[ActiveDirectory] Find Users
Q100061: [ActiveDirectory] Find Users
Returns a list of Active Directory user accounts that match search criteria. Results are returned as a JSON string.
| Parameter | In/Out | Description | Other Info |
|---|---|---|---|
| Active Directory Connection | In | Active Directory name and login credentials for account with permissions to perform the requested search. | Connection type: sysAD |
| AccountName | InOut | Active Directory user account name to search for. | |
| DisplayName | InOut | Active Directory display name on account(s) to search for. | |
| GroupName | InOut | Finds user accounts that are members in the specified Active Directory group. | |
| Password Expires After | In | Date password expires after on Active Directory user account(s). | |
| SearchResults | Out | Search results returned as a JSON string. |
(Italics = required parameter)
Notes
The [ActiveDirectory] Find Users module provides a way for a job to get a list of user account information in Active Directory, or from a local machine. When you want to use the module to query your Active Directory for a list of users, then the Active Directory Connection should be set to a defined name in your list of connections. Or you can manually enter all of the Active Directory Connection values into the field. We always recommend using the list of connections, as the management tool provides an easy to use template for supplying the needed connection values for each type of connection. If you just want to query the local accounts on the server, then you can setup an Active Directory Connection named Local Server with the following values, or enter the following values directly into the Active Directory Connection parameter.
Domain=localhost
If you want to query a specific Active Directory, then the values for that would look like the following example. The account specified should be a valid account in the domain that has full access permissions to the Active Directory.
Domain={Servername or IP Address};Username={domain account};Password={account password}
Once you have provided a valid connection, then the other fields allow you to specify a value for AccountName, DisplayName, or GroupName and the search will use the value(s) to do a full or partial match and return a list of matching accounts. The results are provided as a block of JSON data, which is able to be consumed by other modules or many other external applications. On an example machine, we did a search for the text "test" for the DisplayName field and was provided the results in the sample output in the SearchResults output parameter.
[{
"UserName": "FBTest2",
"EmailPrimary": null,
"EmailAliases": "",
"DisplayName": "FBTest2",
"DistinguishedName": "CN=FBTest2,OU=FiveBelow,DC=home,DC=xcent,DC=com",
"PasswordExpires": null,
"AccountIsDisabled": false,
"AccountIsLockedOut": false,
"PasswordNeverExpires": true
}, {
"UserName": "jsntest",
"EmailPrimary": null,
"EmailAliases": "",
"DisplayName": "JSN Test",
"DistinguishedName": "CN=JSN Test,CN=Users,DC=home,DC=xcent,DC=com",
"PasswordExpires": null,
"AccountIsDisabled": false,
"AccountIsLockedOut": false,
"PasswordNeverExpires": true
}, {
"UserName": "mm",
"EmailPrimary": null,
"EmailAliases": "",
"DisplayName": "Mobile Markdown Test Login",
"DistinguishedName": "CN=Mobile Markdown Test Login,CN=Users,DC=home,DC=xcent,DC=com",
"PasswordExpires": null,
"AccountIsDisabled": true,
"AccountIsLockedOut": false,
"PasswordNeverExpires": true
}]