Active Directory Commands
Generic Commands
Describes all generic commands of active directory plugin.
CheckObjectName
This command checks if a “DN” is unique in AD. The “DN” can contain
objects like CN= and OU=. An OU object is valid when the OU name
within his parent is unique. All other object with a canonical name must
be unique in the AD.
| Address | Description |
|---|---|
| AD.CheckObjectName | Check if CN or OU name in DN is valid |
Input parameters
| Parameter | Description | Data Type |
|---|---|---|
| DN | Distinguished Name without LDAP://host/ | System.String |
Output parameters
| Parameter | Description | Data Type |
|---|---|---|
| IsNameValid | True if name unique, else false | System.Boolean |
Example:
{
"Id": "514BAA22-27D8-441F-BABD-413F4F8EFC02",
"Name": "CheckObjectName",
"Type": "CommandNode",
"Address": "AD.CheckObjectName",
"Arguments": [
{
"Name": "DN",
"Type": "Input",
"DataType": "System.String"
},
{
"Name": "IsNameValid",
"Type": "Output",
"DataType": "System.Boolean"
}
]
}
GetParent
This command returns the parent object DN. The parent object always represents an organizational unit OU.
| Address | Description |
|---|---|
| AD.GetParent | Get objects parent OU DN |
Input parameters
| Parameter | Description | Data Type |
|---|---|---|
| DN | Distinguished Name without LDAP://host/ | System.String |
Output parameters
| Parameter | Description | Data Type |
|---|---|---|
| ParentDN | The parent distinguished name | System.String |
Example:
{
"Id": "372E91A8-4593-4445-A5D8-04D31120D83A",
"Name": "GetParent",
"Type": "CommandNode",
"Address": "AD.GetParent",
"Arguments": [
{
"Name": "DN",
"Type": "Input",
"DataType": "System.String"
},
{
"Name": "ParentDN",
"Type": "Output",
"DataType": "System.String"
}
]
}
GetCN
This command returns the object canonical name. If the object is an organizational unit, the return value is the object OU name.
| Address | Description |
|---|---|
| AD.GetCN | Get object canonical name |
Input parameters
| Parameter | Description | Data Type |
|---|---|---|
| DN | Distinguished Name without LDAP://host/ | System.String |
Output parameters
| Parameter | Description | Data Type |
|---|---|---|
| CN | The object canonical name | System.String |
Example:
{
"Id": "9770E2F1-C432-4CE5-8898-DDC596A3FBF9",
"Name": "GetCN",
"Type": "CommandNode",
"Address": "AD.GetCN",
"Arguments": [
{
"Name": "DN",
"Type": "Input",
"DataType": "System.String"
},
{
"Name": "CN",
"Type": "Output",
"DataType": "System.String"
}
]
}
GetDomainPath
This command returns the distinguished name of the domain part in the object distinguished name.
| Address | Description |
|---|---|
| AD.GetDomainPath | Get object domain path |
Input parameters
| Parameter | Description | Data Type |
|---|---|---|
| DN | Distinguished Name without LDAP://host/ | System.String |
Output parameters
| Parameter | Description | Data Type |
|---|---|---|
| DomainDN | The domain distinguished name | System.String |
Example:
{
"Id": "37A2FCEB-9F67-4D47-90F5-9CBD42105E5D",
"Name": "GetDomainPath",
"Type": "CommandNode",
"Address": "AD.GetDomainPath",
"Arguments": [
{
"Name": "DN",
"Type": "Input",
"DataType": "System.String"
},
{
"Name": "DomainDN",
"Type": "Output",
"DataType": "System.String"
}
]
}
GetDomainFQDN
This command returns the fully qualified domain name FQDN of the domain part in the object distinguished name.
| Address | Description |
|---|---|
| AD.GetDomainFQDN | Get objects domain in FQDN notation |
Input parameters
| Parameter | Description | Data Type |
|---|---|---|
| DN | Distinguished Name without LDAP://host/ | System.String |
Output parameters
| Parameter | Description | Data Type |
|---|---|---|
| FQDN | The domain FQDN | System.String |
Example:
{
"Id": "A1FB31C3-3855-43DD-8D31-AA96FA632652",
"Name": "GetDomainFQDN",
"Type": "CommandNode",
"Address": "AD.GetDomainFQDN",
"Arguments": [
{
"Name": "DN",
"Type": "Input",
"DataType": "System.String"
},
{
"Name": "FQDN",
"Type": "Output",
"DataType": "System.String"
}
]
}
User Commands
Describes all commands for users in the active directory plugin.
CreateUser
This command creates a user in the AD defined by his distinguished name “DN”. The parameter “LoginName” represents the user principal name used to logon to a client.
