4.4.12 Modify user attributes on the Active Directory instance
Function
This plugin can modify user attributes on the Active Directory instance of the specified server.
The required server is shown as follows:
- Execution-target server
This is a server on which this plugin runs. The Active Directory instance as described in the prerequisites must have been set up.
The scripts in this plugin perform the following processing:
- Execute the following command.
dsmod user
user-name (the value of the Windows.userName property)
[-upn user-principal-name] (the value of the Windows.userPrincipalName property)
[-fn first-name] (the value of the Windows.firstName property)
[-mi initials] (the value of the Windows.initial property)
[-fn last-name] (the value of the Windows.lastName property)
[-display displayed-name] (the value of the Windows.displayName property)
[-empid employee-ID] (the value of the Windows.employeeID property)
[-desc description] (the value of the Windows.description property)
[-office office-name] (the value of the Windows.office property)
[-tel telephone-number] (the value of the Windows.officePhone property)
[-email email-address] (the value of the Windows.emailAddress property)
[-hometel home-phone-number] (the value of the Windows.homePhone property)
[-pager pager-number] (the value of the Windows.pagerNumber property)
[-mobile mobile-phone-number] (the value of the Windows.mobilePhone property)
[-fax fax-number] (the value of the Windows.faxNumber property)
[-iptel IP-phone-number] (the value of the Windows.ipPhone property)
[-webpg Web-page-URL] (the value of the Windows.webURL property)
[-title business-title] (the value of the Windows.title property)
[-dept department-name] (the value of the Windows.department property)
[-company company-name] (the value of the Windows.company property)
[-mgr manager-name] (the value of the Windows.managerName property)
[-hmdir home-folder] (the value of the Windows.homeFolder property)
[-hmdrv drive-letter] (the value of the Windows.driveLetter property)
[-profile profile-path] (the value of the Windows.profilePath property)
[-loscr logon-script-path] (the value of the Windows.scriptPath property)
[-mustchpwd {yes|no}] *1
[-canchpwd {yes|no}] *2
[-reversiblepwd {yes|no}] *3
[-pwdneverexpires {yes|no}] *4
[-acctexpires remaining-account-expiration-dates] (the value of the Windows.expirationDateValue property)
[-disabled {yes|no}] *5
*1: "yes" is set if "true" is specified to the Windows.nextPasswordChangeRequired property that specifies whether to change the password for the next logon. Also, "no" is set if "false" is specified to the property. If a value other than "true" or "false" is specified, this option is ignored.
*2: "yes" is set if "true" is specified to the Windows.enableChangePassword property that specifies whether to change the password. Also, "no" is set if "false" is specified to the property. If a value other than "true" or "false" is specified, this option is ignored.
*3: "yes" is set if "true" is specified to the Windows.reversiblePassword property that specifies whether to enable the encryption restore. Also, "no" is set if "false" is specified to the property. If a value other than "true" or "false" is specified, this option is ignored.
*4: "yes" is set if "true" is specified to the Windows.indefinitePassword property that specifies whether to allow a password without an expiration date. Also, "no" is set if "false" is specified to the property. If a value other than "true" or "false" is specified, this option is ignored.
*5: "yes" is set if "true" is specified to the Windows.disabledAccount property that specifies whether to disable the account. Also, "no" is set if "false" is specified to the property. If a value other than "true" or "false" is specified, this option is ignored.
For details on the dsmod user command, refer to the descriptions in the Microsoft library.
Use situation
Use this plugin to modify user attributes on the Active Directory instance.
Prerequisites
For the most recent information about the prerequisite product in the system, prerequisite products on the execution-target server, and supported OSs for the execution-target server, see the Release Notes.
Prerequisite product in the system:
JP1/Automatic Operation 11-00 or later
Prerequisite products on the execution-target server:
(1) Active Directory domain service
(2) DNS server
Supported OSs for the execution-target server:
(1) Windows Server 2008 R2 Standard/Enterprise/Datacenter
(2) Windows Server 2012 Standard/Datacenter, Windows Server 2012 R2 Standard/Datacenter
(3) Windows Server 2016 Standard/Datacenter
(4) Windows Server 2019 Standard/Datacenter
Conditions for using the prerequisite products on the execution-target server:
None
Cautions
(1) Do not specify character strings that include a double quotation mark (") or a single quotation mark (') for the properties of the plugin.
(2) [TODO]
(3) A maximum of 8,191 characters are valid in the command line of the scripts executed by the plugin. If the command line exceeds 8,191 characters, the additional characters are truncated.
Execution privilege
(1) To access the execution-target server, the user must be a member of the Account Operators group of the Active Directory domain service, the Domain Admins group, or the Enterprise Admins group. If the user is not a member of such a group, the user must have an appropriate permission.
