Active Directory(AD)
Active Directory(AD) is a service developed by Microsoft that provides a centralized way to manage all your network machines, users, and resources in one place.
Active Directory stores data as Objects, which include users, groups, applications, and devices. These objects are categorized based on their names and other attributes and they can be accessed by administrators in an organization. The objects can be organized as an independent group under an Organization Unit(OU). If your organization contains several domains, you can create Organizational Unit structures in each domain that are independent of the structures in other domains.
Qntrl can synchronize with Active Directory services through bridge and can perform operations securely.
Use Case
If you want to add a user to the AD, you can create a job request in Qntrl and execute the job. Through Bridge, Qntrl connects to AD, adds the user, and returns a success response.
Prerequisite
- Organization Unit should be created in the AD server.
- While creating Credentials, select Type as Active Directory and provide the User DN and Password of the AD. Click here to learn how to create a credential.
- If you are unable to connect with the Bridge AD server, check your hostname and network.
- By default, LDAP requests are made only through LDAP(non SSL). If you prefer to use LDAPS(SSL), enable LDAPS port on the AD server.
How to Enable LDAP over SSL
- To facilitate SSL requests, it's essential to enable LDAP over SSL (LDAPS). Refer here to set up LDAPS on Windows Server.
- Once LDAPS is activated, you'll receive an LDAPS certificate, preferably in .pfx format (a password-protected certificate file). Copy this certificate to the machine where the Bridge is installed.
- Open the Bridge/conf/ldap-config.properties file and locate the bridge.ldap.use.ssl=false property. Change the value from 'false' to 'true' (i.e., bridge.ldap.use.ssl=true).
- Specify the file path of the certificate in the property bridge.ldap.ssl.certificate.path=<PATH_WHERE_CERTIFICATE_IS_PLACED>.
- Encrypt the certificate password before adding it to the configuration. To encrypt the password, navigate to the Bridge/bin directory and encrypt.bat <PASSWORD>.
- Add the encrypted password of the certificate to the property bridge.ldap.ssl.certificate.password=<ENCRYPTED_PASSWORD_OF_THE_CERTIFICATE>.
- By default, port 389 is used for non-SSL requests, and port 636 is used for SSL requests. If you need to use a custom port, specify it in the property bridge.ldap.use.custom.port=<CUSTOM_PORT>
- Once all configurations are completed, restart the bridge to apply the changes.
AD Tasks
The tasks linked with the AD Engine module and the request data for diverse operations executed in Active Directory via Bridge, outlined in the following section.
Common keys in Request data,
Keys | Description |
task_details | A JSON object that contains details of the task. |
ad_host | Location of the AD. |
ad_dn | Distinguished Name of AD. |
activity_name | Name of the activity performed in AD. |
task_name | A system-defined name for the respective modules. 'ad_task' is the task name for Active n Directory. |
credential | A JSON object that contains the name of the AD server credential. |
name | Name of the AD server credential. |
object_name | Name of the object. |
object_type | Type of the object. |
organization_unit | Name of the OU. |
properties | A JSON object that contains additional information related to the user. |
objectClass | Category/type of the object. |
givenName | Display name of the user. |
user_name | Login name of the user in AD. |
password | Password of the user. |
Add AD User
To add a new user to the Active Directory in a private network.
Request data
{"task_details": {"ad_host": "<HOST_NAME>","ad_dn": "<DN OF THE AD MACHINE>","activity_name": "create_object","object_name": "<OBJECT_NAME>","organization_unit": "<ORGANIZATION_UNIT_NAME>","object_type": "user","properties": {"ObjectClass": "user","givenName": "<DISPLAY NAME OF THE USER>"}},"task_name": "ad_task","credential": {"name": "<CREDENTIAL_NAME>"}}
Add AD Computer
To add a new computer to the Active Directory of the client's network.
Request data
{"task_details": {"ad_host": "<HOST_NAME>","ad_dn": "<DN OF THE AD MACHINE>","activity_name": "create_object","object_name": "<OBJECT_NAME>","organization_unit": "<ORGANIZATION_UNIT_NAME>","object_type": "computer","properties": {"ObjectClass": "computer","givenName": "<DISPLAY NAME OF THE OBJECT>"}},"task_name": "ad_task","credential": {"name": "<CREDENTIAL_NAME>"}}
Add AD Group
To add a new group to the Active Directory of the client's network.
Request data
{"task_details": {"ad_host": "<HOST_NAME>","ad_dn": "<DN OF THE AD MACHINE>","activity_name": "create_object","object_name": "<OBJECT_NAME>","organization_unit": "<ORGANIZATION_UNIT_NAME>","object_type": "group","properties": {"ObjectClass": "group","givenName": "<DISPLAY NAME OF THE GROUP>"}},"task_name": "ad_task","credential": {"name": "<CREDENTIAL_NAME>"}}
Add User To Group
To add a user under a group in the Active Directory of the client's network.
