returnVariable

expression, variable

name of the variable to be assigned to the return value

Example

session = openADConnection(...)
dns = createArray()
appendArrayItem(dns, "CN=Test User 1,OU=People,DC=test,DC=local")
appendArrayItem(dns, "CN=Test User 2,OU=People,DC=test,DC=local")
appendArrayItem(dns, "CN=Test User 3,OU=People,DC=test,DC=local")
results = deleteADRecords(session, dns)
i = 0
forEach(dn, dns) {
    result = results && results[i]
    if(result) {
        log("Record deleted - " + dn)
    } else {
        log("Unable to delete record - " + dn
    }
    i = i + 1
}
close(session)

Get 'Account is Disabled' flag.

Property

Value

Description

adConnection*

expression, variable

the AD connection

accountDn*

text, expression, variable

the DN of the account

returnVariable

expression, variable

name of the variable to be assigned to the return value

Example

session = openADConnection(...)
setRecordFieldValue(record, "@dn", 
    "CN=test user,OU=People,DC=test,DC=local")
result  =  getADAccountDisabled (Session, record['@dn'])
if(result)   {
    log("Active Directory Account Disabled", "green")
} else {
    log("Active Directory Account NOT Disabled", "red")
}
close(session)

Get 'Account is Disabled' flag from multiple accounts.

Property

Value

Description

adConnection*

expression, variable

the AD connection

accountDns*

expression, variable

array of DNs of the accounts

returnVariable

expression, variable

name of the variable to be assigned to the return value

Example

session = openADConnection(...)
dns = createArray()
appendArrayItem(dns, "CN=Test User 1,OU=People,DC=test,DC=local")
appendArrayItem(dns, "CN=Test User 2,OU=People,DC=test,DC=local")
appendArrayItem(dns, "CN=Test User 3,OU=People,DC=test,DC=local")
results = getADAccountsDisabled(session, dns)
i = 0
forEach(dn, dns) {
    result = results && results[i]
    if(result) {
        log("Account is disabled - " + dn)
    } else {
        log("Account is enabled - " + dn)
    }
    i = i + 1
}
close(session)

Get changed Records from an Active Directory server.

Property

Value

Description

adConnection*

expression, variable

the AD connection

baseDn*

text, expression, variable

the search base dn

scope*

choice (sub, one, base), text, expression, variable

the search scope

filter*

text, expression, variable

the search filter expression or an example Record

attributes

text, expression, variable

comma separated list of attributes to return (default: none)

cookie

expression, variable

cookie returned from previous invocation (default: none, which will return all objects)

returnVariable

expression, variable

name of the variable to be assigned to the return value

Warning

This action, as shown in the example below, provides valid results when configured properly. However, getADChanges is no longer the preferred method to obtain changed record results within an Action Set.

The current preferred method to obtain changed record results is to use the openADChangeIterator action, as shown below.

Example

session = openADConnection(...)
cookieFile = "/cookie/studentsAD.cookie"
fileExists = isFile(cookieFile)
if(!fileExists) {
    saveToFile(cookieFile, "")
} else {
}
varCookie = loadFileAsBytes(cookieFile)
# getRecords
moreResults = 1
while(moreResults != 0) {
    recordChanges = getADChanges(session, 
        "OU=People,DC=test,DC=local", "sub", 
    "(employeeType=Student)", "cn,sn,givenName", varCookie)
    moreResults = 0
    if(recordChanges) {
        log("Count: " + recordChanges.length)
    } else {
    }
    # foreach
    forEach(recordChange, recordChanges) {
        if(recordChange.objectClass == "cookie") {
            saveToFile(cookieFile, recordChange.cookie)
            varCookie = recordChange.cookiemoreResults = 
                Number(recordChange.moreResults)
        } else {
            record = getADRecord(session, recordChange['@dn'], "*")
            # transformations
            if(!record) {
                continue()
            } else {
                log("Name information has changed: " + record.sn 
                    + " " + record['givenName'])
            }
        }
    }
}
# Close Connections
close(session)

Get 'Password does not expire' flag.