Version
02.00.00
Plug-in tags
Configure Active Directory,Windows,Active Directory
Plug-in name displayed in the task log
adChangeUserAttribute
Return code
0: Normal
21: Error (environmental error) No command found (An error was detected in the component script.)
27: Error (Check with the task log regarding the error details.) Unidentified error
41: Error (error detected in the component) Property not entered (An error was detected in the component script.)
Property list
The following table lists the properties:
Property key |
Property name |
Description |
Default value |
I/O type |
Required |
---|---|---|---|---|---|
plugin.destinationHost |
Host name of the execution target server |
Specify the host name or IP address of the server on which this plugin will be executed. IPv6 addresses are not supported. |
-- |
Input |
R |
Windows.userName |
User identifier |
Specify the name of the user whose attributes are to be modified, beginning with CN=. |
-- |
Input |
R |
Windows.userPrincipalName |
User principal name |
Specify the user principal name of the user. |
-- |
Input |
O |
Windows.firstName |
Name |
Specify the name of the user |
-- |
Input |
O |
Windows.initial |
Initials |
Specify the initials of the user. |
-- |
Input |
O |
Windows.lastName |
Surname |
Specify the surname of the user. |
-- |
Input |
O |
Windows.displayName |
Display name |
Specify the display name of the user. |
-- |
Input |
O |
Windows.employeeID |
Employee ID |
Specify the employee ID of the user. |
-- |
Input |
O |
Windows.description |
Description |
Specify the description of the user. |
-- |
Input |
O |
Windows.office |
Office |
Specify the office of the user. |
-- |
Input |
O |
Windows.officePhone |
Phone number |
Specify the phone number of the user. |
-- |
Input |
O |
Windows.emailAddress |
Email address |
Specify the email address of the user. |
-- |
Input |
O |
Windows.homePhone |
Home phone number |
Specify the home phone number of the user. |
-- |
Input |
O |
Windows.pagerNumber |
Pager number |
Specify the pager number of the user. |
-- |
Input |
O |
Windows.mobilePhone |
Mobile phone number |
Specify the mobile phone number of the user. |
-- |
Input |
O |
Windows.faxNumber |
FAX number |
Specify the FAX number of the user. |
-- |
Input |
O |
Windows.ipPhone |
IP phone number |
Specify the IP phone number of the user. |
-- |
Input |
O |
Windows.webURL |
Web page URL |
Specify the URL of the user's Web page. |
-- |
Input |
O |
Windows.title |
Managerial position |
Specify the managerial position of the user. |
-- |
Input |
O |
Windows.department |
Department |
Specify the department to which the user belongs. |
-- |
Input |
O |
Windows.company |
Company name |
Specify the company name of the user. |
-- |
Input |
O |
Windows.managerName |
Identifier of the superior |
Specify the identifier of the user's superior in the format beginning with CN=. |
-- |
Input |
O |
Windows.homeFolder |
Home folder |
Specify the path of the user's home folder. |
-- |
Input |
O |
Windows.driveLetter |
Drive letter |
If you specify the UNC path for the home folder, specify the drive letter to be assigned in the format of X:. |
-- |
Input |
O |
Windows.profilePath |
Profile path |
Specify the path for the user's profile. |
-- |
Input |
O |
Windows.scriptPath |
Logon script path |
Specify the logon script path of the user. |
-- |
Input |
O |
Windows.nextPasswordChangeRequired |
Whether to change the password at the next logon |
If a user needs to change the password for the next login, specify "true". If the password needs not be changed, specify "false". |
-- |
Input |
O |
Windows.enableChangePassword |
Whether to enable a password change |
To allow a user to change the password, specify "true". If the password must not be changed, specify "false". |
-- |
Input |
O |
Windows.reversiblePassword |
Password saving with decodable encryption |
To save the password by enabling encryption restore, specify "true". To save the password by disabling encryption restore, specify "false". |
-- |
Input |
O |
Windows.indefinitePassword |
Removing limits for passwords |
To allow a password without an expiration date, specify "true". To set an expiration date to the password, specify "false". |
-- |
Input |
O |
Windows.expirationDateValue |
Number of days for account expiration |
Specify the account expiration date as a number of days starting from when the plug-in is executed. If 0 is specified, the account expires at the end of the day when the plug-in is executed. |
-- |
Input |
O |
Windows.disabledAccount |
Account disabled |
To disable the account, specify "true". To enable the account, specify "false". |
-- |
Input |
O |
common.returnValue |
Return value for the plugin |
The return value of this plugin stored. |
-- |
Output |
O |