The “DN” is defined by the following syntax:
“CN=“\[A-Za-z0-9.\_-\]{1,64}“,\[OU=“\[A-Za-z0-9\_\]{1,64}\]{1,10}“,DC=“\[A-Za-z0-9\]{1,64}\]{2,5}
Example:
“CN=petermueller,OU=Users,OU=Marketing,OU=MyOrg,DC=login,DC=myorg,DC=com“
The “LoginName“ is defined by the following syntax:
\[A-Za-z0-9.\_-\]{1,64}”
Example:
<peter.mueller@login.myorg.com>
info
Be Aware: The “LoginName” and the canonical name (
CN=<username>) inDNmust be unique in the domain.
| Address | Description |
|---|---|
| AD.CreateUser | Creates a user in AD |
Input parameters
| Parameter | Description | Data Type |
|---|---|---|
| DN | Distinguished Name without LDAP://host/ | System.String |
| LoginName | Used for SAM account and user principal | System.String |
| GivenName | Given name (optional) | System.String |
| SureName | Sure name (optional) | System.String |
| InitialPassword | Initial Login Password | System.String |
| E-Mail (mandatory for Azure sync) | System.String | |
| Phone | Phone (optional) | System.String |
| Street | Street (optional) | System.String |
| PostalCode | Postal code (optional) | System.String |
| City | City (optional) | System.String |
| PasswordNeverExpires | Flag indicates that password never expires (optional) | System.Boolean |
| ChangePasswordAtNextLogon | Flag indicates the user to change password (optional) | System.Boolean |
| CreateParent | Create Parent OU’s if not exists (optional) | System.Boolean |
| DisableUser | Disable the user (optional) | System.Boolean |
| UserCannotChangePassword | User cannot change the password (optional) | System.Boolean |
| UserPrincipalName | Example max@something.com (optional if Email is provided) | System.String |
Example:
{
"Id": "8274B58D-7ED7-4E9E-8EFC-CC738DEE6192",
"Name": "CreateUser",
"Type": "CommandNode",
"Address": "AD.CreateUser",
"Arguments": [
{
"Name": "DN",
"Type": "Input",
"DataType": "System.String"
},
{
"Name": "LoginName",
"Type": "Input",
"DataType": "System.String"
},
{
"Name": "GivenName",
"Type": "Input",
"DataType": "System.String"
},
{
"Name": "SureName",
"Type": "Input",
"DataType": "System.String"
},
{
"Name": "InitialPassword",
"Type": "Input",
"DataType": "System.String"
},
{
"Name": "Email",
"Type": "Input",
"DataType": "System.String"
},
{
"Name": "Phone",
"Type": "Input",
"DataType": "System.String"
},
{
"Name": "Street",
"Type": "Input",
"DataType": "System.String"
},
{
"Name": "PostalCode",
"Type": "Input",
"DataType": "System.String"
},
{
"Name": "City",
"Type": "Input",
"DataType": "System.String"
},
{
"Name": "PasswordNeverExpires",
"Type": "Input",
"DataType": "System.Boolean"
},
{
"Name": "ChangePasswordAtNextLogon",
"Type": "Input",
"DataType": "System.Boolean"
},
{
"Name": "CreateParent",
"Type": "Input",
"DataType": "System.Boolean"
},
{
"Name": "DisableUser",
"Type": "Input",
"DataType": "System.Boolean"
},
{
"Name": "UserCannotChangePassword",
"Type": "Input",
"DataType": "System.Boolean"
},
{
"Name": "UserPrincipalName",
"Type": "Input",
"DataType": "System.String"
}
]
}
CheckUser
This command checks if a user with parameter DN exists in the AD Explicit or Any User.
| Address | Description |
|---|---|
| AD.CheckUser | Checks if user exists in AD |
Input parameters
| Parameter | Description | Data Type |
|---|---|---|
| DN | Distinguished Name without LDAP://host/ | System.String |
| bCheckOnlyUser | Checking only CN = Commune Name | System.Boolean |
Output parameters
| Parameter | Description | Data Type |
|---|---|---|
| UserExists | True if user exists, else false | System.Boolean |
Example:
{
"Id": "ED6A4070-078C-405A-8A0E-6164F556111C",
"Name": "CheckUser",
"Type": "CommandNode",
"Address": "AD.CheckUser",
"Arguments": [
{
"Name": "DN",
"Type": "Input",
"DataType": "System.String"
},
{
"Name": "CheckOnlyUser",
"Type": "Input",
"DataType": "System.Boolean"
},
{
"Name": "UserExists",
"Type": "Output",
"DataType": "System.Boolean"
}
]
}
GetUser
This command gets users attributes from the AD.