Property

Value

Description

adConnection*

expression, variable

the AD connection

accountDn*

text, expression, variable

the DN of the account

returnVariable

expression, variable

name of the variable to be assigned to the return value

Example

session = openADConnection(...)
dn = "CN=Test User,OU=People,DC=test,DC=local"
result = getADDontExpirePassword(session, dn)
if(result != null) {
    if(result == true) {
        log("Password expires")
    } else {
        log("Password does not expire")
    }
} else {
    log("Unable to get UserCannotChangePassword")
}
close(session)

Get 'Password does not expire' flag from multiple accounts.

Property

Value

Description

adConnection*

expression, variable

the AD connection

accountDns*

expression, variable

array of DNs of the accounts

returnVariable

expression, variable

name of the variable to be assigned to the return value

Example

session = openADConnection(...)
dns = createArray()
appendArrayItem(dns, "CN=Test User 1,OU=People,DC=test,DC=local")
appendArrayItem(dns, "CN=Test User 2,OU=People,DC=test,DC=local")
appendArrayItem(dns, "CN=Test User 3,OU=People,DC=test,DC=local")
results = getADDontExpirePasswords(session, dns)
i = 0
forEach(dn, dns) {
    result = results && results[i]
    if(result) {
        log("Account password doesn't expire - " + dn)
    } else {
        log("Account password expires - " + dn)
    }
    i = i + 1
}
close(session)

Gets decrypted password stored by RapidIdentity password filter from an Active Directory entry.

Property

Value

Description

adConnection*

expression, variable

the AD connection

dn*

text, expression, variable

the DN of the Record

returnVariable

expression, variable

name of the variable to be assigned to the return value

Example

session = openADConnection(...)
password = "password1" 
dn = "CN=Test User,OU=People,DC=test,DC=local"
adPwd = getADPassword(session, dn)
if(adPwd && adPwd == password) {
    log("User has not changed their default password!")
} else {
    log("Password has been changed from default.")
}
close(session)

Gets an array of decrypted passwords stored by RapidIdentity password filter from Active Directory entries.

Property

Value

Description

adConnection*

expression, variable

the AD connection

dns*

expression, variable

array of DNs of the Records

returnVariable

expression, variable

name of the variable to be assigned to the return value

Example

session = openADConnection(...)
password = "password1" 
dns = createArray()
appendArrayItem(newMembers, 
    "CN=Test User 1,OU=People,DC=test,DC=local")
appendArrayItem(newMembers, 
    "CN=Test User 2,OU=People,DC=test,DC=local")
appendArrayItem(newMembers, 
    "CN=Test User 3,OU=People,DC=test,DC=local")
adPwds = getADPasswords(session, dns)
i = 0
forEach(dn, dns) {
    adPwd = adPwds && adPwds[i]
    if(adPwd == password) {
        log("User has not changed their default password!")
    } else {
        log("Password has been changed from default.")
    }
    i = i + i
}
close(session)

Get a Record from the Active Directory server.

Property

Value

Description

adConnection*

expression, variable

the AD connection

dn*

expression, variable

the DN of the Record

attributes

text, expression, variable

comma separated list of attributes to return (default: none)

returnVariable

expression, variable

name of the variable to be assigned to the return value

Example

session = openADConnection(...)
dn = "CN=Test User,OU=People,DC=test,DC=local"
record = getADRecord(session, dn, "cn,sn,givenName")
if(record) {
    log("User found: " + record)
} else {
    log("User not found: " + dn)
}
close(session)

Get multiple Records from the Active Directory server.

Property

Value

Description

adConnection*

expression, variable

the AD connection

baseDn*

text, expression, variable

the search base dn

scope*

choice (sub, one, base), text, expression, variable

the search scope

filter*

text, expression, variable

the search filter expression or an example Record

maxResults

expression, variable

maximum number of Records to return (default: the server maximum)

attributes

text, expression, variable

comma separated list of attributes to return (default: none)

returnVariable

expression, variable

name of the variable to be assigned to the return value

Example

session = openADConnection(...)
baseDn = "OU=People,DC=test,DC=local"
filter = "(objectClass=user)"
records = getADRecords(session, baseDn, "sub", filter, 
    "cn,sn,givenName")
log("Found: " + records.length)
forEach(record,records) {
    log("User found: " + record)
}
close(session)

Get an array of Records from the Active Directory server by DN.

