Active Directory Operations

The following operations can be performed for all Active Directory users on Orchestrator if the perform_ad_operation flag in orchestrator.yml is set to true. Special conditions are noted for each.

Create user
Performed only if the Active Directory server is SSL-enabled (port 636). It provides valid CN (CN= followed by a first name, OU (OU= followed OU value) and DN of the Active Directory)
Change password
Performed only if the Active Directory server is SSL-enabled (port 636). No action will be performed on the Orchestrator database, because Orchestrator does not store Active Directory passwords there.
Update user information
If the perform_ad_operation flag is false, no action will be performed on the Orchestrator database because updating user information on the Orchestrator database makes it inconsistent with the user information on the Active Directory.
Delete user

If the perform_ad_operation flag is false, the user will be deleted from the Orchestrator database. However, the user remains active on Active Directory so that the user can be created again on Orchestrator by logging in with valid credentials.