| Address | Description |
|---|---|
| AD.GetUser | Get users attributes from AD object |
Input parameters
| Parameter | Description | Data Type |
|---|---|---|
| DN | Distinguished Name without LDAP://host/ | System.String |
Output parameters
| Parameter | Description | Data Type |
|---|---|---|
| LoginName | Used for SAM account and user principal | System.String |
| GivenName | Given name (optional) | System.String |
| SureName | Sure name (optional) | System.String |
| E-Mail (mandatory for Azure sync) | System.String | |
| Phone | Phone (optional) | System.String |
| Street | Street (optional) | System.String |
| PostalCode | Postal code (optional) | System.String |
| City | City (optional) | System.String |
| LastLogon | Last logon time stamp as string | System.String |
| LogonCount | Logon Count | System.String |
| ObjectSID | Object SID | System.String |
| UserPrincipalName | User principal name | System.String |
| Groups | Distinguished name of groups which the user is member of | System.String[] |
Example:
{
"Id": "FDF50030-830A-4B2C-A0F1-D2A0E752B660",
"Name": "GetUser",
"Type": "CommandNode",
"Address": "AD.GetUser",
"Arguments": [
{
"Name": "DN",
"Type": "Input",
"DataType": "System.String"
},
{
"Name": "LoginName",
"Type": "Output",
"DataType": "System.String"
},
{
"Name": "GivenName",
"Type": "Output",
"DataType": "System.String"
},
{
"Name": "SureName",
"Type": "Output",
"DataType": "System.String"
},
{
"Name": "Email",
"Type": "Output",
"DataType": "System.String"
},
{
"Name": "Phone",
"Type": "Output",
"DataType": "System.String"
},
{
"Name": "Street",
"Type": "Output",
"DataType": "System.String"
},
{
"Name": "PostalCode",
"Type": "Output",
"DataType": "System.String"
},
{
"Name": "City",
"Type": "Output",
"DataType": "System.String"
},
{
"Name": "LastLogon",
"Type": "Output",
"DataType": "System.String"
},
{
"Name": "LogonCount",
"Type": "Output",
"DataType": "System.String"
},
{
"Name": "ObjectSID",
"Type": "Output",
"DataType": "System.String"
},
{
"Name": "PasswordNeverExpires",
"Type": "Output",
"DataType": "System.Boolean"
},
{
"Name": "ChangePasswordAtNextLogon",
"Type": "Output",
"DataType": "System.Boolean"
},
{
"Name": "UserCannotChangePassword",
"Type": "Output",
"DataType": "System.Boolean"
},
{
"Name": "DisableUser",
"Type": "Output",
"DataType": "System.Boolean"
},
{
"Name": "UserPrincipalName",
"Type": "Output",
"DataType": "System.String"
},
{
"Name": "Groups",
"Type": "Output",
"DataType": "System.String[]"
}
]
}
MoveUser
This command moves a user object to another parent OU.
| Address | Description |
|---|---|
| AD.MoveUser | Moves a user to another OU parent |
Input parameters
| Parameter | Description | Data Type |
|---|---|---|
| DN | New distinguished Name without LDAP://host/ | System.String |
| CreateParent | Create Parent OU’s if not exists (optional) | System.Boolean |
Example:
{
"Id": "31B6FF74-05C9-44E5-BCCC-BCCB54382D95",
"Name": "MoveUser",
"Type": "CommandNode",
"Address": "AD.MoveUser",
"Arguments": [
{
"Name": "DN",
"Type": "Input",
"DataType": "System.String"
},
{
"Name": "CreateParent",
"Type": "Input",
"DataType": "System.Boolean"
}
]
}
RemoveUser
This command removes a user object from AD.
| Address | Description |
|---|---|
| AD.RemoveUser | Removes a user from AD |
Input parameters
| Parameter | Description | Data Type |
|---|---|---|
| DN | Distinguished Name without LDAP://host/ | System.String |
Example:
{
"Id": "63C1AABF-240E-4127-89C2-000207804476",
"Name": "RemoveUser",
"Type": "CommandNode",
"Address": "AD.RemoveUser",
"Arguments": [
{
"Name": "DN",
"Type": "Input",
"DataType": "System.String"
}
]
}
AddUserToGroup
This command adds a user to a group as member.
| Address | Description |
|---|---|
| AD.AddUserToGroup | Adds a user to group |
Input parameters
| Parameter | Description | Data Type |
|---|---|---|
| UserDN | User Distinguished Name without LDAP://host/ | System.String |
| GroupDN | Group Distinguished Name without LDAP://host/ | SystemString |
Example:
{
"Id": "482F819E-7E4F-4B53-963A-61D38088920D",
"Name": "AddUserToGroup",
"Type": "CommandNode",
"Address": "AD.AddUserToGroup",
"Arguments": [
{
"Name": "UserDN",
"Type": "Input",
"DataType": "System.String"
},
{
"Name": "GroupDN",
"Type": "Input",
"DataType": "System.String"
}
]
}
RemoveUserFromGroup
This command removes a user membership to a group.
| Address | Description |
|---|---|
| AD.RemoveUserFromGroup | Removes a user from group |
Input parameters
| Parameter | Description | Data Type |
|---|---|---|
| UserDN | User Distinguished Name without LDAP://host/ | System.String |
| GroupDN | Group Distinguished Name without LDAP://host/ | SystemString |
Example:
{
"Id": "E6969472-D650-4B14-BAFA-4E8606564193",
"Name": "RemoveUserFromGroup",
"Type": "CommandNode",
"Address": "AD.RemoveUserFromGroup",
"Arguments": [
{
"Name": "UserDN",
"Type": "Input",
"DataType": "System.String"
},
{
"Name": "GroupDN",
"Type": "Input",
"DataType": "System.String"
}
]
}
IsUserInGroup
This command checks if a user is a member of a group.