Property

Value

Description

adConnection*

expression, variable

the AD connection

dns*

expression, variable

array of DNs of the Records

attributes

text, expression, variable

comma separated list of attributes to return (default: none)

returnVariable

expression, variable

name of the variable to be assigned to the return value

Example

session = openADConnection(...)
dns = createArray()
appendArrayItem(newMembers, 
    "CN=Test User 1,OU=People,DC=test,DC=local")
appendArrayItem(newMembers, 
    "CN=Test User 2,OU=People,DC=test,DC=local")
appendArrayItem(newMembers, 
    "CN=Test User 3,OU=People,DC=test,DC=local")
records = getADRecordsByDN(session, dns, "cn,sn,givenName")
i = 0
forEach(dn, dns) {
    record = records && records[i]
    if(record) {
        log("User found: " + record)
    } else {
        log("User not found: " + dn)
    }
    i = i + 1
}
close(session)

Get AD 'User Cannot Change Password' flag.

Property

Value

Description

adConnection*

expression, variable

the AD connection

userDn*

text, expression, variable

the DN of the User

returnVariable

expression, variable

name of the variable to be assigned to the return value

Example

session = openADConnection(...)
dn = "CN=Test User,OU=People,DC=test,DC=local"
result = getADUserCannotChangePassword(session, dn)
if(result != null) {
    if(result == true) {
        log("User cannot change password")
    } else {
        log("User can change password")
    }
} else {
    log("Unable to get UserCannotChangePassword")
}
close(session)

Get AD 'User Cannot Change Password' flag from multiple Users.

Property

Value

Description

adConnection*

expression, variable

the AD connection

userDns*

expression, variable

array of DNs of the Users

returnVariable

expression, variable

name of the variable to be assigned to the return value

Example

session = openADConnection(...)
dns = createArray()
appendArrayItem(dns, "CN=Test User 1,OU=People,DC=test,DC=local")
appendArrayItem(dns, "CN=Test User 2,OU=People,DC=test,DC=local")
appendArrayItem(dns, "CN=Test User 3,OU=People,DC=test,DC=local")
results = getADUsersCannotChangePassword(session, dns)
i = 0
forEach(dn, dns) {
    result = results && results[i]
    if(result) {
        log("User cannot change password - " + dn)
    } else {
        log("User can change password - " + dn)
    }
    i = i + 1
}
close(session)

Modify a Record on the Active Directory server.

Property

Value

Description

adConnection*

expression, variable

the AD connection

dn*

expression, variable

the DN of the Record

removeRecord

expression, variable

a Record containing attributes/values to be removed

addRecord

expression, variable

a Record containing attribute values to be added

returnVariable

expression, variable

name of the variable to be assigned to the return value

Example

session = openADConnection(...)
addRecord = createRecord()
removeRecord = createRecord()
setRecordFieldValue(addRecord, "objectClass", "customObjectClass")
addRecordField(removeRecord, "telephoneNumber")
dn = "CN=Test User,OU=People,DC=test,DC=local"
result = modifyADRecord(session, dn, removeRecord, addRecord)
if(result) {
    log("Record modified - Added " + addRecord)
    log("Record modified - Removed " + removeRecord)
} else {
    log("Record not modified - " + dn)
}
close(session)

Modify an array of Records on the Active Directory server.

Property

Value

Description

adConnection*

expression, variable

the AD connection

dns*

expression, variable

array of DNs of the Records

removeRecords

expression, variable

array of Records containing attributes/values to be removed

addRecords

expression, variable

array of Records containing attribute values to be added

returnVariable

expression, variable

name of the variable to be assigned to the return value

Example

session = openADConnection(...)
addRecord = createRecord()
removeRecord = createRecord()
setRecordFieldValue(addRecord, "objectClass", "customObjectClass")
addRecordField(removeRecord, "telephoneNumber")
addRecords = createArray()
removeRecords = createArray()
dns = createArray()
appendArrayItem(dns, "CN=Test User 1,OU=People,DC=test,DC=local")
appendArrayItem(addRecords, addRecord)
appendArrayItem(removeRecords, removeRecord)
appendArrayItem(dns, "CN=Test User 2,OU=People,DC=test,DC=local")
appendArrayItem(addRecords, addRecord)
appendArrayItem(removeRecords, removeRecord)
appendArrayItem(dns, "CN=Test User 3,OU=People,DC=test,DC=local")
appendArrayItem(addRecords, addRecord)
appendArrayItem(removeRecords, removeRecord)
results = modifyADRecords(session, dns, removeRecords, addRecords)
i = 0
forEach(dn, dns) {
    result = results && result[i]
    if(result) {
        log("Record modified - Added " + addRecords[i] + " to " 
            + dn)
        log("Record modified - Removed " + removeRecords[i] 
            + " to " + dn)
    } else {
        log("Record not modified - " + dn)
    }
    i = i + 1
}
close(session)

