ITSM Plugin - Active Directory Integration

This is a standard plugin offered by Motadata to all our users.

Purpose: The plugin provides integration with an Active Directory. When the plugin is executed it can create new users, update existing user, reset user password and delete a user using the LDAP protocol.

Perquisite: Plugin server needs to be setup with the main server (Learn More).

Plugin Setup

  1. Download the plugin .fp file and transfer it to the plugin server (Learn More).
  2. Restart the plugin server.
  3. Register the plugin in the ITSM tool (Learn more).
figure 2
  1. Update the plugin with the following information:
    1. AD Server URL: Type in the AD server URL using the LDAP protocol.
    2. Domain Admin User: Active Directory username.
    3. Domain Admin Password: Active Directory password.
figure 3

  1. Admin can trigger the plugin as an action item to a workflow and Scenario. Following are some of the action items (as part of workflows):

    Before triggering any action, one has to understand the parameters that goes into making an input to the active directory.

    1. optype (operation type): Refers to the kind of operations an admin want with the plugin. Admin can select any one from the below types:
    1. create: Create a new user.
    2. delete: Delete a user only.
    3. update: Update object properties.
    4. addtogroup: Adds an existing user to a group.
    1. base-dn: A base dn is the point from where a server will search for users. It is the main directory. An example base-dn would be: cn=admin,dc=example,dc=com.
    2. CN (Common Name): Refers to the name of the object with attributes.

    Following are examples of the actions (operations) mentioned above.

    1. Create a new user with password: A workflow creates a new user using the AD plugin when a request with the category New Requester is created.

      A request can have custom fields to capture requester information. In the following example, a request with the catagory has the following custom field values:

      1. Name
      2. Email
      3. Password

      Learn how to create custom fields.

      1. optype: create (mandatory to create a new user).
      2. base-dn: CN=User,DC=flotomate,DC=com (refers to the top level directory called User)
      3. CN: Name of the user, here it is {#Name}. {#Name} is the placeholder to fetch the value of the field Name.
      4. password: Login password of the user. {#Password} fetches the password. Password must comply with the password rule of the AD.
      5. Properties of object {#Name}: {#Email} (AD properties).
      6. userPrincipalName: This attribute is the logon name for the user, here it is {#Email}.

      Note

      It order to set a password, admin has to first create a SSL certificate in the AD, and then transfer the same in the plugin server. Learn more.

      figure 4

    2. Add user to a group: A workflow adds a user to a group in the Active Directory using the plugin when a request is created.Here the following parameters have been set:

      1. optype: addtogroup (mandatory to add an existing user to a group).
      2. base-dn: CN=User,DC=flotomate,DC=com (refers to the top level directory called User)
      3. CN: Name of the object here it is Bhavin_test_User.
      4. group: It is the name of the group here it is DnsAdmins mentioned as CN-DnsAdmins, CN=Users, DC=flotomate, DC=com.
      figure 5

    3. Delete a user: A workflow that deletes a user in the Active Directory using the plugin when a request, with a specific tag, is created. Here the following parameters have been set:

      1. optype: delete (mandatory to delete a user).
      2. base-dn: CN=User,DC=flotomate,DC=com (refers to the top level directory called User)
      3. CN: Name of the object. Here a placeholder has been selected instead of the username.
      figure 6

    4. Update a user info: A workflow updates a user in the Active Directory using the plugin when a request, with a specific tag, is created. Here are the following parameters have been set:

      Note

      If given properties don’t exist then they will be created.

      1. optype: Update (mandatory to update an existing user).
      2. base-dn: CN=User,DC=flotomate,DC=com (refers to the top level directory called User)
      3. CN: Name of the object. Here a placeholder has been selected instead of the username.
      4. mail: Email of the user. Here a placeholder has been used.
      figure 7

    5. Reset User Password: A workflow updates a user’s password in the Active Directory using the plugin when a request, with the category Reset Password is created.

      Note

      Refer to the above method (Create a new user with password) to know about the input parameters.

      figure 8.