4.4.13 Add a user to the Active Directory instance
Function
This plugin can add a user to the Active Directory instance of the specified server.
The required server is shown as follows:
- Execution-target server
This is a server on which this plugin runs. The Active Directory instance as described in the prerequisites must have been set up.
The scripts in this plugin perform the following processing:
- Execute the following command.
dsadd user
user-name (the value of the Windows.userName property)
[-upn user-principal-name] (the value of the Windows.userPrincipalName property)
[-fn first-name] (the value of the Windows.firstName property)
[-mi initials] (the value of the Windows.initial property)
[-fn last-name] (the value of the Windows.lastName property)
[-display displayed-name] (the value of the Windows.displayName property)
[-empid employee-ID] (the value of the Windows.employeeID property)
-pwd password (the value of the Windows.accountPassword property)
[-desc description] (the value of the Windows.description property)
[-memberof name-of-belonging-group] (the value of the Windows.memberOf property)
[-office office-name] (the value of the Windows.office property)
[-tel telephone-number] (the value of the Windows.officePhone property)
[-email email-address] (the value of the Windows.emailAddress property)
[-hometel home-phone-number] (the value of the Windows.homePhone property)
[-pager pager-number] (the value of the Windows.pagerNumber property)
[-mobile mobile-phone-number] (the value of the Windows.mobilePhone property)
[-fax fax-number] (the value of the Windows.faxNumber property)
[-iptel IP-phone-number] (the value of the Windows.ipPhone property)
[-webpg Web-page-URL] (the value of the Windows.webURL property)
[-title business-title] (the value of the Windows.title property)
[-dept department-name] (the value of the Windows.department property)
[-company company-name] (the value of the Windows.company property)
[-mgr manager-name] (the value of the Windows.managerName property)
[-hmdir home-folder] (the value of the Windows.homeFolder property)
[-hmdrv drive-letter] (the value of the Windows.driveLetter property)
[-profile profile-path] (the value of the Windows.profilePath property)
[-loscr logon-script-path] (the value of the Windows.scriptPath property)
[-mustchpwd yes] *1
[-canchpwd no] *2
[-reversiblepwd yes] *3
[-pwdneverexpires yes] *4
[-acctexpires remaining-account-expiration-dates] (the value of the Windows.expirationDateValue property)
[-disabled yes] *5
*1: Specified when "true" is set to the Windows.nextPasswordChangeRequired property that specifies whether to change the password for the next logon.
*2: Specified when "true" is set to the Windows.enableChangePassword property that specifies whether to change the password.
*3: Specified when "true" is set to the Windows.reversiblePassword property that specifies whether to enable the encryption restore.
*4: Specified when "true" is set to the Windows.indefinitePassword property that specifies whether to allow a password without an expiration date.
*5: Specified when "true" is set to the Windows.disabledAccount property that specifies whether to disable the account.
For details on the dsadd user command, refer to the descriptions in the Microsoft library.
Use situation
Use this plugin to add a user to the Active Directory instance.
Prerequisites
For the most recent information about the prerequisite product in the system, prerequisite products on the execution-target server, and supported OSs for the execution-target server, see the Release Notes.
Prerequisite product in the system:
JP1/Automatic Operation 11-00 or later
Prerequisite products on the execution-target server:
(1) Active Directory domain service
(2) DNS server
Supported OSs for the execution-target server:
(1) Windows Server 2008 R2 Standard/Enterprise/Datacenter
(2) Windows Server 2012 Standard/Datacenter, Windows Server 2012 R2 Standard/Datacenter
Conditions for using the prerequisite products on the execution-target server:
None
Cautions
(1) Do not specify character strings that include a double quotation mark (") or a single quotation mark (') for the properties of the plugin.
(2) Do not specify only an asterisk (*) to the password (the Windows.accountPassword property).
(3) A maximum of 8,191 characters are valid in the command line of the scripts executed by the plugin. If the command line exceeds 8,191 characters, the additional characters are truncated.
Execution privilege
(1) To access the execution-target server, the user must be a member of the Account Operators group of the Active Directory domain service, the Domain Admins group, or the Enterprise Admins group. If the user is not a member of such a group, the user must have an appropriate permission.
Version
02.00.00
Plug-in tags
Configure Active Directory,Windows,Active Directory
Plug-in name displayed in the task log
adAddUser
Return code
0: Normal
21: Error (environmental error) No command found (An error was detected in the component script.)
27: Error (Check with the task log regarding the error details.) Unidentified error
41: Error (error detected in the component) Property not entered (An error was detected in the component script.)