Moves a Home Directory for a User on the Active Directory server.

Property

Value

Description

adConnection*

expression, variable

the AD connection

userDn*

text, expression, variable

the DN of the User

uncPath*

text, expression, variable

the new UNC path of the home directory

returnVariable

expression, variable

name of the variable to be assigned to the return value

extraProperties

expression, variable

extra possible properties supported for JCIFS NG

Example

session = openADConnection(...)
homeDirectory = "\\\\server1.test.local\\share\\users\\testuser"
dn = "CN=test user,OU=People,DC=test,DC=local"
result = moveADHomeDirectory(session, dn, homeDirectory)
if(result) {
    log("Directory moved - " + homeDirectory)
} else {
    log("Unable to move directory - " + homeDirectory)
}
close(session)

Open AD Change Iterator.

Property

Value

Description

adConnection*

expression, variable

the AD connection

baseDn*

text, expression, variable

the search base dn

scope*

choice (sub, one, base), text, expression, variable

the search scope

filter*

text, expression, variable

the search filter expression or an example Record

attributes

text, expression, variable

comma separated list of attributes to return (default: none)

cookieFile*

text, expression, variable

path to file to load/save cookie

returnVariable

expression, variable

name of the variable to be assigned to the return value

Warning

The cookie file can impact the results obtained when running openADChangeIterator. If the cookie file does not exist in the path, the results when running the Action Set will show all records based on the listed action properties and their values. If the cookie file does exist in the path, the results when running the Action Set will show the results that have changed since the Action Set was last run relative to the existing cookie file. Thus, the presence of a cookie file could lead to inaccurate results when running the Action Set. If it is necessary to ensure the Action Set is run for all targeted records, one option is to rename or move the cookie file.

Example

session = openADConnection(...)
cookieFile = "/cookie/studentsAD.cookie"
recordChanges = openADChangeIterator(session, 
    "OU=People,DC=test,DC=local", "sub", 
"(employeeType=Student)", "cn,sn,givenName", cookieFile)
# foreach
forEach(recordChange, recordChanges) {
    record = getADRecord(session, recordChange['@dn'], "*")
    # transformations
    if(!record) {
        continue()
    } else {
        log("Name information has changed: " + record['sn'] + " " 
            + record['givenName'])
    }
}
# Close Connections
close(session)

Open a connection to an Active Directory server.

Property

Value

Description

adHost*

text, expression, variable

the host name or IP address of the Active Directory server

adPort

expression, variable

the TCP port of the Active Directory server (default: 636 if using SSL, 389 otherwise.)

useSSL

boolean, expression, variable

use SSL/TLS (default: false.)

userDn

text, expression, variable

the user DN for authenticating to the Active Directory server

password

password, string, expression, variable

the user password for authenticating to the Active Directory server

returnVariable

expression, variable

name of the variable to be assigned to the return value

extraProperties

expression, variable

Defined below as applicable

Table 310. Booleans

Property

Description

abandonOnTimeout

Indicates whether the LDAP SDK should attempt to abandon any request for which no response is received in the maximum response timeout period

captureConnectStackTrace

Indicates whether the LDAP SDK should capture a thread stack trace for each attempt made to establish a connection

useKeepAlive

Indicates whether to use the SO_KEEPALIVE option for the underlying sockets used by associated connections

useTCPNoDelay

Indicates whether to use the TCP_NODELAY option for the underlying sockets used by associated connections

followReferrals

Indicates whether associated connections should attempt to follow any referrals that they encounter

usePassiveSSLSocketVerifier

If true, corresponds to RapidIdentity setting a SSLSocketVerifier using a passive SSL socket verifier with the connection timeout milliseconds



