Active Directory Active Directory: Inputs & Outputs

Summary

Each plugin uses a set of dictionaries to store data.

These are used by plugin actions as both inputs and outputs.

This page will cover:

  • The dictionaries used in this plugin
  • The information each dictionary contains

Info

See Users, Groups, & Computers for each action's inputs & outputs.

Dictionary Types

Computer

  • Contains Active Directory Computer LDAP attributes

  • Expand below to see each key and a link to the relevant Microsoft article

All Computer Keys

accountExpires: Date string or null [Account-Expires].

carLicense: String or null [carLicense].

cn: String or null [Common-Name].

description: String or null [Description].

displayName: String or null [Display-Name].

distinguishedName: String [Obj-Dist-Name].

info: String or null [Comment].

lastLogoff: Date string or null [Last-Logoff].

lastLogon: Date string or null [Last-Logon].

lastLogonTimestamp: Date string or null [Last-Logon-Timestamp].

lockoutTime: Date string or null [Lockout-Time].

logonCount: Integer [Logon-Count].

mail: String or null [E-mail-Addresses].

mail: String or null [Managed-By].

memberOf: List of Group Dictionaries [Is-Member-Of-DL].

name: String or null [RDN].

objectGUID: String [Object-Guid].

objectSid: String [Object-Sid].

operatingSystem: String or null [Operating-System].

operatingSystemHotfix: String or null [Operating-System-Hotfix].

operatingSystemServicePack: String or null [Operating-System-Service-Pack].

operatingSystemVersion: String or null [Operating-System-Version].

pwdLastSet: Date string or null [Pwd-Last-Set].

sAMAccountName: String [Sam-Account-Name].

sAMAccountType: Integer [Sam-Account-Type].

userAccountControl: Integer [User-Account-Control].

userPrincipalName: String or null [User-Principal-Name].

See more about Computers here

DomainController

  • Contains Domain Controller connection details

  • It is used as an input to many of the actions in this plugin

  • The example below shows the dictionary structure in YAML

  • See the required and optional keys underneath the example

Supplying Credentials

You should always use a PPA Vault integration to provide credentials to a plugin action.

Example

1
2
3
4
5
6
domain_controller:
  address: 1.2.3.4
  domain: example.domain.net
  port: 636
  username: [username]
  password: [password]

Required Keys

address: Domain Controller IP or DNS address.

domain: FQDN of the Active Directory domain.

username: Username for authentication.

password: Password for authentication.

Optional Keys

port: The LDAPS port on the Domain Controller (defaults to 636).

Group

  • Contains Active Directory Group LDAP attributes

  • Expand below to see each key and a link to the relevant Microsoft article

All Group Keys

cn: String or null [Common-Name].

description: String or null [Description].

distinguishedName: String [Obj-Dist-Name].

gidNumber: Integer or null [gidNumber].

groupType: String [Group-Type].

info: String or null [Comment].

managedBy: String or null [ManagedBy].

member: List of User, Group, or Computer dictionaries [Member].

name: String or null [RDN].

objectGUID: String [Object-Guid].

objectSid: String [Object-Sid].

sAMAccountName: String [Sam-Account-Name].

sAMAccountType: Integer [Sam-Account-Type].

See more about Groups here

User

  • Contains Active Directory User LDAP attributes

  • Expand below to see each key and a link to the relevant Microsoft article

All User Keys

accountExpires: Date string or null [Account-Expires].

badPasswordTime: Date string or null [Bad-Password-Time].

badPwdCount: Integer [Bad-Pwd-Count].

carLicense: String or null [carLicense].

cn: String or null [Common-Name].

countryCode: String or null [Country-Code].

displayName: String or null [Display-Name].

distinguishedName: String [Obj-Dist-Name].

gidNumber: Integer or null [gidNumber].

givenName: String or null [Given-Name].

info: String or null [Comment].

lastLogoff: Date string or null [Last-Logoff].

lastLogon: Date string or null [Last-Logon].

lastLogonTimestamp: Date string or null [Last-Logon-Timestamp].

lockoutTime: Date string or null [Lockout-Time].

loginShell: String or null [loginShell].

logonCount: Integer [Logon-Count].

mail: String or null [E-mail-Addresses].

manager: String or null [Manager].

memberOf: List of Group Dictionaries [Is-Member-Of-DL].

name: String or null [RDN].

objectGUID: String [Object-Guid].

objectSid: String [Object-Sid].

pwdLastSet: Date string or null [Pwd-Last-Set].

sAMAccountName: String [Sam-Account-Name].

sAMAccountType: Integer [Sam-Account-Type].

sn: String or null [Surname].

telephoneNumber: String or null [Telephone-Number].

thumbnailPhoto: String or null [Picture].

uid: String or null [uid].

uidNumber: String or null [uidNumber].

unixHomeDirectory: String or null [unixHomeDirectory].

userAccountControl: Integer [User-Account-Control].

userPrincipalName: String or null [User-Principal-Name].

See more about Users here