Active Directory Plugin

The Active Directory Plugin enables the creation of services like creating, editing and removing users, computers and groups.

Data Sources

Data sources Description
DropDown.ADComputer Displays Computer objects in Active Directory. The current users own computer is displayed by default
DropDown.ADComputerNoDefault Displays Computer objects in Active Directory. Does not show any default computer.
DropDown.ADContactNoDefault Displays contact objects in Active Directory.
DropDown.ADDistributionGroup Displays Distribution Groups in Active Directory.
DropDown.ADDistributionGroupNoRestriction Displays Distribution Groups in Active Directory. Members of the ServiceViewer role can search for distribution groups in a specified organizational unit and underlying organisational units.
DropDown.ADHomeFolder Displays Home Folder locations.
DropDown.ADMailEnabledUser Displays mail enabled user objects in Active Directory.
DropDown.ADMailEnabledUserNoRestriction Displays mail enabled user objects in Active Directory. Members of the ServiceViewer role can search for mail enabled users in a specified organizational unit and underlying organisational units.
DropDown.ADMyComputer Displays a users computer objects in Active Directory. The current users own computer is displayed by default.
DropDown.ADMyComputerNoDefault Displays a users computer objects in Active Directory.
DropDown.ADMyDistributionGroup Displays a users distribution groups in Active Directory.
DropDown.ADMyMailEnabledUser Displays a users mail enabled user objects in Active Directory.
DropDown.ADMyOrganizationalUnit Displays a users organizational units in Active Directory.
DropDown.ADMySecurityGroup Displays a users security groups in Active Directory.
DropDown.ADMySharedFolder Displays a users shared folders in Active Directory. Shared folders are determined by the dropdown.xml file.
DropDown.ADMySharedMailbox Displays a users shared mailboxes in Active Directory.
DropDown.ADMySoftwareGroup Displays a users software groups in Active Directory. Software groups are determined by the dropdown.xml rules.
DropDown.ADMyUser Displays a users user objects in Active Directory.
DropDown.ADObject Drop Down Datasource that returns AD Objects.
DropDown.ADOrganizationalUnit Displays organizational units in Active Directory. The users organizational unit is displayed by default.
DropDown.ADOrganizationalUnitNoDefault Displays organizational units in Active Directory. Does not display any default organizational unit.
DropDown.ADProfilePath Displays Profile Paths. The profile paths are determined by the dropdown.xml rules.
DropDown.ADSecurityGroup Displays Security Groups in Active Directory.
DropDown.ADSecurityGroupNoRestriction Displays Security Groups in Active Directory. Members of the ServiceViewer role can search for security groups in a specified organizational unit and underlying organisational units.
DropDown.ADSharedFolder Displays a users shared folders in Active Directory.
DropDown.ADSharedFolderNoRestruction Displays shared folders in Active Directory. Members of the ServiceViewer role can search for shared folders in a specified organizational unit and underlying organisational units.
DropDown.ADSharedMailbox Displays a shared mailboxes in Active Directory.
DropDown.ADSharedMailboxNoRestriction Displays a shared mailboxes in Active Directory. Members of the ServiceViewer role can search for shared mailboxes in a specified organizational unit and underlying organisational units.
DropDown.ADSoftwareGroup Displays software groups in Active Directory. Software groups are determined by the dropdown.xml rules.
DropDown.ADUser Displays user objects in Active Directory. The current user is displayed by default.
DropDown.ADUserNoDefault Displays user objects in Active Directory.
DropDown.ADUserNoRestriction Displays user objects in Active Directory. Members of the ServiceViewer role can search for users in a specified organizational unit and underlying organisational units.
Get-ZPADComputer Gets an Active Directory computer.
Get-ZPADContact Gets an Active Directory contact.
Get-ZPADGroup Gets an Active Directory group.
Get-ZPADGroupMember Get a groups members from Active Directory.
Get-ZPADOrganizationalUnit Gets an Active Directory organizational unit.
Get-ZPADUser Gets an Active Directory user.
Get-ZPADComputerGroup Gets Active Directory group.
Get-ZPValidMacAddress Converts a Mac address
Get-ZPADSecurityGroup Get one or more Active Directory security groups.
Get-ZPADSharedFolder Get shared folder read and read/write groups.
Get-ZPADManager Get an objects manager from Active Directory.
Get-ZPADUserLogonWorkstation Gets a users logon workstations.
Test-ZPADUniqueMacAddress Test if a mac address is unique based on an attribute in Active Directory.
Test-ZPADComputer Test if a computer exists in Active Directory.
Test-ZPADUser Test if a user exists in Active Directory.
Test-ZPADGroup Test if a group exists in Active Directory.
Test-ZPADObject Test if an object exists in Active Directory.
Test-ZPADProperty Test if an Active Directory attribute contains a value.
Test-ZPADDomain Test if a domain is available.
New-ZPPassword Generates a random password.