Table 311. Integers

Property

Description

connectTimeoutMillis

The maximum length of time in milliseconds that a connection attempt should be allowed to continue before giving up

useLinger

The SO_LINGER timeout for the underlying sockets used by associated connections

referralHopLimit

The maximum number of hops that a connection should take when trying to follow a referral

responseTimeoutMillis

The maximum length of time in milliseconds that an operation should be allowed to block while waiting for a response from the server



Example

host = "server1.test.local"
port = "636"
ssl = true
user = "test.local\\administrator"
password = "mySecur3p@ssw0rd"
session = openADConnection(host,port,ssl,user,password)
if(session) {
    log("Successfully connected to AD!")
} else {
    log("Unable to connect to AD")
}
close(session)

Open Record Iterator for AD server to sort large sets of records.

Property

Value

Description

adConnection*

expression, variable

the AD connection

baseDn*

text, expression, password, variable

the search base dn

scope*

choice (sub, one, base), text, expression, variable

the search scope

filter*

text, expression, password, variable

the search filter expression or an example record

initialOffset

expression, variable

the number of records to skip initially. (default: 0)

pageSize

expression, variable

the preferred number of records to fetch at a time from AD server. (default: 100)

attributes

text, expression, password, variable

comma-separated list of attributes to check/return (default: none)

sortKey

text, expression, password, variable

comma-separated list of attributes to use as sort keys, with optional +/- to indicate sort direction. (default: unsorted)

returnVariable

expression, variable

name of the variable to be assigned to the return value

Example

sessionAD = openADConnection("10.100.30.35", "636", true, 
    "administrator@test.local",<Password>)
# Record Iterator
i = 0
recordChanges = openADRecordIterator(sessionAD, 
    "ou=students,ou=people,dc=test,dc=local", "sub", 
"(employeeType=Student)", undefined, undefined, "cn", undefined)
recordIterator: forEach(recordChange, recordChanges) {
    log(recordChange)
    i = i +1
    if(i >= 30) {
        break(recordIterator)
        } else {
        }
    }
}
# Close
close(sessionLDAP)

Removes a member from a Group on the Active Directory server.

Property

Value

Description

adConnection*

expression, variable

the AD connection

groupDn*

text, expression, variable

theDN of the Group

memberDn*

text, expression, variable

the DN of the member

returnVariable

expression, variable

name of the variable to be assigned to the return value

Example

session = openADConnection(...)
groupDn = "CN=TestGroup,OU=Groups,DC=test,DC=local"
newDn = "CN=Test User,OU=People,DC=test,DC=local"
result = removeADGroupMember(session, groupDn, newDn)
if(result) {
    log("User removed from Group " + groupDn)
} else {
    log("User not removed from Group " + groupDn)
}
close(session)

Removes multiple members from a Group on the Active Directory server.

Property

Value

Description

adConnection*

expression, variable

the AD connection

groupDn*

text, expression, variable

theDN of the Group

memberDns*

expression, variable

array of DNs of the members

returnVariable

expression, variable

name of the variable to be assigned to the return value

Example

session = openADConnection(...)
groupDn = "CN=TestGroup,OU=Groups,DC=test,DC=local"
newMembers = createArray()
appendArrayItem(newMembers, 
    "CN=Test User 1,OU=People,DC=test,DC=local")
appendArrayItem(newMembers, 
    "CN=Test User 2,OU=People,DC=test,DC=local")
appendArrayItem(newMembers, 
    "CN=Test User 3,OU=People,DC=test,DC=local")
result = removeADGroupMembers(session, groupDn, newMembers)
if(result) {

    log("Users removed from Group " + groupDn)
} else {
    log("Users not removed from Group " + groupDn)
}
close(session)

Rename and/or move an object on the Active Directory server.

Property

Value

Description

adConnection*

expression, variable

the AD connection

oldDn*

text, expression, variable

the original DN of the object

newDn*

text, expression, variable

the new DN of the object

keepOldRdn*

boolean, expression, variable

preserve that attribute values used by the old dn (default: false.)

returnVariable

expression, variable

name of the variable to be assigned to the return value

Example

session = openADConnection(...)
oldDn = "CN=Test User,OU=People,DC=test,DC=local"
newDn = "CN=Test User,OU=Staff,OU=Internal,OU=People,DC=test,DC=local"
result = renameADRecord(session, oldDn, newDn)
if(result) {
    log("User moved or renamed to " + newDn)
} else {
    log("User not moved or renamed " + oldDn)
}
close(session)

Save a Record to the Active Directory server.