| Address | Description |
|---|---|
| AD.IsUserInGroup | Checks if a user is member of a group |
Input parameters
| Parameter | Description | Data Type |
|---|---|---|
| UserDN | User Distinguished Name without LDAP://host/ | System.String |
| GroupDN | Group Distinguished Name without LDAP://host/ | SystemString |
Output parameters
| Parameter | Description | Data Type |
|---|---|---|
| IsUserInGroup | true if user in group else false | System.Boolean |
Example:
{
"Id": "CC34F9F6-537C-49B5-A2A9-1B0058C2C6C4",
"Name": "IsUserInGroup",
"Type": "CommandNode",
"Address": "AD.IsUserInGroup",
"Arguments": [
{
"Name": "UserDN",
"Type": "Input",
"DataType": "System.String"
},
{
"Name": "GroupDN",
"Type": "Input",
"DataType": "System.String"
},
{
"Name": "IsUserInGroup",
"Type": "Output",
"DataType": "System.Boolean"
}
]
}
RemoveUsersGroup
This command removes all Group Members except membership Domain Users.
| Address | Description |
|---|---|
| AD.RemoveUsersGroup | Removes a user from AD |
Input parameters
| Parameter | Description | Data Type |
|---|---|---|
| UserDN | Distinguished Name without LDAP://host/ | System.String |
Example:
{
"Id": "93066f6c-1dfd-4aad-8b5a-828d97eb42cc",
"Name": "RemoveUsersGroup",
"Type": "CommandNode",
"Address": "AD.RemoveUserGroup",
"Arguments": [
{
"Name": "UserDN",
"Type": "Input",
"DataType": "System.String"
}
]
}
ResetUserPassword
This command resets a user password.
| Address | Description |
|---|---|
| AD.ResetUserPassword | Reset the user password |
Input parameters
| Parameter | Description | Data Type |
|---|---|---|
| DN | Distinguished Name without LDAP://host/ | System.String |
| InitialPassword | Users new password | System.String |
| PasswordNeverExpires | Flag indicates that password never expires | System.Boolean |
| ChangePasswordAtNextLogon | Flag indicates the user to change password | System.Boolean |
| UserCannotChangePassword | Flag indicates that the user cannot change its password | System.Boolean |
Example:
{
"Id": "0E0DEEA0-A257-4DFB-A1F7-50BFCED1FCD5",
"Name": "ResetUserPassword",
"Type": "CommandNode",
"Address": "AD.ResetUserPassword",
"Arguments": [
{
"Name": "DN",
"Type": "Input",
"DataType": "System.String"
},
{
"Name": "InitialPassword",
"Type": "Input",
"DataType": "System.String"
},
{
"Name": "PasswordNeverExpires",
"Type": "Input",
"DataType": "System.Boolean"
},
{
"Name": "ChangePasswordAtNextLogon",
"Type": "Input",
"DataType": "System.Boolean"
},
{
"Name": "UserCannotChangePassword",
"Type": "Input",
"DataType": "System.Boolean"
}
]
}
UpdateUser
This command updates user attributes in the AD.
| Address | Description |
|---|---|
| AD.UpdateUser | Update the user attributes in AD |
Input parameters
| Parameter | Description | Data Type |
|---|---|---|
| DN | Distinguished Name without LDAP://host/ | System.String |
| LoginName | Used for SAM account and user principal | System.String |
| GivenName | Given name (optional) | System.String |
| SureName | Sure name (optional) | System.String |
| E-Mail (mandatory for Azure sync) | System.String | |
| Phone | Phone (optional) | System.String |
| Street | Street (optional) | System.String |
| PostalCode | Postal code (optional) | System.String |
| City | City (optional) | System.String |
| PasswordNeverExpires | Flag indicates that password never expires (optional) | System.Boolean |
| ChangePasswordAtNextLogon | Flag indicates the user to change password (optional) | System.Boolean |
| CreateParent | Create Parent OU’s if not exists (optional) | System.Boolean |
| DisableUser | Disable the user (optional) | System.Boolean |
| UserCannotChangePassword | User cannot change the password (optional) | System.Boolean |
| UserPrincipalName | Example max@something.com (optional if Email is provided) | System.String |
Example:
{
"Id": "3351A486-6B9F-47E3-A49B-7A0989EB7315",
"Name": "UpdateUser",
"Type": "CommandNode",
"Address": "AD.UpdateUser",
"Arguments": [
{
"Name": "DN",
"Type": "Input",
"DataType": "System.String"
},
{
"Name": "LoginName",
"Type": "Input",
"DataType": "System.String"
},
{
"Name": "GivenName",
"Type": "Input",
"DataType": "System.String"
},
{
"Name": "SureName",
"Type": "Input",
"DataType": "System.String"
},
{
"Name": "InitialPassword",
"Type": "Input",
"DataType": "System.String"
},
{
"Name": "Email",
"Type": "Input",
"DataType": "System.String"
},
{
"Name": "Phone",
"Type": "Input",
"DataType": "System.String"
},
{
"Name": "Street",
"Type": "Input",
"DataType": "System.String"
},
{
"Name": "PostalCode",
"Type": "Input",
"DataType": "System.String"
},
{
"Name": "City",
"Type": "Input",
"DataType": "System.String"
},
{
"Name": "PasswordNeverExpires",
"Type": "Input",
"DataType": "System.Boolean"
},
{
"Name": "ChangePasswordAtNextLogon",
"Type": "Input",
"DataType": "System.Boolean"
},
{
"Name": "DisableUser",
"Type": "Input",
"DataType": "System.Boolean"
},
{
"Name": "UserCannotChangePassword",
"Type": "Input",
"DataType": "System.Boolean"
},
{
"Name": "UserPrincipalName",
"Type": "Input",
"DataType": "System.String"
}
]
}
Group Commands
Describes all commands for groups in the active directory plugin.
