I am attempting to use the AD_User.setAttribute method as part of a workflow to unlock a user account, I can read the attribute, but it does not seem to get successfully written.
My code is:
User.setAttribute("lockoutTime" , "0");
where User is of type AD:User
The workflow runs successfully, but I can read the attribute again and the lockoutTime value hasnt changed.
Am I calling this correctly, or is this a bug?
So, as it turns out SSL is NOT required for this to work. After a bit of back & forth with some internal contacts, I went ahead and tried this again in my dev environment...
Windows 2003 Domain Controller...
Set group policy to lockout accounts for 120 minutes after 3 bad password attempts
Attempted to login 4 times with invalid password
confirmed account was locked out
Confirmed my AD plug-in was configured with and ADMINISTRATIVE account
Used the following code to unlock the locked account:
user.setAttribute('lockoutTime','0');
In the above line, "user" is my AD:User account that was locked out. After executing the workflow containing that code, I confirmed that the user was no longer llocked out and could log in to my Windows 2003 domain.
UPDATE: Also just tested in another test environment, this one using a Windows 2008 R2 domain - same results as above. Successfully unlocked account using user.setAttribute('lockoutTime','0');
Message was edited by: Burke-
I'm pretty sure you need to have the AD Plugin configured to use SSL if you wish to make this particular change.
The plugin is configured for SSL. I CAN successfully set passwords, so that is verified.
I don't have SSL available in my test environments to test this.. could you please try using the workflow "Enable a User". When I had asked about this particular use-ase, I was told to try that workflow...
the workflow "Enable a User" successfully runs, and enables a disabled user.
But, does it also "Unlock" a locked out user??
no, it does not.
OK, thanks for letting me know.. I have forwarded this thread information on to the person I had worked with here inside VMware to see if they can follow up on the issue.
Hi folk!
That is an interesting thread!
@burke: Can you please also forward this to the Techdoc-Team? Would be helpful if you it is in the docs....
Cheers,
Joerg
So, as it turns out SSL is NOT required for this to work. After a bit of back & forth with some internal contacts, I went ahead and tried this again in my dev environment...
Windows 2003 Domain Controller...
Set group policy to lockout accounts for 120 minutes after 3 bad password attempts
Attempted to login 4 times with invalid password
confirmed account was locked out
Confirmed my AD plug-in was configured with and ADMINISTRATIVE account
Used the following code to unlock the locked account:
user.setAttribute('lockoutTime','0');
In the above line, "user" is my AD:User account that was locked out. After executing the workflow containing that code, I confirmed that the user was no longer llocked out and could log in to my Windows 2003 domain.
UPDATE: Also just tested in another test environment, this one using a Windows 2008 R2 domain - same results as above. Successfully unlocked account using user.setAttribute('lockoutTime','0');
Message was edited by: Burke-
Thanks for the assist. I changed my JS to match yours and my account unlocks successfully. Could it be the double quotes vs single?
That may have something to do with it... perhaps a combination of the type of quotes and other system settings that I'm unaware of... But, out of curiosity, I just went back to my test system with the 2008 domain and tried with double quotes - it worked... So, not sure what exactly is causing your issue, but if the single quotes are working, keep them