Property

Value

Description

adConnection*

expression, variable

the AD connection

record*

expression, variable

the Record to save - must contain the dn in the @dn field

returnVariable

expression, variable

name of the variable to be assigned to the return value

Example

session = openADConnection(...)
record = createRecord()
setRecordFieldValue(record, "telephoneNumber", "555-555-1234")
addRecordFieldValue(record, "telephoneNumber", "555-555-9876")
dn = "CN=Test User,OU=People,DC=test,DC=local"
setRecordFieldValue(record, "@dn", dn)
result = saveADRecord(session, record)
if(result) {
    log("Record saved - " + record)
} else {
    log("Record not saved - " + record)
}
close(session)

Save an array of Records to the Active Directory server.

Property

Value

Description

adConnection*

expression, variable

the AD connection

records*

expression, variable

the array of Records to save - must contain the dn in the @dn field

returnVariable

expression, variable

name of the variable to be assigned to the return value

Example

session = openADConnection(...)
records = createArray()
record = createRecord()
setRecordFieldValue(record, "telephoneNumber", "555-555-1234")
addRecordFieldValue(record, "telephoneNumber", "555-555-9876")
setRecordFieldValue(record, "@dn", 
    "CN=Test User 1,OU=People,DC=test,DC=local")
appendArrayItem(records, record)
record = createRecord()
setRecordFieldValue(record, "telephoneNumber", "555-555-4321")
addRecordFieldValue(record, "telephoneNumber", "555-555-6789")
setRecordFieldValue(record, "@dn", 
    "CN=Test User 2,OU=People,DC=test,DC=local")
appendArrayItem(records, record)
record = createRecord()
setRecordFieldValue(record, "telephoneNumber", "555-555-2468")
addRecordFieldValue(record, "telephoneNumber", "555-555-1357")
setRecordFieldValue(record, "@dn", 
    "CN=Test User 3,OU=People,DC=test,DC=local")
appendArrayItem(records, record)
results = saveADRecords(session, records)
i = 0
forEach(dn, dns) {
    result = results && result[i]
    if(result) {
        log("Record saved - " + record)
    } else {
        log("Record not saved - " + record)
    }
    i = i + 1
}
close(session)

Set/clear AD 'Account is Disabled' flag.

Property

Value

Description

connection*

expression, variable

the AD connection

accountDn*

text, expression, variable

the DN of the account

state*

boolean, expression, variable

true to disable the account, false otherwise

returnVariable

expression, variable

name of the variable to be assigned to the return value

Example

session = openADConnection(...)
setRecordFieldValue(record, "@dn", 
    "CN=test user,OU=People,DC=test,DC=local")
result  =  setADAccountDisabled (Session, record['@dn'], false)
if(result)   {
    log("setADAccountDisabled worked", "green")
} else {
    log("setADAccountDisabled failed", "red")
}
close(session)

Set/clear AD 'Account is Disabled' flag on multiple accounts.

Property

Value

Description

adConnection*

expression, variable

the AD connection

accountDns*

expression, variable

array of DNs of the accounts

state*

boolean, expression, variable

true to disable the account, false otherwise

returnVariable

expression, variable

name of the variable to be assigned to the return value

Example

session = openADConnection(...)
dns = createArray()
appendArrayItem(dns, "CN=Test User 1,OU=People,DC=test,DC=local")
appendArrayItem(dns, "CN=Test User 2,OU=People,DC=test,DC=local")
results = setADAccountsDisabled(session, dns, true)
i = 0
forEach(dn, dns) {
    result = results && results[i] 
    if(result) {
        log("Account set to disabled - " + dn)
    } else {
        log("Account not set to disabled " + dn)
    }
    i = i + 1
}
close(session)

Set/clear AD 'Password does not expire' flag.