CreateGroup
This command creates a global security group in the AD, defined by his
distinguished name DN.
The DN is defined by the following syntax:
“CN=“\[A-Za-z0-9\_-\]{1,64}“,\[OU=“\[A-Za-z0-9\]{1,64\]{1,10}“,DC=“\[A-Za-z0-9\]{1,64\]{2,5}
Example:
“CN=G_Marketing,OU=Users,OU=Marketing,OU=MyOrg,DC=login,DC=myorg,DC=com“
Be Aware
The canonical name (
CN=<groupname>) in “DN” must be unique in the domain.
| Address | Description |
|---|---|
| AD.CreateGroup | Creates a group in AD |
Input parameters
| Parameter | Description | Data Type |
|---|---|---|
| DN | Distinguished Name without LDAP://host/ | System.String |
| Description | Group description (optional) | System.String |
| CreateParent | Create parent OU’s if not exists (optional) | System.Boolean |
Example:
{
"Id": "3C56FF20-EC64-4754-9684-CA2B2ED88415",
"Name": "CreateGroup",
"Type": "CommandNode",
"Address": "AD.CreateGroup",
"Arguments": [
{
"Name": "DN",
"Type": "Input",
"DataType": "System.String"
},
{
"Name": "Description",
"Type": "Input",
"DataType": "System.String"
},
{
"Name": "CreateParent",
"Type": "Input",
"DataType": "System.Boolean"
}
]
}
CheckGroup
This command checks if a group with parameter DN exists in the AD.
| Address | Description |
|---|---|
| AD.CheckGroup | Checks if group exists in AD |
Input parameters
| Parameter | Description | Data Type |
|---|---|---|
| DN | Distinguished Name without LDAP://host/ | System.String |
| CheckOnlyGroup | Check only with CN instead of DN | System.Boolean |
Output parameters
| Parameter | Description | Data Type |
|---|---|---|
| GroupExists | True if Group exists, else false | System.Boolean |
Example:
{
"Id": "2A42F95A-E6D7-4A3D-A800-F215B163DFE2",
"Name": "CheckGroup",
"Type": "CommandNode",
"Address": "AD.CheckGroup",
"Arguments": [
{
"Name": "DN",
"Type": "Input",
"DataType": "System.String"
},
{
"Name": "CheckOnlyGroup",
"Type": "Input",
"DataType": "System.Boolean"
},
{
"Name": "GroupExists",
"Type": "Output",
"DataType": "System.Boolean"
}
]
}
GetGroup
This command returns group attributes.
| Address | Description |
|---|---|
| AD.GetGroup | Get groups attributes from AD object |
Input parameters
| Parameter | Description | Data Type |
|---|---|---|
| DN | Distinguished Name without LDAP://host/ | System.String |
Output parameters
| Parameter | Description | Data Type |
|---|---|---|
| Description | Groups description (optional) | System.String |
Example:
{
"Id": "13297290-E845-42D6-B37A-9FBC6F45283E",
"Name": "GetGroup",
"Type": "CommandNode",
"Address": "AD.GetGroup",
"Arguments": [
{
"Name": "DN",
"Type": "Input",
"DataType": "System.String"
},
{
"Name": "Name",
"Type": "Output",
"DataType": "System.String"
},
{
"Name": "Description",
"Type": "Output",
"DataType": "System.String"
}
]
}
MoveGroup
This command moves a group object to another parent OU.
| Address | Description |
|---|---|
| AD.MoveGroup | Moves a group to another OU parent |
Input parameters
| Parameter | Description | Data Type |
|---|---|---|
| DN | New distinguished Name without LDAP://host/ | System.String |
| CreateParent | Create Parent OU’s if not exists (optional) | System.Boolean |
Example:
{
"Id": "838BF69A-B0D4-4318-BF18-22CE13BC3EA8",
"Name": "MoveGroup",
"Type": "CommandNode",
"Address": "AD.MoveGroup",
"Arguments": [
{
"Name": "DN",
"Type": "Input",
"DataType": "System.String"
},
{
"Name": "CreateParent",
"Type": "Input",
"DataType": "System.Boolean"
}
]
}
RemoveGroup
This command removes a group object from AD.
| Address | Description |
|---|---|
| AD.RemoveGroup | Removes a group from AD |
Input parameters
| Parameter | Description | Data Type |
|---|---|---|
| DN | Distinguished Name without LDAP://host/ | System.String |
Example:
{
"Id": "7B96AA7D-C45F-47D4-9AB6-AA13CF4E2400",
"Name": "RemoveGroup",
"Type": "CommandNode",
"Address": "AD.RemoveGroup",
"Arguments": [
{
"Name": "DN",
"Type": "Input",
"DataType": "System.String"
}
]
}
RemoveAllGroupMembers
This command removes all members of a group object in the AD.
