Microsoft Active Directory V2 (Enterprise)
App Vendor: Microsoft
App Category: Authentication, Identity Access Management, Identity and Access Management (IAM)
App Version: 3.0.0
API Version: 1.1.1
About App
This app provides integration with Microsoft Active Directory through LDAP. Active Directory (AD) is a Microsoft product that consists of several services that run on Windows Server to manage permissions and access to networked resources. This app uses LDAP v3.
The Microsoft Active Directory V2 (Enterprise) app is configured with Cyware Orchestrate to perform the following actions:
Action Name | Description |
|---|---|
Add Computer To Group | This action adds a computer to a group in AD. |
Add User To Group | This action adds a user to a group in the AD application. |
Change User State | This action changes a user's state in the AD application. |
Create Group | This action creates a group in the AD application. |
Create User | This action creates a user in the AD application. |
Disable user account | This action disables a user account. |
Enable account | This action enables the user account. |
Expire password | This action expires the user's password. |
Get A List Of Computers | This action retrieves a list of all computers from the AD application. |
Get A List Of Group Members | This action retrieves a list of group members from the AD application. |
Get A List Of Groups | This action retrieves a list of groups from the AD application. |
Get A List Of Organizational Units | This action retrieves a list of organizational units from the AD application. |
Get A List Of Users | This action retrieves a list of all users from the AD application. |
Get Details Of A Computer | This action retrieves the details of a computer from the AD application. |
Get Details Of A Group | This action retrieves details of a group from the AD application. |
Get Details Of An Organizational Unit | This action retrieves the details of an organizational unit from the AD application. |
Get Details Of A User | This action retrieves the details of a user from the AD application. |
LDAP Query | This action performs an LDAP query in the AD application. |
Move Computer To Another Organizational Unit | This action moves a computer to another organizational unit in the AD application. |
Move User To Another Organizational Unit | This action moves a user to another organizational unit in the AD application. |
Remove Computer From Group | This action removes a computer from a group in the AD application. |
Remove User From Group | This action removes a user from a group in the AD application. |
Set user password | This action sets the user's password. |
Update User Details | This action updates the details of a user account. |
Configuration Parameters
The following configuration parameters are required for the Microsoft Active Directory V2 (Enterprise) app to communicate with the Microsoft Active Directory V2 (Enterprise) application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
AD Server | Enter the IP address or domain of the Active Directory. Example: 192.168.1.10 or adserver.com | Text | Required | |
Username | Enter the username in either domain\username or username format. Example: adserver.com\admin or admin | Text | Required | |
Password | Enter the password to authenticate. | Password | Required | |
Port | Enter the port number used to connect to the directory server. Example: 389 | Integer | Required | |
Search Base | Specify the base DN from which the directory search should begin. Example: dc=example,dc=com | Text | Required | |
Verify | Choose your preference to verify SSL or TLS while making requests. It is recommended to set this option to yes. Passing no may result in connection errors. | Boolean | Optional | Allowed values: true and false By default, verification is disabled. |
Auth Type | Select the authentication method to be used when connecting to the directory. Example: simple | Text | Optional | Allowed values: ntlm, simple |
Timeout | Enter the timeout value in seconds. This is the number of seconds that requests will wait to establish a connection with Microsoft Active Directory V2 (Enterprise). | Integer | Optional | Allowed range: 15-120 seconds Default timeout: 15 seconds |
Certificate File | Upload a valid .cer or .pem certificate file for secure (SSL) connections. | File | Optional | This parameter is required when Verify is enabled, and the auth type is set to SIMPLE. |
Action: Add Computer To Group
This action adds a computer to a group in the AD application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Computer DN | Enter the computer's Distinguished Name (DN). Example: CN=87A-Desktop,OU=NewActive,DC=adtestlab,DC=com | Text | Required | You can retrieve the computer DN using the Get a List of Computers action. |
Group DN | Enter the group's Distinguished Name (DN). Example: CN=New Group4,OU=Acme,DC=adtestlab,DC=com | Text | Required | You can retrieve the group DN using the Get a List of Groups action. |
Example Request
[
{
"group_dn": "CN=New Group4,OU=Acme,DC=adtestlab,DC=com",
