Active Directory User Retrieve VERSION 3


This handler will use the server information and user credentials configured in the task info values to authenticate and connect to the specified Active Directory server (using LDAP) and search for the user based on the search parameters provided. If User Logon is the 'search by' parameter, the handler looks for a '@' symbol in the User Logon to determine how to search for the User Logon name. A '@' symbol indicates a search for the LDAP attribute userPrincipalName (up to 100 characters) while the absence of the '@' symbol will result in a search for the LDAP attribute sAMAccountName (pre-Windows 2000).

  • If 'Distinguished Name' is selected, the 'distinguishedName' attribute will be used directly to retrieve the User entry.

  • If 'Full Name' is selected, the 'cn' attribute will be used to retrieve the User entry.

  • If 'User Name' is selected, the 'userprincipalname' value will be used if the "Search Value" parameter includes an '@' sign (IE john.doe@domain.com) and the 'samaccountname' will be used if it does not (IE john.doe).

  • If 'Email Address' is selected, the 'mail' attribute will be used to retrieve the User entry.

This handler will fail if the user is not found, or if more than one result is found.


Parameters

NameDescription
Search ByChoose which attribute of the user to search by
Search ValueThe actual search expression to search for

Sample Configuration

NameDescription
Search ByUser Logon
Search Value<%=@answers['ReqFor Login ID']%>

Results

NameSample Result
Distinguished NameThe globally-unique text string for this user in
First NameThe first name of the user
Last NameThe last name of the user
Full NameThe full name of the user
Manager DNThe DN of the user's manager
InitialsThe initials for the user
DescriptionUser description field
OfficeA string representing the location of the user's
TelephoneThe primary telephone number of the user
Email AddressThe email address of the user.
User LogonThe User Logon name
User Principal NameThe User Principal name
Account EnabledTrue or False, whether the account is enabled.
TitleThe user's job title.
DepartmentThe primary department that the user is a member of
CompanyThe name of the company that the user is employed by

Changelog

Active Directory User Retrieve V3 (2015-08-03)

* Added ability to check if account is enabled or disabled.

Active Directory User Retrieve V2 (2014-08-05)

* Changed the password info value to be encrypted.

Active Directory User Retrieve V1 (2011-01-17)

* Initial version. See README for details.