| Address | Description |
|---|---|
| AD.RemoveAllGroupMembers | Removes all group members from AD group |
Input parameters
| Parameter | Description | Data Type |
|---|---|---|
| DN | Distinguished Name without LDAP://host/ | System.String |
Example:
{
"Id": "B6E803F2-A366-4828-B9B5-69C5AB15C13B",
"Name": "RemoveAllGroupMembers",
"Type": "CommandNode",
"Address": "AD.RemoveAllGroupMembers",
"Arguments": [
{
"Name": "DN",
"Type": "Input",
"DataType": "System.String"
}
]
}
UpdateGroup
This command updates group attributes.
| Address | Description |
|---|---|
| AD.UpdateGroup | Update group attributes |
Input parameters
| Parameter | Description | Data Type |
|---|---|---|
| DN | Distinguished Name without LDAP://host/ | System.String |
| Description | Group description (optional) | System.String |
Example:
{
"Id": "EC1C3AFC-1AF6-46F6-8CDD-0D455D1D0DD1",
"Name": "UpdateGroup",
"Type": "CommandNode",
"Address": "AD.UpdateGroup",
"Arguments": [
{
"Name": "DN",
"Type": "Input",
"DataType": "System.String"
},
{
"Name": "Description",
"Type": "Input",
"DataType": "System.String"
}
]
}
GetGroupMembers
This command returns group members as a list of DN’s.
| Address | Description |
|---|---|
| AD.GetGroupMembers | Get group members |
Input parameters
| Parameter | Description | Data Type |
|---|---|---|
| DN | Distinguished Name without LDAP://host/ | System.String |
Output parameters
| Parameter | Description | Data Type |
|---|---|---|
| Members | Distinguished names of group members | System.String[] |
Example:
{
"Id": "390C4270-0D6D-4AB2-97E0-0EC654C5E867",
"Name": "GetGroupMembers",
"Type": "CommandNode",
"Address": "AD.GetGroupMembers",
"Arguments": [
{
"Name": "DN",
"Type": "Input",
"DataType": "System.String"
},
{
"Name": "Members",
"Type": "Output",
"DataType": "System.String[]"
}
]
}
OU Commands
Describes all commands for organizational units in the active directory plugin.
CreateOU
This command creates an organizational unit in the AD, defined by his
distinguished name DN.
The DN is defined by the following syntax:
“OU=��“\[A-Za-z0-9\_-\]{1,64}“,\[OU=“\[A-Za-z0-9\]{1,64\]{1,10}“,DC=“\[A-Za-z0-9\]{1,64\]{2,5}
Example:
“OU=MarketingUsers,OU=Users,OU=Marketing,OU=MyOrg,DC=login,DC=myorg,DC=com“
Be Aware
The child names must be unique (OU=<ouname>,OU=<ouparentname>).
| Address | Description |
|---|---|
| AD.CreateOU | Creates an OU in AD |
Input parameters
| Parameter | Description | Data Type |
|---|---|---|
| DN | Distinguished Name without LDAP://host/ | System.String |
| Description | OU description (optional) | System.String |
Example:
{
"Id": "709999E2-E0E1-42BD-B705-B6D23CEA3240",
"Name": "CreateOU",
"Type": "CommandNode",
"Address": "AD.CreateOU",
"Arguments": [
{
"Name": "DN",
"Type": "Input",
"DataType": "System.String"
},
{
"Name": "Description",
"Type": "Input",
"DataType": "System.String"
}
]
}
GetDomainOUs
This command returns all user created OUs under the domain root level.
| Address | Description |
|---|---|
| AD.GetDomainOUs |
Input parameters
| Parameter | Description | Data Type |
|---|---|---|
| DomainDN | Distinguished Name without LDAP://host/ of the domain e.g. DC=test,DC=com | System.String |
Output parameters
| Parameter | Description | Data Type |
|---|---|---|
| Item | Item holding the serialized json of the found OUs | System.String |
Example:
{
"Id": "{81AE4A1B-10A7-4AC2-B34D-8F2C33987372}",
"Name": "GetDomainOUs",
"Type": "CommandNode",
"Address": "AD.GetDomainOUs",
"Arguments": [
{
"Name": "DomainDN",
"Type": "Input",
"DataType": "System.String"
},
{
"Name": "Item",
"Type": "Output",
"DataType": "System.String"
}
]
}
CreateOUExt
This command creates an organizational unit in the AD, defined by his distinguished name “DN” and the parent OU when not exists.
| Address | Description |
|---|---|
| AD.CreateOUExt | Creates an OU in AD |
Input parameters
| Parameter | Description | Data Type |
|---|---|---|
| DN | Distinguished Name without LDAP://host/ | System.String |
| Description | OU description (optional) | System.String |
| CreateParent | CreateParent if not exists | System.Boolean |
Example:
{
"Id": "b43606c7-6743-4732-8830-bf623f31f43b",
"Name": "CreateOUExt",
"Type": "CommandNode",
"Address": "AD.CreateOUExt",
"Arguments": [
{
"Name": "DN",
"Type": "Input",
"DataType": "System.String"
},
{
"Name": "Description",
"Type": "Input",
"DataType": "System.String"
},
{
"Name": "CreateParent",
"Type": "Input",
"DataType": "System.Boolean"
}
]
}
CheckOU
This command checks if an OU with parameter DN exists in the AD.
