Update AD User

Enterprise Edition for Nintex Workflow 2016 is required for this feature.

Updates the properties of an Active Directory user account.

Options within this action

Where the account is located

LDAP Path

See Look up Active Directory information.

Account to update

sAMAccountName

The username (sAMAccountName) of the Active Directory entry.

AD Fields to update

Fields

Select fields from the drop down list. At least 1 field must be updated.

If a field to update is not available, select Other, and type the field name, then click the Add button.

Note: The Add button will appear when Other is selected.

The property name entered must be a valid Active Directory schema property. Some properties cannot be set within this workflow action. E.g. 'memberOf' must be updated via the 'Add User to AD Group' and 'Remove User from AD Group' workflow actions.

AD Fields to take note of:

  • Country: If selected, this option correctly sets the 3 Active Directory properties; c, co and countryCode.
  • Password: If selected, this option allows the resetting of a password. Use this drop down option to set password information correctly. The Password option provides the following additional settings:
    • Generate password: If checked, a random password will be automatically generated by the action. If unchecked, specify the password for the account in the New password textbox.
    • Store generated password: The automatically generated password can be stored in a text type workflow variable. This can then be used in other actions.
  • Manager: If selected, this value must be the sAMAccountName of an existing Active Directory account.
  • Directory Location: Use this property to move the AD object from one location to another. Use the LDAP Picker to select a valid location, or enter an LDAP path, in the format LDAP://OU=someOU,DC=company,DC=country. E.g. LDAP://OU=archived users,DC=nintex,DC=com

    Note: The credentials entered in the Username and Password fields at the top of the page will be used to connect to the new AD location.

  • Rename: Use this property to rename an AD object. Use the format CN=[new name] or [new name]. E.g. CN=John Smith, or John Smith.

    Note: Setting this property will only affect the cn, canonicalName, distinguishedName and name properties in AD. Setting the Display Name, Given Name and Last Name properties to complete a rename operation may also be required.

    OCS properties such as SIP Address and email will need to be set separately. The 'Rename' field is available from the 'Other fields' drop down menu.

  • Account Activation: Use this property for the following operations:
    • To unlock a locked-out account.
    • To re-enable a disabled account.
    • To disable an account.
    • Any combination of the above.

    Note: An account can't be locked out. By unchecking Enable, the account is disabled. Leaving it checked ensures it will be left in, or change to an enabled state. Checking Unlock will unlock the account.

  • Account Options: Use this property to set the following account options:
    • User must change password at next logon.
    • User cannot change password.
    • Password never expires.
    • User cannot change password AND Password never expires.

    Note: Leaving all 3 checkboxes unchecked will remove all options. The only valid multiple selection is User cannot change password AND Password never expires.

  • Other: Allows a property that is not available in the list to be specified.

Related information

Find, add, and configure actions