Function
Sets the primary group. Can be used both in Windows NT and in Active Directory.
Properties
Property name Description Typical setting Remarks
Domain controller The name of the domain controller that maintains the account. To determine the domain controller used to set the primary group, either this property or the property Domain must be specified.
Domain The name of the domain that maintains
the account. To determine the domain controller used to set the primary group, either this property or the property Domain controller must be specified.
Account name The SAM account name of the account for
which the primary group must be set. %UserName%
54
General user Actions
1.21.
Script Action: Edit user logon
Function
Edits the logon settings of an existing user account . The account is identified by a variable containing the User Object. Use the
Script Action: Get user (AD) on page 16 to find the user first. For the user account, all regular attributes can be changed and/or reset.
Deployment
This action is typically used as one of the main action to manage existing user accounts in Active Directory. You can use this action for a single change, for instance resetting the password of an account or multiple changes like home directory, profile directory and
Active Directory attributes. To change the common name (full name) of a user account, you cannot use this action. Use the Script
Action: Move - rename user (AD) on page Fout! Bladwijzer niet gedefinieerd. instead to do this.
For this action, the user account is identified by a variable (default: %UserObject%). To execute this action successfully, the
variable must have a valid value. The variable is an output variable of the action Script Action: Get user (AD) on page 16. The Get
User action supports several ways to find the user and fill the variable.
The Edit user logon action contains a large number of properties. As described above, the User Object property is used to identify the user account. Other properties are initially not specified. This means that the corresponding Active Directory attributes of the user account are not changed when the action is executed. Only when a property is specified, the attribute is updated in Active Directory.
Properties
Property Name Description Typical setting Remarks
User Object An data structure representing the user account. Use the action Get user (AD) on page 16 to find the user account in Active Directory and setup the variable that contains the 'User Object'.
%UserObject% See Deployment section.
Username The SAM account name of the user for which you want to edit the logon settings.
You should only use this option when you are not using the %UserObject% variable. Instead of the %userObject variable an user account can also be identified by the user name and the domain name or the domain controller.
Domain The domain in which the
user account, for which you want to edit the logon settings, is located.
You should only use this option when you want to identify the user account by username and domain name.
Domain controller The domain controller of the domain in which the user account, for which you want to edit the logon settings, is located.
You should only use this option when you want to identify the user account by username and domain controller.
55
Password
generator The specification how to generate passwords for the user account
Specifies the method used to generate a password for the user account. These methods vary from simple (easy to remember) passwords to strong passwords. There are several
predefined settings available.
The resulting password will be stored in a variable. By default it is stored in the variable %Password%. This variable must be specified as the value for the Password property.
Password The password of the user
account. Typically the name contained in the variable %Password% is generated by the Password generator. To create the same password for all users you can specify the password here directly. For example "test1234". You can also read the password from the input file.
User must change password at next logon
The password is expired. Use this property to force the user to change the password at the next logon. Note that the user can logon using the current password.
When set to Yes the User cannot change password property must by set to No.
User cannot
change password The user cannot change password. When the user cannot change the password, only the administrator can change the password.
Valid specifications are Yes and No. This setting has no effect on members of the administrators group. When set to Yes, the User must change password at next logon property must by set to No.
Password never expires
The password should never
expire on the account. Valid specifications are Yes and No. The default value is No. This setting overrides the Maximum Password Age setting in the password policy for the domain/computer.
Account disabled The user's account is disabled. If an user account is disabled, the account does exist but cannot be used to logon to the network.
Unlock the account Unlock an user account. When an account is locked it is temporarily impossible to log on to the network. An account gets locked when an incorrect password is specified.
Valid specifications are Yes and No. The default value is No. When set to Yes an locked account will be unlocked. This property can only be used when an account is locked.
56