| Address | Description |
|---|---|
| AD.CheckOU | Checks if OU exists in AD |
Input parameters
| Parameter | Description | Data Type |
|---|---|---|
| DN | Distinguished Name without LDAP://host/ | System.String |
Output parameters
| Parameter | Description | Data Type |
|---|---|---|
| OUExists | True if OU exists, else false | System.Boolean |
Example:
{
"Id": "A89F262A-A36F-4675-A767-5D3F68D81590",
"Name": "CheckOU",
"Type": "CommandNode",
"Address": "AD.CheckOU",
"Arguments": [
{
"Name": "DN",
"Type": "Input",
"DataType": "System.String"
},
{
"Name": "OUExists",
"Type": "Output",
"DataType": "System.Boolean"
}
]
}
RemoveOU
This command removes an OU with parameter DN from AD.
| Address | Description |
|---|---|
| AD.RemoveOU | Checks if OU exists in AD |
Input parameters
| Parameter | Description | Data Type |
|---|---|---|
| DN | Distinguished Name without LDAP://host/ | System.String |
Example:
{
"Id": "4EEDABA9-4E44-4C6F-8907-FFF911241FA5",
"Name": "RemoveOU",
"Type": "CommandNode",
"Address": "AD.RemoveOU",
"Arguments": [
{
"Name": "DN",
"Type": "Input",
"DataType": "System.String"
}
]
}
GetOUChilds
This command gets all OU children of type user, group, computer and OU. It returns a list of DNs.
| Address | Description |
|---|---|
| AD.GetOUChilds | Returns a list of DNs |
Input parameters
| Parameter | Description | Data Type |
|---|---|---|
| DN | Distinguished Name without LDAP://host/ | System.String |
Output parameters
| Parameter | Description | Data Type |
|---|---|---|
| Childs | List of DNs | System.String[] |
Example:
{
"Id": "3DDAA7EC-6A03-47E6-AA32-046E5E2549FA",
"Name": "GetOUChilds",
"Type": "CommandNode",
"Address": "AD.GetOUChilds",
"Arguments": [
{
"Name": "DN",
"Type": "Input",
"DataType": "System.String"
},
{
"Name": "Childs",
"Type": "Output",
"DataType": "System.String[]"
}
]
}
GetOUChildComputers
This command gets all OU children of type computer. It returns a list of DNs.
| Address | Description |
|---|---|
| AD.GetOUChildComputers | Returns a list of DNs |
Input parameters
| Parameter | Description | Data Type |
|---|---|---|
| DN | Distinguished Name without LDAP://host/ | System.String |
Output parameters
| Parameter | Description | Data Type |
|---|---|---|
| ChildComputers | List of DNs | System.String[] |
Example:
{
"Id": "7066D197-142D-46AA-99DD-5C2173A8994E",
"Name": "GetOUChildComputers",
"Type": "CommandNode",
"Address": "AD.GetOUChildComputers",
"Arguments": [
{
"Name": "DN",
"Type": "Input",
"DataType": "System.String"
},
{
"Name": "ChildComputers",
"Type": "Output",
"DataType": "System.String[]"
}
]
}
GetOUChildGroups
This command gets all OU children of type group. It returns a list of DNs.
| Address | Description |
|---|---|
| AD.GetOUChildGroups | Returns a list of DNs |
Input parameters
| Parameter | Description | Data Type |
|---|---|---|
| DN | Distinguished Name without LDAP://host/ | System.String |
Output parameters
| Parameter | Description | Data Type |
|---|---|---|
| ChildGroups | List of DNs | System.String[] |
Example:
{
"Id": "BD202E65-B447-43BB-B1AF-64E2DC197873",
"Name": "GetOUChildGroups",
"Type": "CommandNode",
"Address": "AD.GetOUChildGroups",
"Arguments": [
{
"Name": "DN",
"Type": "Input",
"DataType": "System.String"
},
{
"Name": "ChildGroups",
"Type": "Output",
"DataType": "System.String[]"
}
]
}
GetOUChildUsers
This command gets all OU children of type user. It returns a list of DNs.
| Address | Description |
|---|---|
| AD.GetOUChildUsers | Returns a list of DNs |
Input parameters
| Parameter | Description | Data Type |
|---|---|---|
| DN | Distinguished Name without LDAP://host/ | System.String |
Output parameters
| Parameter | Description | Data Type |
|---|---|---|
| ChildUsers | List of DNs | System.String[] |
Example:
{
"Id": "50009C22-E9DF-4286-BA94-E388EEA4C9B6",
"Name": "GetOUChildUsers",
"Type": "CommandNode",
"Address": "AD.GetOUChildUsers",
"Arguments": [
{
"Name": "DN",
"Type": "Input",
"DataType": "System.String"
},
{
"Name": "ChildUsers",
"Type": "Output",
"DataType": "System.String[]"
}
]
}
GetOUChildOUs
This command gets all OU children of type OUs. It returns a list of DNs.
