Active Directory Plugin
The Active Directory Plugin enables the creation of services like creating, editing and removing users, computers and groups.
Data Sources
| Data sources | Description |
|---|---|
| DropDown.ADComputer | Displays Computer objects in Active Directory. The current users own computer is displayed by default |
| DropDown.ADComputerNoDefault | Displays Computer objects in Active Directory. Does not show any default computer. |
| DropDown.ADContactNoDefault | Displays contact objects in Active Directory. |
| DropDown.ADDistributionGroup | Displays Distribution Groups in Active Directory. |
| DropDown.ADDistributionGroupNoRestriction | Displays Distribution Groups in Active Directory. Members of the ServiceViewer role can search for distribution groups in a specified organizational unit and underlying organisational units. |
| DropDown.ADHomeFolder | Displays Home Folder locations. |
| DropDown.ADMailEnabledUser | Displays mail enabled user objects in Active Directory. |
| DropDown.ADMailEnabledUserNoRestriction | Displays mail enabled user objects in Active Directory. Members of the ServiceViewer role can search for mail enabled users in a specified organizational unit and underlying organisational units. |
| DropDown.ADMyComputer | Displays a users computer objects in Active Directory. The current users own computer is displayed by default. |
| DropDown.ADMyComputerNoDefault | Displays a users computer objects in Active Directory. |
| DropDown.ADMyDistributionGroup | Displays a users distribution groups in Active Directory. |
| DropDown.ADMyMailEnabledUser | Displays a users mail enabled user objects in Active Directory. |
| DropDown.ADMyOrganizationalUnit | Displays a users organizational units in Active Directory. |
| DropDown.ADMySecurityGroup | Displays a users security groups in Active Directory. |
| DropDown.ADMySharedFolder | Displays a users shared folders in Active Directory. Shared folders are determined by the dropdown.xml file. |
| DropDown.ADMySharedMailbox | Displays a users shared mailboxes in Active Directory. |
| DropDown.ADMySoftwareGroup | Displays a users software groups in Active Directory. Software groups are determined by the dropdown.xml rules. |
| DropDown.ADMyUser | Displays a users user objects in Active Directory. |
| DropDown.ADObject | Drop Down Datasource that returns AD Objects. |
| DropDown.ADOrganizationalUnit | Displays organizational units in Active Directory. The users organizational unit is displayed by default. |
| DropDown.ADOrganizationalUnitNoDefault | Displays organizational units in Active Directory. Does not display any default organizational unit. |
| DropDown.ADProfilePath | Displays Profile Paths. The profile paths are determined by the dropdown.xml rules. |
| DropDown.ADSecurityGroup | Displays Security Groups in Active Directory. |
| DropDown.ADSecurityGroupNoRestriction | Displays Security Groups in Active Directory. Members of the ServiceViewer role can search for security groups in a specified organizational unit and underlying organisational units. |
| DropDown.ADSharedFolder | Displays a users shared folders in Active Directory. |
| DropDown.ADSharedFolderNoRestruction | Displays shared folders in Active Directory. Members of the ServiceViewer role can search for shared folders in a specified organizational unit and underlying organisational units. |
| DropDown.ADSharedMailbox | Displays a shared mailboxes in Active Directory. |
| DropDown.ADSharedMailboxNoRestriction | Displays a shared mailboxes in Active Directory. Members of the ServiceViewer role can search for shared mailboxes in a specified organizational unit and underlying organisational units. |
| DropDown.ADSoftwareGroup | Displays software groups in Active Directory. Software groups are determined by the dropdown.xml rules. |
| DropDown.ADUser | Displays user objects in Active Directory. The current user is displayed by default. |
| DropDown.ADUserNoDefault | Displays user objects in Active Directory. |
| DropDown.ADUserNoRestriction | Displays user objects in Active Directory. Members of the ServiceViewer role can search for users in a specified organizational unit and underlying organisational units. |
| Get-ZPADComputer | Gets an Active Directory computer. |
| Get-ZPADContact | Gets an Active Directory contact. |
| Get-ZPADGroup | Gets an Active Directory group. |
| Get-ZPADGroupMember | Get a groups members from Active Directory. |
| Get-ZPADOrganizationalUnit | Gets an Active Directory organizational unit. |
| Get-ZPADUser | Gets an Active Directory user. |
| Get-ZPADComputerGroup | Gets Active Directory group. |
| Get-ZPValidMacAddress | Converts a Mac address |
| Get-ZPADSecurityGroup | Get one or more Active Directory security groups. |
| Get-ZPADSharedFolder | Get shared folder read and read/write groups. |
| Get-ZPADManager | Get an objects manager from Active Directory. |
| Get-ZPADUserLogonWorkstation | Gets a users logon workstations. |
| Test-ZPADUniqueMacAddress | Test if a mac address is unique based on an attribute in Active Directory. |
| Test-ZPADComputer | Test if a computer exists in Active Directory. |
| Test-ZPADUser | Test if a user exists in Active Directory. |
| Test-ZPADGroup | Test if a group exists in Active Directory. |
| Test-ZPADObject | Test if an object exists in Active Directory. |
| Test-ZPADProperty | Test if an Active Directory attribute contains a value. |
