IT Management Suite

  • Private Community
 View Only
Back to Library

Active Directory Components by Incendio Technology 

Nov 13, 2008 01:03 PM

Attached are a suite 37 useful Active Directory components developed by Incendio Technology and free for use. There’s a sample project included that shows how to do some common tasks such as create users. Be sure to set the project properties with values for your domain. Remember, you can right click on components and view help to see information on how to use them.

To install the components simply copy the IncendioTechnology.Components.ActiveDirectory.dll into your workflow custom library folder, usually located in C:\Program Files\Altiris\Workflow Designer\Shared\customlib.

* A note about Active Directory and Distinguished Names- Objects in Active Directory can be referenced by a distinguished name (DN) which is a string that looks something like this -“CN=Ryan Hamner,CN=Users,DC=mydomain,DC=com”. The Incendio Active Directory components make heavy use of this and many take in distinguished names as input parameters. All components that search or return objects will include the distinguished name as a property. For more info on distinguished names look here.

The following components are included:

AD User Exists:
This component will test to see if a user exists
AD User Exists – Path:
This component will test to see if a user exists and returns down a True/False path
Authenticate AD User:
This component checks if supplied username and password are correct.
Authenticate AD User – Path:
This component checks if supplied username and password are correct.
Change AD User Password:
This component changes a user’s password.
Create AD User:
This component creates a user in active directory; returns the GUID of the user string
Disable AD User:
This component disables a user.
Get AD User:
This component gets a user by username.
Get AD UserDn:
This component gets a user's distinguished name. Distinguished name is used by many other components and is also a field in the AdUser object.
Reset AD User Password:
This component resets a user’s password.
Search AD Users:
This component gets a collection of users with the supplied filter criteria. To keep the load on the domain controller to a minimum, this component will not return a user’s groups. If you need to find the groups of a specific user then use the Get AD User’s Groups component.
Unlock AD User:
This component unlocks a user that has been locked out from failed login attempts.
Add AD Users to Group:
This component will add users to a group in Active Directory.
Create AD Group:
This component will create a group in Active Directory
Delete AD Group:
This component will delete a group from Active Directory
Get AD Nested Groups:
This component will get groups that belong to the group that is supplied from Active Directory
Get AD User’s Groups:
This component will get user’s groups from Active Directory
Remove AD User from Group:
This component will remove a user of a group.
AD Object Exists:
This component checks if the supplied object exists.
AD Object Exists – Path:
This component checks if the supplied object exists.
Delete AD Object:
This component deletes an object from AD. When deleting a container such as an Organizational Unit it must be empty or an exception will be raised.
Friendly Domain To Ldap Domain:
This component returns a fully qualified domain name from the friendly name. Passing in mydomain would return mydomain.com
Get AD Objects:
This component returns all child objects of the object supplied.
Get AD Object's Used Properties:
This component returns the names of all properties that are populated for the supplied object.
Get AD Properties:
This component returns value for supplied collection of properties on object. This will only work with properties that are implicitly converted to a string.
Get AD Property:
This component returns value for one supplied property on object. This will only work with properties that are implicitly converted to a string.
Get AD Property With Multiple Values:
This component returns all values for one supplied property on object. This is useful for properties that can have multiple values. This will only work with properties that are implicitly converted to a string.
Get Domain Controllers:
This component returns all domain controllers in the domain that is supplied.
Get Domains:
This component returns all domains in the current forest.
Move AD Object:
This component moves an AD object from one location to another. The string NewLocationDn is the container that want to move the object to
Search AD Objects:
This component lets you search for any type of AD object.
Set AD Properties:
This component sets value for supplied collection properties on object. This will only work with properties that are implicitly converted to a string. It should only be used with properties that have one value. Set AD Property: This component sets value for supplied property on object. This will only work with properties that are implicitly converted to a string. It should only be used with properties that have one value.
Add AD Computer:
Adds a computer to AD
Search AD Computers:
Searches AD computers
License:AJSL
By clicking the download link below, you agree to the terms and conditions in the Altiris Juice Software License
Support:User-contributed tools on the Juice are not supported by Altiris Technical Support. If you have questions about a tool, please communicate directly with the author by visiting their profile page and clicking the 'contact' tab.