| Address | Description |
|---|---|
| AD.GetOUChildOUs | Returns a list of DNs |
Input parameters
| Parameter | Description | Data Type |
|---|---|---|
| DN | Distinguished Name without LDAP://host/ | System.String |
Output parameters
| Parameter | Description | Data Type |
|---|---|---|
| ChildOUs | List of DNs | System.String[] |
Example:
{
"Id": "B66CAB75-BDF5-4A6A-890D-3183EDEAE929",
"Name": "GetOUChildOUs",
"Type": "CommandNode",
"Address": "AD.GetOUChildOUs",
"Arguments": [
{
"Name": "DN",
"Type": "Input",
"DataType": "System.String"
},
{
"Name": "ChildOUs",
"Type": "Output",
"DataType": "System.String[]"
}
]
}
GetOULinkedGPOs
This command gets all OU children of type OUs. It returns a list of DNs.
| Address | Description |
|---|---|
| AD.GetOULinkedGPOs | Returns a list of GPO Names |
Input parameters
| Parameter | Description | Data Type |
|---|---|---|
| DN | Distinguished Name without LDAP://host/ | System.String |
Output parameters
| Parameter | Description | Data Type |
|---|---|---|
| GPOs | List of GPOs | System.String[] |
Example:
{
"Id": "2848E461-BC92-4439-B071-353C3DEFA8A5",
"Name": "GetOULinkedGPOs",
"Type": "CommandNode",
"Address": "AD.GetOULinkedGPOs",
"Arguments": [
{
"Name": "DN",
"Type": "Input",
"DataType": "System.String"
},
{
"Name": "GPOs",
"Type": "Output",
"DataType": "System.String[]"
}
]
}
Computer Commands
Describes all computer commands in the active directory plugin.
CreateComputer
This command creates a computer account in the AD, defined by his distinguished name “DN”.
The “DN” is defined by the following syntax:
“CN=“\[A-Za-z0-9-\]{1,64}“,\[OU=“\[A-Za-z0-9\]{1,64\]{1,10}“,DC=“\[A-Za-z0-9\]{1,64\]{2,5}
Example:
“CN=MYCOMPUTER-001,OU=Users,OU=Marketing,OU=MyOrg,DC=login,DC=myorg,DC=com“
Be Aware
The canonical name (
CN=<computer>) inDNmust be unique in the domain.
| Address | Description |
|---|---|
| AD.CreateComputer | Creates a computer in AD |
Input parameters
| Parameter | Description | Data Type |
|---|---|---|
| DN | Distinguished Name without LDAP://host/ | System.String |
| Description | Computer description (optional) | System.String |
| CreateParent | Create parent OU’s if not exists (optional) | System.Boolean |
Example:
{
"Id": "F9256A94-DB65-4D73-A04F-F7FD772E09FE",
"Name": "CreateComputer",
"Type": "CommandNode",
"Address": "AD.CreateComputer",
"Arguments": [
{
"Name": "DN",
"Type": "Input",
"DataType": "System.String"
},
{
"Name": "Description",
"Type": "Input",
"DataType": "System.String"
},
{
"Name": "CreateParent",
"Type": "Input",
"DataType": "System.Boolean"
}
]
}
CheckComputer
This command checks if a computer with parameter DN exists in the AD.
| Address | Description |
|---|---|
| AD.CheckComputer | Checks if computer exists in AD |
Input parameters
| Parameter | Description | Data Type |
|---|---|---|
| DN | Distinguished Name without LDAP://host/ | System.String |
Output parameters
| Parameter | Description | Data Type |
|---|---|---|
| ComputerExists | True if computer exists, else false | System.Boolean |
| ObjectGuid | Unique identifier of domain | System.Guid |
Example:
{
"Id": "35174B7F-7B5C-4DB5-8BB9-3618BAA49C9B",
"Name": "CheckComputer",
"Type": "CommandNode",
"Address": "AD.CheckComputer",
"Arguments": [
{
"Name": "DN",
"Type": "Input",
"DataType": "System.String"
},
{
"Name": "ComputerExists",
"Type": "Output",
"DataType": "System.Boolean"
},
{
"Name": "ObjectGuid",
"Type": "Output",
"DataType": "System.Guid"
}
]
}
MoveComputer
This command moves a computer object to another parent OU.
| Address | Description |
|---|---|
| AD.MoveComputer | Moves a computer to another OU parent |
Input parameters
| Parameter | Description | Data Type |
|---|---|---|
| DN | New distinguished Name without LDAP://host/ | System.String |
| CreateParent | Create Parent OU’s if not exists (optional) | System.Boolean |
Example:
{
"Id": "01ACF068-EDBC-4319-9C03-C9FD6D5726E1",
"Name": "MoveComputer",
"Type": "CommandNode",
"Address": "AD.MoveComputer",
"Arguments": [
{
"Name": "DN",
"Type": "Input",
"DataType": "System.String"
},
{
"Name": "CreateParent",
"Type": "Input",
"DataType": "System.Boolean"
}
]
}
RemoveComputer
This command removes a computer object from AD.
| Address | Description |
|---|---|
| AD.RemoveComputer | Removes a computer from AD |
Input parameters
| Parameter | Description | Data Type |
|---|---|---|
| DN | Distinguished Name without LDAP://host/ | System.String |
Example:
{
"Id": "2850B3E9-30E5-4BE8-9DAA-C37CF6D3E7A4",
"Name": "RemoveComputer",
"Type": "CommandNode",
"Address": "AD.RemoveComputer",
"Arguments": [
{
"Name": "DN",
"Type": "Input",
"DataType": "System.String"
}
]
}