"computer_dn": "CN=87A-Desktop,OU=NewActive,DC=adtestlab,DC=com"
}
]Action: Add User To Group
This action adds a user to a group in the AD application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
User DN | Enter the user Distinguished Name (DN). Example: CN=New.User8,OU=NewActive,DC=adtestlab,DC=com | Text | Required | You can retrieve the user DN using the Get A List of Users action. |
Group DN | Input the group Distinguished Name (DN). Example: CN=New Group4,OU=Acme,DC=adtestlab,DC=com | Text | Required | You can retrieve the group DN using the Get a List of Groups action. |
Example Request
[
{
"user_dn": "CN=New.User8,OU=NewActive,DC=adtestlab,DC=com",
"group_dn": "CN=New Group4,OU=Acme,DC=adtestlab,DC=com"
}
]Action: Change User State
This action updates a user's state in the AD application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
User DN | Enter the user Distinguished Name (DN). Example: CN=New.User9,OU=NewActive,DC=adtestlab,DC=com | Text | Required | You can retrieve the user DN using the Get A List of Users action. |
State | Input the state as unlock. Example: Unlock | Text | Required |
Example Request
[
{
"state": "Unlock",
"user_dn": "CN=New.User9,OU=NewActive,DC=adtestlab,DC=com"
}
]Action: Create Group
This action creates a group in the AD application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Group DN | Enter the group Distinguished Name (DN). Example: CN=New Group5,OU=Acme,DC=adtestlab,DC=com | Text | Required | You can retrieve the group DN using the Get A List of Groups action. |
Group Name | Enter the group name. Example: Managers | Text | Required | |
Group Type | Input the group type. Example: Administrators | Text | Required |
Example Request
[
{
"group_dn": "CN=New Group5,OU=Acme,DC=adtestlab,DC=com",
"group_name": "Managers",
"group_type": "Administrators"
}
]Action: Create User
This action creates a user in the AD application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
User DN | Enter the user Distinguished Name(DN). Example: CN=New.User9,OU=NewActive,DC=adtestlab,DC=com | Text | Required | You can retrieve the user DN using the Get A List Of Users action. |
Username | Enter the username. Example: testuser@sampledomain.com | Text | Required | |
Custom Attributes | Enter custom attributes as a key:value list. | Key Value | Required | Allowed keys: displayname, description, mail, telephonenumber, title, userpassword |
Example Request
[
{
"user_dn": "CN=New.User9,OU=NewActive,DC=adtestlab,DC=com",
"username": "testuser@sampledomain.com",
"custom_attributes": {
"displayName": "new user9"
}
}
]Action: Disable user account
This action disables a user account.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Distinguished Name | Enter the user's distinguished name (DN) to disable the account. Example: cn=john doe,cn=users,dc=example,dc=com | Text | Optional | |
Enter user name | Enter SamAccountName. | Text | Optional |
Example Request
[
{
"samaccountname": "john"
}
]Action: Enable account
This action enables a user's account.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Distinguished Name | Enter the user's distinguished name to enable the account. Example: cn=john doe,cn=users,dc=example,dc=com | Text | Optional | |
Enter user name | Enter SamAccountName. Example: john_doe | Text | Optional |
Example Request
[
{
"samaccountname": "john_doe"
}
]Action: Expire password
This action expires the user's password.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Enter user name | Enter the SamAccountName of the user to expire the password of the user. Example: john_doe | Text | Required |
Example Request
[
{
"samaccountname": "john_doe"
}
]Action: Get A List Of Computers
This action retrieves a list of all computers from the AD application.
Action Input Parameters
This action does not require any input parameters.
Action: Get A List Of Group Members
This action retrieves a list of group members from the AD application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Group DN | Enter the group DN to retrieve group members. Example: CN=Users,CN=Builtin,DC=adtestlab,DC=com | Text | Required | |
Member Type | Enter the member type to list group members. Example: Executive | Text | Optional | The default value is person. |
Attributes | Enter the list of attributes to include for each group member in the response. Example: $LIST[name,memberof] | List | Optional |
Example Request
[
{
"group_dn": "CN=Users,CN=Builtin,DC=adtestlab,DC=com",
"member_type": "Executive"
}
]Action: Get A List Of Groups
This action retrieves a list of groups from the AD application.
Action Input Parameters
This action does not require any input parameters.
Action: Get A List Of Organizational Units
This action retrieves a list of organizational units from the AD application.
Action Input Parameters
This action does not require any input parameters.
Action: Get A List Of Users
This action retrieves a list of all users from the AD application.
Action Input Parameters
This action does not require any input parameters.
