Specifying Active Directory LDAP attributes
In the next script action, the LDAP modification data structure is initialized. The structure must contain all the attributes and values of the new directory service item.
Figure 57: Script action to initialize the LDAP modification data used to create an user account in Active Directory.
To create an user account in Active Directory, the following attributes are used:
Attribute
|
Description
|
objectClass
|
Defines the type of the directory service item that must be created. Contains multiple values: top, organizationalPerson, person, user. The attribute values is the same for all user accounts.
|
sAMAccountName
|
The SAM account name of the new user account. The value is set equal to the variable %SurName% that is read from the input file, second column. The SAM account name must be unique in the domain.
|
userPrincipalName
|
The official user logon name, specified as %SurName%@tools4ever.local3.
|
userAccountControl
|
A number of flags indicating the type of the user account (see below).
|
unicodePwd
|
The user account password. This value can only be specified if the LDAP session is secure using SSL. (Note: Internally, this attribute is handled a bit different compared to the other attributes, see knowledge base article KB269190 to check the details)
|
Table 10: LDAP attributes to create an user account in Active Directory.
|
