Layer 7 Identity Management

Expand all | Collapse all

Tews Soap Message for Adding user to AD Group

  • 1.  Tews Soap Message for Adding user to AD Group

    Posted 02-04-2019 08:05 AM

    Can someone help me with the soap message for adding the user to group on AD endpoint using ModifyActiveDirectoryGroup task in CA IM 14.2



  • 2.  Re: Tews Soap Message for Adding user to AD Group

    Posted 02-04-2019 11:02 AM

    Hi Rajesh. Here is a sample payload to add a User to a AD group.

    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsdl="http://tews6/wsdl">
       <soapenv:Header/>
       <soapenv:Body>
          <wsdl:TaskContext>
             <wsdl:admin_id>imadmin</wsdl:admin_id>
             <wsdl:admin_password>test</wsdl:admin_password>
          </wsdl:TaskContext>
          <wsdl:ModifyActiveDirectoryGroup>
            <wsdl:ModifyActiveDirectoryGroupSearch>
                <wsdl:Subject>
                   <wsdl:UniqueName>ADSGroup=ithas01-adgrp1,ADSContainer=Builtin,EndPoint=imwad2016a,Namespace=ActiveDirectory,Domain=im,Server=Server</wsdl:UniqueName>
                </wsdl:Subject>
             </wsdl:ModifyActiveDirectoryGroupSearch>
             <wsdl:ModifyActiveDirectoryGroupActiveDirectoryGroupMemberOfTab>
         <wsdl:memberOf>
         {"expiryDate":"2017-09-30T15:00:00","memberOf":"ADSGroup=itcgroup,ADSContainer=Users,EndPoint=imwad2016a,Namespace=ActiveDirectory,Domain=im,Server=Server"}
         </wsdl:memberOf>
             </wsdl:ModifyActiveDirectoryGroupActiveDirectoryGroupMemberOfTab>
          </wsdl:ModifyActiveDirectoryGroup>
       </soapenv:Body>
    </soapenv:Envelope>


  • 3.  Re: Tews Soap Message for Adding user to AD Group

    Posted 02-04-2019 11:11 AM

    The example above is adding a group as a member of a group and not adding an account as a member of a group. Do you have an example of adding an account?

     

    We expect that it would be in the "AccountMemberList" section of the WSDL.

     

    -Sid



  • 4.  Re: Tews Soap Message for Adding user to AD Group

    Posted 02-06-2019 06:15 AM

    Here is payload to add a AD Account to a Group

    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsdl="http://tews6/wsdl">
    <soapenv:Header/>
    <soapenv:Body>
    <wsdl:TaskContext>
    <wsdl:admin_id>imadmin</wsdl:admin_id>
    <wsdl:admin_password>test</wsdl:admin_password>
    </wsdl:TaskContext>
    <wsdl:ModifyActiveDirectoryGroup>
    <wsdl:ModifyActiveDirectoryGroupSearch>
    <wsdl:Subject>
    <wsdl:UniqueName>ADSGroup=ithas01grp123,ADSContainer=Users,EndPoint=AD_Target,Namespace=ActiveDirectory,Domain=im,Server=Server</wsdl:UniqueName>
    </wsdl:Subject>
    </wsdl:ModifyActiveDirectoryGroupSearch>
    <wsdl:ModifyActiveDirectoryGroupActiveDirectoryGroupMembersTab>
    <wsdl:AccountMemberList>
    <wsdl:add index="0">
    <wsdl:UniqueName>Account=ithas01-acc1,ADSContainer=Users,EndPoint=AD_Target,Namespace=ActiveDirectory,Domain=im,Server=Server</wsdl:UniqueName>
    </wsdl:add>
    </wsdl:AccountMemberList>
    </wsdl:ModifyActiveDirectoryGroupActiveDirectoryGroupMembersTab>
    </wsdl:ModifyActiveDirectoryGroup>
    </soapenv:Body>
    </soapenv:Envelope>

    #tewsactivedirectorygroup #tews6



  • 5.  Re: Tews Soap Message for Adding user to AD Group

    Posted 03-28-2019 02:03 AM

    If you are dealing with containers other than AD standard ones like Users,Builtin etc., then make sure you use 'eTADSOrgUnit' instead of  'ADSContainer'. In the following example an account from 'Broadcom' org unit is being added to a 'TechGroup' group in Users container.

    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsdl="http://tews6/wsdl">

       <soapenv:Header/>
       <soapenv:Body>
          <wsdl:TaskContext>
             <wsdl:admin_id>imadmin</wsdl:admin_id>
             <wsdl:admin_password>test</wsdl:admin_password>        
          </wsdl:TaskContext>
          <wsdl:ModifyActiveDirectoryGroup>
             <wsdl:ModifyActiveDirectoryGroupSearch>
                <wsdl:Subject>
                   <wsdl:UniqueName>ADSGroup=TechGroup,ADSContainer=Users,EndPoint=AD-1,Namespace=ActiveDirectory,Domain=im,Server=Server</wsdl:UniqueName>
                </wsdl:Subject>
             </wsdl:ModifyActiveDirectoryGroupSearch>
             <wsdl:ModifyActiveDirectoryGroupActiveDirectoryGroupMembersTab>
                <wsdl:AccountMemberList>
                   <wsdl:add index="0">
                      <wsdl:UniqueName>Account=ashok,eTADSOrgUnit=Broadcom,EndPoint=AD-1,Namespace=ActiveDirectory,Domain=im,Server=Server</wsdl:UniqueName>
                   </wsdl:add>
                </wsdl:AccountMemberList>
             </wsdl:ModifyActiveDirectoryGroupActiveDirectoryGroupMembersTab>
          </wsdl:ModifyActiveDirectoryGroup>
       </soapenv:Body>
    </soapenv:Envelope>


  • 6.  RE: Re: Tews Soap Message for Adding user to AD Group

    Posted 11 days ago
    Hi Muthu,

    When we try ModifyActiveDirectoryGroup using Tews and from user console it throws
    An error object was posted to the task with text: The endpoint type is not selected for this task.
    Do we need configure any additional settings for this task to work?

    Thanks,
    Rajesh.​