How to get Active Directory User Attributes

Have you ever had the need to get some attributes of your Active Directory user account? Perhaps Manager for an approval, maybe direct reports, etc… but not sure how to work with the AD:User object in vCO… Well here’s a great little snippet that can help you quickly identify the available information attached to the AD:User account you specify.

Show AD User Info

  • Simply place the following script into a scriptable task in a new workflow.
  • Add an input called “adUser” of type “AD:User” and bind it to your scriptable task
  • Save, Close, and Run the workflow
1
2
3
4
5
System.log("========== All Attributes ===========");
var attribs = adUser.allAttributes;
for each (attrib in attribs){
  System.log("attribute: "+attrib.name+ "("+adUser.getAttribute(attrib.name)+")");
}

When you run the code, it will appear similar to the following output:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
[2014-01-15 12:47:19.756] [I] ========== All Attributes ===========
[2014-01-15 12:47:19.758] [I] attribute: whenCreated(20110717015439.0Z)
[2014-01-15 12:47:19.759] [I] attribute: objectCategory(CN=Person,CN=Schema,CN=Configuration,DC=corp,DC=local)
[2014-01-15 12:47:19.761] [I] attribute: badPwdCount(1)
[2014-01-15 12:47:19.761] [I] attribute: codePage(0)
[2014-01-15 12:47:19.762] [I] attribute: objectGUID(T�W��xH�Bս'��K)
[2014-01-15 12:47:19.762] [I] attribute: mail(itmgr@rainpole.com)
[2014-01-15 12:47:19.762] [I] attribute: memberOf(CN=Private Cloud Managers,CN=Users,DC=corp,DC=local)
[2014-01-15 12:47:19.763] [I] attribute: instanceType(4)
[2014-01-15 12:47:19.763] [I] attribute: objectSid()
[2014-01-15 12:47:19.764] [I] attribute: badPasswordTime(129567168821610422)
[2014-01-15 12:47:19.764] [I] attribute: dSCorePropagationData(16010101000000.0Z)
[2014-01-15 12:47:19.765] [I] attribute: objectClass(top)
[2014-01-15 12:47:19.765] [I] attribute: company(Rainpole)
[2014-01-15 12:47:19.765] [I] attribute: name(IT Manager)
[2014-01-15 12:47:19.766] [I] attribute: sn(Manager)
[2014-01-15 12:47:19.766] [I] attribute: userAccountControl(66048)
[2014-01-15 12:47:19.767] [I] attribute: primaryGroupID(513)
[2014-01-15 12:47:19.767] [I] attribute: lastLogon(0)
[2014-01-15 12:47:19.768] [I] attribute: accountExpires(9223372036854775807)
[2014-01-15 12:47:19.768] [I] attribute: lastLogoff(0)
[2014-01-15 12:47:19.768] [I] attribute: uSNChanged(332047)
[2014-01-15 12:47:19.769] [I] attribute: cn(IT Manager)
[2014-01-15 12:47:19.769] [I] attribute: logonCount(0)
[2014-01-15 12:47:19.769] [I] attribute: sAMAccountType(805306368)
[2014-01-15 12:47:19.770] [I] attribute: givenName(IT)
[2014-01-15 12:47:19.770] [I] attribute: uSNCreated(123009)
[2014-01-15 12:47:19.771] [I] attribute: displayName(IT Manager)
[2014-01-15 12:47:19.771] [I] attribute: directReports(CN=Information Security Officer,CN=Users,DC=corp,DC=local)
[2014-01-15 12:47:19.772] [I] attribute: pwdLastSet(129553412797477533)
[2014-01-15 12:47:19.772] [I] attribute: userPrincipalName(itmgr@corp.local)
[2014-01-15 12:47:19.772] [I] attribute: whenChanged(20120405193220.0Z)
[2014-01-15 12:47:19.773] [I] attribute: lastLogonTimestamp(129781279409263014)
[2014-01-15 12:47:19.773] [I] attribute: countryCode(0)
[2014-01-15 12:47:19.774] [I] attribute: distinguishedName(CN=IT Manager,CN=Users,DC=corp,DC=local)
[2014-01-15 12:47:19.774] [I] attribute: manager(CN=Chief I. Officer,CN=Users,DC=corp,DC=local)
[2014-01-15 12:47:19.774] [I] attribute: sAMAccountName(itmgr)

Now, based on that you should be able to determine the appropriate attribute name to pass into adUser.getAttribute();