Property list
The following table lists the properties:
Property key |
Property name |
Description |
Default value |
I/O type |
Required |
---|---|---|---|---|---|
plugin.destinationHost |
Host name of the execution target server |
Specify the host name or IP address of the server on which this plugin will be executed. IPv6 addresses are not supported. |
-- |
Input |
R |
Windows.userName |
User identifier |
Specify the identifier of the user to be added in the format beginning with CN=. |
-- |
Input |
R |
Windows.userPrincipalName |
User principal name |
Specify the user principal name of the user. |
-- |
Input |
O |
Windows.firstName |
Name |
Specify the name of the user |
-- |
Input |
O |
Windows.initial |
Initials |
Specify the initials of the user. |
-- |
Input |
O |
Windows.lastName |
Surname |
Specify the surname of the user. |
-- |
Input |
O |
Windows.displayName |
Display name |
Specify the display name of the user. |
-- |
Input |
O |
Windows.employeeID |
Employee ID |
Specify the employee ID of the user. |
-- |
Input |
O |
Windows.accountPassword |
Password |
Specify the password of the user. |
-- |
Input |
R |
Windows.description |
Description |
Specify the description of the user. |
-- |
Input |
O |
Windows.memberOf |
Identifier of the belonging group |
Specify the group identifier of the user, beginning with CN=. |
-- |
Input |
O |
Windows.office |
Office |
Specify the office of the user. |
-- |
Input |
O |
Windows.officePhone |
Phone number |
Specify the phone number of the user. |
-- |
Input |
O |
Windows.emailAddress |
Email address |
Specify the email address of the user. |
-- |
Input |
O |
Windows.homePhone |
Home phone number |
Specify the home phone number of the user. |
-- |
Input |
O |
Windows.pagerNumber |
Pager number |
Specify the pager number of the user. |
-- |
Input |
O |
Windows.mobilePhone |
Mobile phone number |
Specify the mobile phone number of the user. |
-- |
Input |
O |
Windows.faxNumber |
FAX number |
Specify the FAX number of the user. |
-- |
Input |
O |
Windows.ipPhone |
IP phone number |
Specify the IP phone number of the user. |
-- |
Input |
O |
Windows.webURL |
Web page URL |
Specify the URL of the user's Web page. |
-- |
Input |
O |
Windows.title |
Managerial position |
Specify the managerial position of the user. |
-- |
Input |
O |
Windows.department |
Department |
Specify the department to which the user belongs. |
-- |
Input |
O |
Windows.company |
Company name |
Specify the company name of the user. |
-- |
Input |
O |
Windows.managerName |
Identifier of the superior |
Specify the identifier of the user's superior in the format beginning with CN=. |
-- |
Input |
O |
Windows.homeFolder |
Home folder |
Specify the path of the user's home folder. |
-- |
Input |
O |
Windows.driveLetter |
Drive letter |
If you specify the UNC path for the home folder, specify the drive letter to be assigned in the format of X:. |
-- |
Input |
O |
Windows.profilePath |
Profile path |
Specify the path for the user's profile. |
-- |
Input |
O |
Windows.scriptPath |
Logon script path |
Specify the logon script path of the user. |
-- |
Input |
O |
Windows.nextPasswordChangeRequired |
Whether to change the password at the next logon |
Specify true if the user needs to change the password at the next logon. If you do not specify true, the user does not need to change the password at the next login. |
-- |
Input |
O |
Windows.enableChangePassword |
Whether to enable a password change |
Specify true to enable the user to change the password. If you do not specify true, the user cannot change the password. |
true |
Input |
O |
Windows.reversiblePassword |
Password saving with decodable encryption |
Specify true to save the password with decodable encryption. If something other than true is specified, the password is saved in a state in which the encryption cannot be removed. |
-- |
Input |
O |
Windows.indefinitePassword |
Removing limits for passwords |
Specify "true" to remove all limits for the password. If you do not specify "true", an expiration date is set for the password. |
-- |
Input |
O |
Windows.expirationDateValue |
Number of days for account expiration |
Specify the account expiration date as a number of days starting from when the plug-in is executed. If 0 is specified, the account expires at the end of the day when the plug-in is executed. |
-- |
Input |
O |
Windows.disabledAccount |
Account disabled |
Specify true to disable the account. If you do not specify true, the user account is activated. |
-- |
Input |
O |
common.returnValue |
Return value for the plugin |
The return value of this plugin stored. |
-- |
Output |
O |