Request data
{"task_details": {"ad_host": "<HOST_NAME>","ad_dn": "<DN OF THE AD MACHINE>","activity_name": "add_user_in_group","user_name": "<USER_NAME>","group_name": "<NAME OF THE GROUP>"},"task_name": "ad_task","credential": {"name": "<CREDENTIAL_NAME>"}}
where,
group_name - name of the group in AD.
Disable AD User
To disable an existing user in the Active Directory.
Request data
{"task_details": {"ad_host": "<HOST_NAME>","ad_dn": "<DN OF THE AD MACHINE>","activity_name": "disable_user","user_name": "<USER_NAME>"},"task_name": "ad_task","credential": {"name": "<CREDENTIAL_NAME>"}}
Enable AD User
To enable a disabled user in the Active Directory.
Request data
{"task_details": {"ad_host": "<HOST_NAME>","ad_dn": "<DN OF THE AD MACHINE>","activity_name": "enable_user","user_name": "<USER_NAME>"},"task_name": "ad_task","credential": {"name": "<CREDENTIAL_NAME>"}}
Unlock AD User
To unlock the user, who has been locked due to multiple incorrect password entries.
Request data
{"task_details": {"ad_host": "<HOST_NAME>","ad_dn": "<DN OF THE AD MACHINE>","activity_name": "unlock_account","user_name": "<USER_NAME>"},"task_name": "ad_task","credential": {"name": "<CREDENTIAL_NAME>"}}
Reset AD Password
If the password has been forgotten or if there is a need to reset the password.
This task is exclusively performed using LDAPS (LDAP over SSL). Please refer here for instructions on enabling LDAP over SSL.
Request data
{"task_details": {"ad_host": "<HOST_NAME>","ad_dn": "<DN OF THE AD MACHINE>","activity_name": "reset_password","user_name": "<USER_NAME>","password": "<PASSWORD>","is_unlock_account": true,"is_user_reset_password_next_logon": true},"task_name": "ad_task","credential": {"name": "<CREDENTIAL_NAME>"}}
where,
is_unlock_account - If the user account is locked, whether to unlock it while resetting the password.
true - to unlock the account
false - to not unlock the account
is_user_reset_password_next_logon - After resetting the password, whether to make it mandatory for the user to reset the password during his next login.
true - Password has to be reset during the next logon
false - not necessary to reset the password again during the next logon
Access your files securely from anywhere
Zoho CRM Training Programs
Learn how to use the best tools for sales force automation and better customer engagement from Zoho's implementation specialists.
Zoho DataPrep Personalized Demo
If you'd like a personalized walk-through of our data preparation tool, please request a demo and we'll be happy to show you how to get the best out of Zoho DataPrep.
- Zoho Workerly Home
- Forums
- Connect With Us:
- Zoho Recruit Home
- Forums
- Connect With Us:
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Zoho Marketing Plus?
Everything you need to run your marketing
You are currently viewing the help pages of Qntrl’s earlier version. Click here to view our latest version—Qntrl 3.0's help articles.
New to Zoho Survey?
Zoho Sheet Resources
Zoho Forms Resources
New to Zoho Sign?
Zoho Sign Resources
Sign, Paperless!
New to Zoho TeamInbox?
Zoho TeamInbox Resources
New to Zoho ZeptoMail?
Zoho DataPrep Resources
Design. Discuss. Deliver.
New to Zoho Workerly?
New to Zoho Recruit?
New to Zoho CRM?
New to Zoho Projects?
New to Zoho Sprints?
New to Zoho Assist?
New to Bigin?
Related Articles
Zoho Directory in Qntrl
What is Active Directory? Active Directory (AD) by Microsoft is a domain management system for centralized networks. Using AD, you can add users, define their privilege, store and manage information, and authorize and authenticate user accounts. ...AD task
The AD task is used to connect to the Active Directory of the client's network and perform AD operations securely there. There are eleven states in AD Task, Add AD User Add AD Group Add User to Group Add AD Computer Enable AD User Disable AD User ...Who are active users?
Every user who is added to the organization is an active user . Note that even if a user has not accepted your invitation, they are considered an active user.Overview of Bridge
What is a Bridge? Bridge is an installable, lightweight independent agent that can be deployed on the customer’s local network. It is compatible both on Windows and Linux machines with 32 and 64-bit OS. Its role is to facilitate communication between ...How do I manage the notifications I receive from Qntrl?
To manage notifications in Qntrl, c lick the bell icon in the top-right corner , then click to navigate to Notification Settings. You can then choose to receive email notifications, push notifications, or both.
New to Zoho LandingPage?
Zoho LandingPage Resources