| Test-ZPADDomain | Test if a domain is available. |
| New-ZPPassword | Generates a random password. |
Activities
| Activities | Description |
|---|---|
| Add-ZPADGroupMember | Add a member to a group. |
| Disable-ZPADAccount | Disable an account. |
| Enable-ZPADAccount | Enable an account. |
| Get-ZPADComputer | Get a computer from Active Directory. |
| Get-ZPADGroup | Get a group from Active Directory. |
| Get-ZPADGroupMember | Get a groups members from Active Directory. |
| Get-ZPADManager | Get an objects manager from Active Directory. |
| Get-ZPADOrganizationalUnit | Get an organizational unit from Active Directory. |
| Get-ZPADSharedFolder | Get shared folder read and read/write groups. |
| Get-ZPADUser | Get a user from Active Directory. |
| Grant-ZPADChangeGroupMembershipRights | Grants a user rights to change group members. |
| Move-ZPADObject | Move an object. |
| New-ZPADComputer | Create a computer. |
| New-ZPADGroup | Create a group. |
| New-ZPADHomeDirectory | Create a home directory. |
| New-ZPADOrganizationalUnit | Create an organizational unit. |
| New-ZPADUser | Create a new user in Active Directory. |
| Protect-ZPADGroupMemberInjection | Check if an Active Directory object is actually member of a list of groups. |
| Remove-ZPADComputer | Remove a computer. |
| Remove-ZPADGroup | Remove a group. |
| Remove-ZPADGroupMember | Remove a member from a group. |
| Remove-ZPADProfilePath | Remove a profile path. |
| Remove-ZPADUser | Remove a user. |
| Rename-ZPADObject | Renames the specified AD Object. |
| Set-ZPADAccountPassword | Set a new password. |
| Set-ZPADComputer | Update a computer. |
| Set-ZPADContact | Update a contact. |
| Set-ZPADGroup | Update a group. |
| Set-ZPADProfilePath | Create a profile path. |
| Set-ZPADUser | Update a user. |
| Set-ZPADUserCannotChangePassword | User can/cannot change password. |
| Set-ZPADUserChangePasswordAtLogon | User must change password at next logon. |
| Set-ZPADUserExpirationDate | Set a user's expiration date. |
| Set-ZPADUserInteractiveLogon | Restricts a user to only be able to interactively logon to the specified workstations. |
| Set-ZPADUserNeverExpire | Account never expires. |
| Set-ZPADUserPasswordNeverExpires | user's password never expires. |
| Sync-ZPADObject | Replicates an object between two domain controllers. |
| Test-ZPADProperty | Test if an Active Directory attribute contains a value. |
| Unlock-ZPADAccount | Unlock an account. |
Installation and Configuration
This plugin necessitates the installation of the AD DS and AD LDS Tools feature on the server, which is located within the Remote Server Administration Tools section of Add Roles and Features Wizard.
Update Provider Config
ProvisioningSystem
Update the provider config with the settings applicable for your environment
activedirectory.provisioningsystem.providers.xml
| Key | Example Value | Description |
|---|---|---|
| DomainController | DC01.domain.local | Preferred domain controller FQDN |
| SearchBase | OU=Demo,DC=domain,DC=local | Default search base (can be overwritten in drop down.xml configuration files) |
| SharedFolderProperty | info | attribute used to store a shared folders path (\SRV01\Share\Folder) |
| SharedFolderWriteGroup | RW- | Prefix used for read/write groups |
| SharedFolderReadGroup | R- | Prefix used for read groups |
| SoftwareGroupAttributeExtensionAttribute3 | Active Directory attribute to use when identifying software groups | |
| SoftwareGroupValuesoftware | Attribute value to use when identifying software groups | |
| DirectoryContextName | domain.local | Specifies a specific directory context name. If left blank the default context name will be used. |
| Site | Default-First-Site-Name | Specifies a specific Site name. If left blank the default site will be used. |
| UICulture | en-US | language to display state messages in (en-US or sv-SE) |
ClientWebService
Update the provider config with the settings applicable for your environment
activedirectory.clientwebservice.providers.xml
| Key | Example Value | Description |
|---|---|---|
| DomainController | serverx.test.local | Preferred domain controller FQDN |
| SearchBase | DC=Demo,DC=domain,DC=local | Default search base (can be overwritten in drop down.xml configuration files) |
| SharedFolderProperty | info | attribute used to store a shared folders path (\SRV01\Share\Folder) |
| SharedFolderReadGroup | R- | Prefix used for read groups |
| SharedFolderWriteGroup | RW- | Prefix used for read/write groups |
| SoftwareGroupAttribute | ExtensionAttribute3 | Active Directory attribute to use when identifying software groups |
| SoftwareGroupValue | software | Attribute value to use when identifying software groups |
| DirectoryContextName | domain.local | Specifies a specific directory context name. If left blank the default context name will be used. |
| Site | Default-First-Site-Name | Specifies a specific Site name. If left blank the default site will be used. |
| UICulture | en-US | language to display state messages in (en-US or sv-SE) |
Update dropdown.xml
Most dropdown data sources in the Active Directory plugin contain a dropdown.xml file that is used to configure which Zervicepoint roles are allowed to search the dropdown and the search parameters.
When installing this plugin, you must update the dropdown.xml to reflect the roles you want to use in your environment and your delegation model.