Symantec IGA

 View Only
  • 1.  Tews Soap Message for Adding user to AD Group

    Posted Feb 04, 2019 08:05 AM

    Can someone help me with the soap message for adding the user to group on AD endpoint using ModifyActiveDirectoryGroup task in CA IM 14.2



  • 2.  Re: Tews Soap Message for Adding user to AD Group

    Broadcom Employee
    Posted Feb 04, 2019 11:02 AM

    Hi Rajesh. Here is a sample payload to add a User to a AD group.

    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsdl="http://tews6/wsdl">
       <soapenv:Header/>
       <soapenv:Body>
          <wsdl:TaskContext>
             <wsdl:admin_id>imadmin</wsdl:admin_id>
             <wsdl:admin_password>test</wsdl:admin_password>
          </wsdl:TaskContext>
          <wsdl:ModifyActiveDirectoryGroup>
            <wsdl:ModifyActiveDirectoryGroupSearch>
                <wsdl:Subject>
                   <wsdl:UniqueName>ADSGroup=ithas01-adgrp1,ADSContainer=Builtin,EndPoint=imwad2016a,Namespace=ActiveDirectory,Domain=im,Server=Server</wsdl:UniqueName>
                </wsdl:Subject>
             </wsdl:ModifyActiveDirectoryGroupSearch>
             <wsdl:ModifyActiveDirectoryGroupActiveDirectoryGroupMemberOfTab>
         <wsdl:memberOf>
         {"expiryDate":"2017-09-30T15:00:00","memberOf":"ADSGroup=itcgroup,ADSContainer=Users,EndPoint=imwad2016a,Namespace=ActiveDirectory,Domain=im,Server=Server"}
         </wsdl:memberOf>
             </wsdl:ModifyActiveDirectoryGroupActiveDirectoryGroupMemberOfTab>
          </wsdl:ModifyActiveDirectoryGroup>
       </soapenv:Body>
    </soapenv:Envelope>


  • 3.  Re: Tews Soap Message for Adding user to AD Group

    Posted Feb 04, 2019 11:11 AM

    The example above is adding a group as a member of a group and not adding an account as a member of a group. Do you have an example of adding an account?

     

    We expect that it would be in the "AccountMemberList" section of the WSDL.

     

    -Sid



  • 4.  Re: Tews Soap Message for Adding user to AD Group

    Broadcom Employee
    Posted Feb 06, 2019 06:15 AM

    Here is payload to add a AD Account to a Group

    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsdl="http://tews6/wsdl">
    <soapenv:Header/>
    <soapenv:Body>
    <wsdl:TaskContext>
    <wsdl:admin_id>imadmin</wsdl:admin_id>
    <wsdl:admin_password>test</wsdl:admin_password>
    </wsdl:TaskContext>
    <wsdl:ModifyActiveDirectoryGroup>
    <wsdl:ModifyActiveDirectoryGroupSearch>
    <wsdl:Subject>
    <wsdl:UniqueName>ADSGroup=ithas01grp123,ADSContainer=Users,EndPoint=AD_Target,Namespace=ActiveDirectory,Domain=im,Server=Server</wsdl:UniqueName>
    </wsdl:Subject>
    </wsdl:ModifyActiveDirectoryGroupSearch>
    <wsdl:ModifyActiveDirectoryGroupActiveDirectoryGroupMembersTab>
    <wsdl:AccountMemberList>
    <wsdl:add index="0">
    <wsdl:UniqueName>Account=ithas01-acc1,ADSContainer=Users,EndPoint=AD_Target,Namespace=ActiveDirectory,Domain=im,Server=Server</wsdl:UniqueName>
    </wsdl:add>
    </wsdl:AccountMemberList>
    </wsdl:ModifyActiveDirectoryGroupActiveDirectoryGroupMembersTab>
    </wsdl:ModifyActiveDirectoryGroup>
    </soapenv:Body>
    </soapenv:Envelope>

    #tewsactivedirectorygroup #tews6



  • 5.  Re: Tews Soap Message for Adding user to AD Group

    Broadcom Employee
    Posted Mar 28, 2019 02:03 AM

    If you are dealing with containers other than AD standard ones like Users,Builtin etc., then make sure you use 'eTADSOrgUnit' instead of  'ADSContainer'. In the following example an account from 'Broadcom' org unit is being added to a 'TechGroup' group in Users container.

    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsdl="http://tews6/wsdl">

       <soapenv:Header/>
       <soapenv:Body>
          <wsdl:TaskContext>
             <wsdl:admin_id>imadmin</wsdl:admin_id>
             <wsdl:admin_password>test</wsdl:admin_password>        
          </wsdl:TaskContext>
          <wsdl:ModifyActiveDirectoryGroup>
             <wsdl:ModifyActiveDirectoryGroupSearch>
                <wsdl:Subject>
                   <wsdl:UniqueName>ADSGroup=TechGroup,ADSContainer=Users,EndPoint=AD-1,Namespace=ActiveDirectory,Domain=im,Server=Server</wsdl:UniqueName>
                </wsdl:Subject>
             </wsdl:ModifyActiveDirectoryGroupSearch>
             <wsdl:ModifyActiveDirectoryGroupActiveDirectoryGroupMembersTab>
                <wsdl:AccountMemberList>
                   <wsdl:add index="0">
                      <wsdl:UniqueName>Account=ashok,eTADSOrgUnit=Broadcom,EndPoint=AD-1,Namespace=ActiveDirectory,Domain=im,Server=Server</wsdl:UniqueName>
                   </wsdl:add>
                </wsdl:AccountMemberList>
             </wsdl:ModifyActiveDirectoryGroupActiveDirectoryGroupMembersTab>
          </wsdl:ModifyActiveDirectoryGroup>
       </soapenv:Body>
    </soapenv:Envelope>


  • 6.  RE: Re: Tews Soap Message for Adding user to AD Group

    Posted Sep 06, 2019 09:43 AM
    Hi Muthu,

    When we try ModifyActiveDirectoryGroup using Tews and from user console it throws
    An error object was posted to the task with text: The endpoint type is not selected for this task.
    Do we need configure any additional settings for this task to work?

    Thanks,
    Rajesh.​