Property

Value

Description

adConnection*

expression, variable

the AD connection

accountDn*

text, expression, variable

the DN of the account

state*

boolean, expression, variable

true to disable the account, false otherwise

returnVariable

expression, variable

name of the variable to be assigned to the return value

Example

session = openADConnection(...)
dn = "CN=Test User,OU=People,DC=test,DC=local"
result = setADDontExpirePassword(session, dn, true)
if(result) {
    log("Password does not expire")
} else {
    log("Unable to set DontExpirePassword")
}
close(session)

Set/clear AD 'Password does not expire' flag on multiple accounts.

Property

Value

Description

adConnection*

expression, variable

the AD connection

accountDns*

expression, variable

array of DNs of the accounts

state*

boolean, expression, variable

true to disable the account, false otherwise

returnVariable

expression, variable

name of the variable to be assigned to the return value

Example

session = openADConnection(...)
dns = createArray()
appendArrayItem(dns, "CN=Test User 1,OU=People,DC=test,DC=local")
appendArrayItem(dns, "CN=Test User 2,OU=People,DC=test,DC=local")
results = setADDontExpirePasswords(session, dns, true)
i = 0
forEach(dn, dns) {
    result = results && results[i] 
    if(result) {
        log("Account set to not expire passwords - " + dn)
    } else {
        log("Account not set to not expire passwords " + dn)
    }
    i = i + 1
}
close(session)

Sets password on a Record on the Active Directory server.

Property

Value

Description

adConnection*

expression, variable

the AD connection

dn*

text, expression, variable

the DN of the Record

password*

password, string, expression, variable

the password

oldPassword

password, string, expression, variable

the old password (default: none)

returnVariable

expression, variable

name of the variable to be assigned to the return value

Example

session = openADConnection(...)
password = "password1" 
dn = "CN=Test User,OU=People,DC=test,DC=local"
result = setADPassword(session, dn, password)
if(result) {
    log("Password has been set")
} else {
    log("Password was not set")
}
close(session)

Sets passwords on Records on the Active Directory server.

Property

Value

Description

adConnection*

expression, variable

the AD connection

dns*

text, expression, variable

array of DNs of Records

passwords*

expression, variable

array of passwords

oldPasswords

expression, variable

array of old passwords (default: none)

returnVariable

expression, variable

name of the variable to be assigned to the return value

Example

session = openADConnection(...)
dns = createArray()
passwords = createArray()
appendArrayItem(dns, "CN=Test User 1,OU=People,DC=test,DC=local")
appendArrayItem(passwords, "password1")
appendArrayItem(dns, "CN=Test User 2,OU=People,DC=test,DC=local")
appendArrayItem(passwords, "password2")
results = setADPasswords(session, dns, passwords)
i = 0
forEach(dn, dns) {
    result = results && results[i] 
    if(result) {
        log("Password has been set for " + dn)
    } else {
        log("Password was not set for " + dn)
    }
    i = i + 1
}
close(session)

Set/clear AD 'User Cannot Change Password' flag.

Property

Value

Description

adConnection*

expression, variable

the AD connection

userDn*

text, expression, variable

the DN of the User

state*

boolean, expression, variable

true to disallow user from changing password, false otherwise

returnVariable

expression, variable

name of the variable to be assigned to the return value

Example

session = openADConnection(...)
dn = "CN=Test User,OU=People,DC=test,DC=local"
result = setADUserCannotChangePassword(session, dn, true)
if(result) {
    log("User cannot change password")
} else {
    log("Unable to set UserCannotChangePassword")
}
close(session)

Set/clear AD 'User Cannot Change Password' flag on multiple Users.

Property

Value

Description

adConnection*

expression, variable

the AD connection

userDns*

expression, variable

array of DNs of the Users

state*

boolean, expression, variable

true to disallow user from changing password, false otherwise

returnVariable

expression, variable

name of the variable to be assigned to the return value

Example

session = openADConnection(...)
dns = createArray()
appendArrayItem(dns, "CN=Test User 1,OU=People,DC=test,DC=local")
appendArrayItem(dns, "CN=Test User 2,OU=People,DC=test,DC=local")
results = setADUsersCannotChangePassword(session, dns, true)
i = 0
forEach(dn, dns) {
    result = results && results[i] 
    if(result) {
        log("Account set to not allow password change - " + dn)
    } else {
        log("Account not set to not allow password change - " + dn)
    }
    i = i + 1
}
close(session)