Activities

Activities Description
Add-ZPADGroupMember Add a member to a group.
Disable-ZPADAccount Disable an account.
Enable-ZPADAccount Enable an account.
Get-ZPADComputer Get a computer from Active Directory.
Get-ZPADGroup Get a group from Active Directory.
Get-ZPADGroupMember Get a groups members from Active Directory.
Get-ZPADManager Get an objects manager from Active Directory.
Get-ZPADOrganizationalUnit Get an organizational unit from Active Directory.
Get-ZPADSharedFolder Get shared folder read and read/write groups.
Get-ZPADUser Get a user from Active Directory.
Grant-ZPADChangeGroupMembershipRights Grants a user rights to change group members.
Move-ZPADObject Move an object.
New-ZPADComputer Create a computer.
New-ZPADGroup Create a group.
New-ZPADHomeDirectory Create a home directory.
New-ZPADOrganizationalUnit Create an organizational unit.
New-ZPADUser Create a new user in Active Directory.
Protect-ZPADGroupMemberInjection Check if an Active Directory object is actually member of a list of groups.
Remove-ZPADComputer Remove a computer.
Remove-ZPADGroup Remove a group.
Remove-ZPADGroupMember Remove a member from a group.
Remove-ZPADProfilePath Remove a profile path.
Remove-ZPADUser Remove a user.
Rename-ZPADObject Renames the specified AD Object.
Set-ZPADAccountPassword Set a new password.
Set-ZPADComputer Update a computer.
Set-ZPADContact Update a contact.
Set-ZPADGroup Update a group.
Set-ZPADProfilePath Create a profile path.
Set-ZPADUser Update a user.
Set-ZPADUserCannotChangePassword User can/cannot change password.
Set-ZPADUserChangePasswordAtLogon User must change password at next logon.
Set-ZPADUserExpirationDate Set a user's expiration date.
Set-ZPADUserInteractiveLogon Restricts a user to only be able to interactively logon to the specified workstations.
Set-ZPADUserNeverExpire Account never expires.
Set-ZPADUserPasswordNeverExpires user's password never expires.
Sync-ZPADObject Replicates an object between two domain controllers.
Test-ZPADProperty Test if an Active Directory attribute contains a value.
Unlock-ZPADAccount Unlock an account.

Installation and Configuration

Update Provider Config

ProvisioningSystem

Update provider config with the settings applicable for your environment

activedirectory.provisioningsystem.providers.xml

Key Example Value Description
DomainController DC01.domain.local Preferred domain controller FQDN
SearchBase OU=Demo,DC=domain,DC=local Default search base (can be overwritten in drop down.xml configuration files)
SharedFolderProperty info attribute used to store a shared folders path (\SRV01\Share\Folder)
SharedFolderWriteGroup RW- Prefix used for read/write groups
SharedFolderReadGroup R- Prefix used for read groups
SoftwareGroupAttributeExtensionAttribute3 Active Directory attribute to use when identifying software groups
SoftwareGroupValuesoftware Attribute value to use when identifying software groups
DirectoryContextName domain.local Specifies a specific directory context name. If left blank the default context name will be used.
Site Default-First-Site-Name Specifies a specific Site name. If left blank the default site will be used.
UICulture en-US language to display state messages in (en-US or sv-SE)

ClientWebService

Update provider config with the settings applicable for your environment

activedirectory.clientwebservice.providers.xml

Key Example Value Description
DomainController serverx.test.local Preferred domain controller FQDN
SearchBase DC=Demo,DC=domain,DC=local Default search base (can be overwritten in drop down.xml configuration files)
SharedFolderProperty info attribute used to store a shared folders path (\SRV01\Share\Folder)
SharedFolderReadGroup R- Prefix used for read groups
SharedFolderWriteGroup RW- Prefix used for read/write groups
SoftwareGroupAttribute ExtensionAttribute3 Active Directory attribute to use when identifying software groups
SoftwareGroupValue software Attribute value to use when identifying software groups
DirectoryContextName domain.local Specifies a specific directory context name. If left blank the default context name will be used.
Site Default-First-Site-Name Specifies a specific Site name. If left blank the default site will be used.
UICulture en-US language to display state messages in (en-US or sv-SE)

Update dropdown.xml

Most dropdown data sources in the Active Directory plugin contain a dropdown.xml file that is used to configure which Zervicepoint roles are allowed to search the dropdown and the search parameters.

When installing this plugin, you must update the dropdown.xml to reflect the roles you want to use in your environment and your delegation model.