If you have questions email me @ jjmusicpro@hotmail.com
If you haven’t already, please read my first post on where and how to download a trial version of User Management Resource Administrator, developed by tools4ever. UMRA
Download Trial Version of UMRA > http://www.tools4ever.com/download/
Download Trial Version of SSRPM > http://www.tools4ever.com/download/
UMRA – Get attribute (AD) Example Tips and Help
If you have already read my blog about some of the basics on the Create User (AD) UMRA Action then please visit http://activedirectoryadmin.blogspot.com/2009/08/umra-create-user-ad-action-help.html that blog to catch up to speed on this post.Previous UMRA Action Topics.
-Move – Rename (AD)
-Remove User Group Membership
-Set User Group Memberships
-Edit User (AD)
-Get User (AD)
-Create User (AD)
-Create user (no AD)
-Edit user logon
In this blog we will be talking about the UMRA action Get attribute (AD). Now, this is one of the main actions other then Get User (AD) in the UMRA action list. The Get attribute (AD) is typically following some type of Get User (AD) or Get object (AD). Both of these action will bind to the object, so any following actions after the bind will be taken on the searched user. The whole point of the get attribute (AD) is to get an active directory attribute; this can be anything such as, dn, group memberships, and or canonical name. To get a complete list of active directory attributes, either search on Google, or yahoo for some of the best results on lists of active directory attributes. So you can use the Get attribute (AD) to grab an active directory attribute, put that into a variable, and then do something with it later in your script. An example of this would be to grade the users display name attribute, then compare this against a student information system, or csv file of what it should be, if they are different change it in active directory, if they are the same, grab another active directory attribute and compare again. So below is a quick overview of the action properties in depth.
User Object -
This by default is set to %UserObject%. To bind to the user object, see the action Get User (AD) upon successful location of a user account ,it will bind to the user that it was passed, either by user dn, or user samaccountname.
Active Directory Object -
This will need to be set to %ActiveDirectoryObject% if you plan to grab an attribute out from a group, computer, etc. something other then a userobject. If you use this you will need to clear the %UserObject% property.
LDAP attribute displayname –
This will be the attribute name you want the value of, example would be cn, canonicalname, memberof, pwdlastset, etc.
Multi-value flag -
You want to set this if the value you are getting has multiple values stored in it, such as the active directory attribute memberof, this attribute has multiple group dn’s in it.
Convert to text flag -
If you set this flag to YES, it will take the value such as a number, and put it as text.
Error if no attribute found -
If set to YES your script action will throw an error, in most cases you can turn this OFF and check the value of the output variable.
Error if empty -
This works almost the same way as the above property, you can check to make sure the value is NOT empty, if set to YES, you can set your ERROR to hope to another part in your script.
Attribute value -
This is the storage container the attribute value is stored in, so if you were looking up the display name of an active directory user, it would store it in the %AttributeValue% variable. You can switch this variablename to something more useful that fits your needs, such as %User_Displayname%.
So there you have it, a quick overview of the Get attribute (AD) action. Again, as you can see its one of the most versatile actions in UMRA. If you have any questions please feel free to email me, or leave a comment, thanks again!
0 comments:
Post a Comment