The following operations can be performed for all Active Directory users on Orchestrator if
the perform_ad_operation flag in orchestrator.yml is set to
true. Special conditions are noted for each.
- Create user
- Performed only if the Active Directory server is SSL-enabled (port 636). It provides
valid CN (CN= followed by a first name, OU (OU= followed OU
value) and DN of the Active Directory)
- Change password
- Performed only if the Active Directory server is SSL-enabled (port 636). No action
will be performed on the Orchestrator database, because Orchestrator does not store
Active Directory passwords there.
- Update user information
- If the perform_ad_operation flag is false, no action will be performed on the
Orchestrator database because updating user information on the Orchestrator database
makes it inconsistent with the user information on the Active Directory.
- Delete user
-
If the perform_ad_operation flag is false, the user will be deleted from the Orchestrator database. However, the user remains active on Active Directory so that the user can be created again on Orchestrator by logging in with valid credentials.