User account operations

The Active Directory package contains various actions to automate tasks related to user account management, including create, delete, get property, remove, rename, and set property.

Actions in the Active Directory package

The Active Directory package includes the following actions for user account operations:
Note: We now support Active Directory user operations by logon name with domain and can provide the domain name to extract the user details. When you retrieve user property or perform any user operation based on the logon name (userPrincipalName), and if the user domain name differs from the domain specified in the LDAP path, the user properties are now successfully retrieved regardless of whether it contains a domain name or not.
For example, LDAP Path: LDAP://ADServer/DC=automation, DC=net
User Logon name
userPrincipalName: kim@aaengg.net User can provide logon name as kim@aaengg.net.
userPrincipalName: shaun@aasales.net User can provide logon name as shaun@aasales.net.
userPrincipalName:sarah@automation.net user can provide a logon name as either sarah or sarah@automation.net.

When you perform any user action on the logon name, and if the logon name has a duplicate user under subDomain and subDomain@rootDomain, the user property is retrieved for the user with the root domain.

For example, LDAP Path: LDAP://ADServer/DC=automation, DC=net
  • User 1: userPrincipalName (logon name) is kim@aaengg.net.
  • User 2: userPrincipalName (logon name) is kim@aaengg.net@automation.net.

If you enter the logon name as kim@aaengg.net or kim@aaengg.net@automation.net, the operations will be performed on the second user that is kim@aaengg.net@automation.net.

To understand the most commonly used Active Directory attributes list, see Active Directory attributes list

Note: If the number of users in the group exceeds the 1500 limit, the bot fails with an error when you use Remove users from group action. Perform the following steps to increase the user limit .
  1. Log in to the Windows Server as an Administrator, start a command prompt, and type the following:
    C:\> ntdsutil
    ntdsutil: ldap policies
    ldap policy: connections
    server connections: connect to server <WINDOWS_SERVERNAME>
    Connected to <WINDOWS_SERVERNAME> using credentials of locally logged on user
    server connections: q
    ldap policy will display the following values:
                             
    Policy                         Current(New)  
                                                     
    MaxPoolThreads                  4
    MaxDatagramRecv                 4096
    MaxReceiveBuffer                10485760
    InitRecvTimeout                 120
    MaxConnections                  5000
    MaxConnIdleTime                 900
    MaxActiveQueries                20
    MaxPageSize                     1000
    MaxQueryDuration                120
    MaxTempTableSize                10000
    MaxResultSetSize                262144
    MaxNotificationPerConn          5
    MaxValRange                     1500
    ThreadMemoryLimit                0
     
  2. Set the maxpagesize value, for example 50000.
    ldap policy: set maxpagesize to 50000
    ldap policy: commit changes
    ldap policy: q
    ntdsutil: q
    Disconnecting from <WINDOWS_SERVERNAME> ...