Action: Get Details Of A Computer
This action retrieves the details of a computer from the AD application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Computer Name | Enter the computer name to retrieve the details from the AD application. Example: Desktop-A12 | Text | Optional | |
SamAccountName to search for | Enter the samaccountname to search for the details of a computer. Example: daniel | Text | Optional | |
Query Parameters | Enter the search parameter other than name and samaccountname. Example: search=displayName:Browser | Key Value | Optional | |
Partial Search | Choose true to allow searching for computer details that partially match. This may take longer to retrieve results. | Boolean | Optional | The default value is false. |
Example Request
[
{
"partial_search": true,
"samaccountname": "daniel"
}
]Action: Get Details Of A Group
This action retrieves the details of a group from the AD application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Group Name | Enter the group name to retrieve the details from the AD application. Example: sample group | Text | Optional | |
SamAccountName to search for | Enter the samaccountname to search for the details of a group. Example: daniel | Text | Optional | |
Query Parameters | Enter parameters to search other than name and samaccountname. | Key Value | Optional | |
Partial Search | Choose true to allow searching for group details that partially match. This may take longer to retrieve results. | Boolean | Optional | The default value is false. |
Example Request
[
{
"partial_search": true,
"samaccountname": "sample group"
}
]Action: Get Details Of An Organizational Unit
This action retrieves the details of an organizational unit from the AD application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Organizational Unit Name | Enter the organizational unit name. | Text | Required |
Action: Get Details Of A User
This action retrieves the details of a user from the AD application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
User Name to search for | Enter the user name to retrieve the details of the user from the AD application. Example: daniel | Text | Optional | |
SamAccountName to search for | Enter the samaccountname of the user. Example: dan | Text | Optional | |
Query Parameters | Enter the query parameters to search other than name and samaccountname. Example: search=displayName:Browser | Key Value | Optional | |
Partial Search | Select the option to enable partial search. | Boolean | Optional | The default value is false |
Example Request
[
{
"name": "daniel",
"partial_search": true,
"samaccountname": "dan"
}
]Action: LDAP Query
This action performs an LDAP query in the AD application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Search Filter | Enter a search filter to perform an LDAP query. Example: (&(objectclass=person)(objectclass=user)) | Any | Required | |
Attribute | Enter the attributes. Example: $LIST[cn] | Any | Optional | |
Search Scope | Enter the search scope. Example: SUBTREE | Text | Optional |
Example Request
[
{
"search_scope": "SUBTREE",
"search_filter": "(|(sAMAccountName=administrator))"
}
]Action: Move Computer To Another Organizational Unit
This action moves a computer to another Organizational Unit in the AD application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Computer DN | Enter the computer Distinguished Name (DN) to move the computer to another OU. Example: CN=87A-Desktop,OU=NewActive,DC=adtestlab,DC=com | Text | Required | You can retrieve the computer DN using the Get A List Of Computers action. |
Organizational Unit DN | Enter the organization unit Distinguished Name (DN). Example: OU=NewActive,DC=adtestlab,DC=com | Text | Required | You can retrieve the organization DN using the Get A List OF Organizational Unit. |
Example Request
[
{
"ou_dn": "OU=NewActive,DC=adtestlab,DC=com",
"computer_dn": "CN=87A-Desktop,OU=NewActive,DC=adtestlab,DC=com"
}
]Action: Move User To Another Organizational Unit
This action can be used to move a user to another Organizational Unit in the AD application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
User DN | Enter the user Distinguished Name (DN) to move the user to another Organizational Unit (OU). Example: CN=New.User8,OU=NewActive,DC=adtestlab,DC=com | Text | Required | You can retrieve the user DN using the Get A List Of Users. |
Organizational Unit DN | Enter the organizational unit Distinguished Name (DN). Example: OU=NewActive,DC=adtestlab,DC=com | Text | Required | You can retrieve the organizational unit DN using the Get A List Of Organizational Units action. |
Example Request
[
{
"ou_dn": "OU=NewActive,DC=adtestlab,DC=com",
"user_dn": "CN=New.User8,OU=NewActive,DC=adtestlab,DC=com"
}
]Action: Remove Computer From Group
This action removes a computer from a group in the AD application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Computer DN | Enter the computer's Distinguished Name (DN) to remove the computer from a group. Example: CN=87A-Desktop,OU=NewActive,DC=adtestlab,DC=com | Text | Required | You can retrieve the computer DN using the Get A List Of Computers action. |
Group DN | Enter the group's Distinguished Name (DN) to remove the computer from a group. Example: CN=New Group4,OU=Acme,DC=adtestlab,DC=com | Text | Required | You can retrieve the group DN using the Get A List Of Groups action. |
Example Request
[
{
"group_dn": "CN=New Group4,OU=Acme,DC=adtestlab,DC=com",
"computer_dn": "CN=87A-Desktop,OU=NewActive,DC=adtestlab,DC=com"
}
]Action: Remove User From Group
This action removes a user from a group in the AD application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
User DN | Enter the user Distinguished Name (DN) to remove users from a group. Example: CN=New.User8,OU=NewActive,DC=adtestlab,DC=com | Text | Required | You can retrieve the user DN using the Get A List Of Users action. |
Group DN | Enter the group Distinguished Name (DN) to remove users from a group. | Text | Required | You can retrieve the group DN using the Get A List Of Groups action. |
Example Request
[
{
"user_dn": "CN=New.User8,OU=NewActive,DC=adtestlab,DC=com",
"group_dn": "CN=New Group4,OU=Acme,DC=adtestlab,DC=com"
}
]Action: Set User Password
This action sets a user's password
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Enter user name | Enter the SamAccountName of the user to set the password. Example: john | Text | Required | |
Enter password | Enter the password for the user. | Password | Required |
Example Request
[
{
"samaccountname": "john",
"new_password": "psswdnew"
}
]Action: Update User Details
This action updates the details of a user account.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Distinguished Name | Enter the user's distinguished name (DN) to identify the account. Example: cn=john doe,cn=users,dc=example,dc=com | Text | Required | |
Custom Attributes | Enter the user attributes to update as key-value pairs. Example: displayname: john doe | Key Value | Required | Allowed keys: displayname, description, mail, telephonenumber, title, and userpassword |
Example Request
[
{
"user_dn": "CN=New.User9,OU=NewActive,DC=adtestlab,DC=com",
"custom_attributes": {
"displayName": "new user9"
}
}
]Changelog
The following table shows the changelog for each app version:
Version | Changes |
|---|---|
v3.0.0 |
|