Statistics
0 Favorited
1 Views
2 Files
0 Shares
2 Downloads
Attachment(s)
Download All
jpg file
6250.jpg   2 KB   1 version
Uploaded - Feb 25, 2020
 
Download
zip file
Incendio Active Directory Components.zip   2.40 MB   1 version
Uploaded - Feb 25, 2020
 
Download

Tags and Keywords

Comments

Migration User
Mar 25, 2011 05:17 PM

Are these still valid or have they been replaced by the ones built into (or did these become the built in) workflow?

Migration User
Nov 15, 2010 12:31 PM

Thanks for this its been a great help!

I have been able to get my AD OU's imported however I was wondering is their a way to move a user into a specific OU. At the moment am able to create a user at a top level in our AD Structure but want to move the user into a specific OU depending on what is selected.

 

i.e Our AD Structure is OU(Site) > OU (Users) > OU (UsersGroup)

Every Site has OU(Site) > OU (Users) however OU UsersGroup contains different OU's depending on which site.

for example Buckingham has OU UserGroups of Admin, HR, PayRoll and Downing has OU UserGroups Admin, General, Booking

So at the moment I can get a new user created into OU(Site) But I'd like another Dropdown that points to OU(Users) for what ever site is selected and then show the available OU(UsersGroup) so that can move user into there?

AD Structure

 

Any Ideas please?

Steve Wayment
Sep 24, 2010 12:35 PM

The built-in AD components have a "Get Users in Group" option, but I found that it does not span across domains.  For example, if one of the users in your group is in another domain, or even if their Manager is in another domain, the components returns an error "Cannot find specified user by pattern."

Migration User
Jul 26, 2010 08:57 AM

Hey there,

I realise that this post is rather old....
But i'm having the same issue as Steve.

Can't seem to pull a list of members out of an AD group.
While the other way around is very easy with: Get AD user's Groups.

Any suggestions or remarks on this would de great.

THX!

Steve Wayment
Aug 12, 2009 10:58 AM

Your components are great.  Thanks a ton!  I have 1 question: is it possible to display a list of members assigned to a particular group?  I can pull back groups that are a part of the group, but not members (AD Users).  Thanks!

Migration User
Aug 05, 2009 08:56 AM

Have you seen this error before with the Get AD User? It is only happening with a few users.

Error Details
Error Message:
Unknown error (0x80005000)
Message Stack:
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.PropertyCollection.Contains(String propertyName)
at Inc.AdLib.AdHelper.GetAdPropertyValues(String[] Properties, String ObjectDn, String AdminUsername, String AdminUserpass)
at Inc.AdLib.AdGroups.GetUserGroups(String Dn, String UserDn, Boolean ShowNestedGroups, String AdminUsername, String AdminUserpass)

Migration User
Aug 05, 2009 08:31 AM

I won't use all of the included scripts, but there are a select few that I will use multiple times a day.

Thanks a lot for the post!
 

Migration User
Feb 23, 2009 02:20 PM

Have you seen this error before with the Get AD User? It is only happening with a few users.
Error Details
Error Message:
Unknown error (0x80005000)
Message Stack:
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.PropertyCollection.Contains(String propertyName)
at Inc.AdLib.AdHelper.GetAdPropertyValues(String[] Properties, String ObjectDn, String AdminUsername, String AdminUserpass)
at Inc.AdLib.AdGroups.GetUserGroups(String Dn, String UserDn, Boolean ShowNestedGroups, String AdminUsername, String AdminUserpass)

Migration User
Feb 05, 2009 06:32 PM

I had the same error after publishing as well.
In addition to rhamner suggestion, I had to search for web.config file in workflowdeployed project, and edit it using notepad. Change the authentication mode from "authentication mode="None" to authentication mode="Windows". It works like a charm after.

