Active Directory is a directory service that Microsoft developed for Windows domain networks.
Connect Active Directory with Devo SOAR
Navigate to Automations > Integrations.
Search for Active Directory.
Click Details, then the + icon. Enter the required information in the following fields.
Label: Enter a connection name.
Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
Remote Agent: Run this integration using the Devo SOAR Remote Agent.
Host: The host of the Active Directory. Append port (example: x.x.x.x:636) for custom port configuration. By default, LDAP uses port 389. LDAP SSL uses port 636.
Base DN: Base DN (for example 'dc=logichub,dc=com').
NTLM (Optional): Authenticate using NTLM (New Technology LAN Manager).
Allow Unsecure Connection (Optional): Allow unsecure connection to AD host over SSL.
Username: The username used to connect to the host.
Password: The password used to connect to the host.'
CA Certificate: Upload a .crt CA Certificate file.
After you've entered all the details, click Connect.
Actions for Active Directory
Find Organizational Unit
Find the Organizational Unit of a user.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
---|---|---|
Email of the user whose organizational unit is to be found. | Required |
Output
A JSON object containing details of the organizational unit of the user with the specified email.
``` {json}{ "has_error": true, "error": "User with email not found" }
## List Members of an Organizational Unit List all the members of an organizational unit. ### Input Field Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection. | Input Name | Description | Required | | :--------- | :---------------------------------------------- | :------- | | OU String | Organizational Unit string to list its members. | Required | ### Output A JSON object containing all members of this OU. ![](https://files.readme.io/494779d-screenshot-1_1 "screenshot-1 (1)") ``` {json}{ "reason": { "dn": "", "referrals": null, "description": "noSuchObject", "result": 32, "message": "0000208D: NameErr: DSID-03100213, problem 2001 (NO_OBJECT), data 0, best match of:\n\t''\n\u0000", "type": "searchResDone" }, "has_error": true, "error": "Some error occurred. Exception(\"Query '(&(objectClass=User)(objectCategory=person))' for '' base_dn failed!\",)" }
LDAP Search
Searches members in Active Directory of an organization.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
---|---|---|
Search Filter | Enter jinja-templated RFC 2254-compliant search string. | Required |
Search Base | Enter jinja-templated Base DN as the starting point instead of the default one provided in Connection. | Optional |
Search Scope | Select BASE / LEVEL / SUBTREE option to specify how broad the search context is (default is SUBTREE). | Optional |
Dereference Aliases | Select option DEREF_NEVER / DEREF_SEARCH / DEREF_BASE / DEREF_ALWAYS to specify how the server must treat references to other entries (default is DEREF_ALWAYS). | Optional |
Attributes | Enter comma-separated attributes to be returned by the search. Enter | Optional |
Size Limit | Enter a maximum number of entries returned by the search (default is 0 that is, the whole set of found entries is returned). | Optional |
Time Limit | Enter the number of seconds allowed for the search (default is 0 that is, the search can take an unlimited amount of time unless the server has a more restrictive rule.) | Optional |
Types Only | Select option True/False to return only attribute names and not return attribute values (default is False). | Optional |
Microsoft Active Directory set a hard limit of 1000 entries returned by any search. Therefore, a paginated search is performed by the integration automatically to return Size Limit
results (all results if specified 0
or unspecified).
The Time Limit
is respected per search of this paginated search.
Output
A JSON object containing multiple rows of results:
has_error: true/false
error: msg/null
other fields of the queried response object
Disable User Account
Disables account of a user.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
---|---|---|
Identity Column | Identity of user. Supported identities (DistinguishedName, sAMAccountName). | Required |
Identity Type | Type of identity supplied above (DistinguishedName, sAMAccountName). | Required |
Output
A JSON object containing multiple rows of result:
Enable User Account
Enables the account of a user.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
---|---|---|
Identity Column | Identity of user. Supported identities (DistinguishedName, sAMAccountName). | Required |
Identity Type | Type of identity supplied above (DistinguishedName, sAMAccountName). | Required |
Output
A JSON object containing multiple rows of result:
Reset Password
Reset the user's password.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
---|---|---|
Identity Column | Identity of the user. Supported identities (DistinguishedName, sAMAccountName). | Required |
Identity Type | Type of identity supplied above (DistinguishedName, sAMAccountName). | Required |
New Password | The new password to replace the old one. A random password will be used if this input-field is not filled. | Optional |
Output
A JSON object containing multiple rows of result:
Delete User Account
Delete the account of a user.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
---|---|---|
Identity Column | Identity of user. Supported identities (DistinguishedName, sAMAccountName). | Required |
Identity Type | Type of identity supplied above (DistinguishedName, sAMAccountName). | Required |
Output
A JSON object containing multiple rows of result:
Release Notes
v2.0.0
- Updated architecture to support IO via filesystemv1.1.0
- Added optional field to upload CA Certificate at connection level.