Migration User
Jan 09, 2009 01:15 PM

This particular error is raised by the component when it can't find the user you're trying to get.
Since it's saying it can't find Network Service my guess is you're using the Symantec Get Current User component with the type set to WindowsPrincial. This will actually return the user that the workflow is running as and not the user browsing to the page. Debug, by default, does not deploy to IIS and runs as the user logged in to the computer. IIS by default runs asp.net apps as a local account called Network Service. In order to get the user that is browsing to the workflow you need to set the type to HttpContext and make sure Windows Authentication is on for the deployed virtual directory in IIS. Once you do this you’ll notice that when debugging the user is now blank. I usually just disable this component and give it a constant value while debugging, although you could work around it by setting IIS to be your debugging server under tool preferences. Also, note that the Get AD User component expects the sAMAccountName property so you need to remove the ‘domain\’ from the output of your Get Current User component.

Migration User
Jan 07, 2009 02:32 PM

I am using the Get AD User component. It works great in debug mode. When I publish it and attempt to run it, I get this error: "User 'Network Service' does not exist." Does anyone know what is causing this?

Migration User
Dec 11, 2008 03:22 PM

Thank you for posting these out here. I've been working on get users groups. Can't wait to get some more of these sertup on our new workflow server. I will post how it goes.

Migration User
Nov 24, 2008 09:32 PM

The next webinar in the Incendio Workflow series will focus on the Incendio Active Directory components.
Please join us Wednesday Dec 3rd from 12-1pm MST for a demonstration on how to utilize the library. Follow the link below to register for the Webinar
Register for Webinar

Migration User
Nov 19, 2008 08:00 AM

Thanks for the clarity. Workflow is the future & you guys are on top of it!

Migration User
Nov 18, 2008 02:13 PM

In Workflow during design time when you are looking at an array/collection of any type you'll see First, Last and Count unless you are assigning the value to another array and then you'll just see the array. Really what this allows for is an easy way to reference a single item in an array that you know will only have one item. Since the designer has no way of knowing how many items will be in the array it can't really let you reference item 2, item 3, etc. At runtime however that array with be populated with 1:N items. The two particular components you are talking about return arrays of AdGroup and AdObject types which both have multiple properties. At runtime the output from these can be populated with multiple items.
Here's and quick example to demonstrate the point. Create a Web Forms project and add the Get AdGroups component and then a form. On your form add a GridComponent. In the Data Type property search for AdGroup and select it as the type. Next click on the Grid Data property and choose the output from your Get Ad Groups component which is called GetGroups_Result by default. When you run it you should see all the groups in the grid.
There are a couple of ways to programmatically pick and choose certain ones out of the bunch if you need to, for example, you're creating a user and when it's in OU 1 it should always have groups A, B, and C. The best way is the Configurable Collection Filter component. Check out this post for more info on it. (https://www-secure.symantec.com/community/forum/5222/what-best-way-find-item-array). You can also loop using a For Each Item In Collection component and add items you want to use to a separate collection.

Migration User
Nov 18, 2008 09:53 AM

For my immediate purposes, I can use dsmove to rename the account but it'll be cool if future release provided this. I also noticed on your Get AD Groups and Objects components, the results you can bring back are count, first and last group. Any way to get a list of all groups?
Thanks.

Migration User
Nov 17, 2008 04:26 PM

Hi, you're right. It gets defaulted to username (sAMAccountName) and there's no way right now in the component to override that. The Display Name is set separately and uses First Last if not set. The ability to specify the common name would be a good enhancement for a future release.

Migration User
Nov 17, 2008 04:12 PM

Good stuff here. One question, when using the Create AD User component, I noticed that the full name property is not available. Because of this, the account name defaults to the username (our company requires it be the same as the display name). I tried to change the account name using the Set AD Properties component, but that would not go through.
Perhaps if there were a Rename AD OBject component?
Thoughts on this?

Related Entries and Links

No Related Resource entered.