All day this past Friday I was trying to get either the Active Directory components or the LDAP generated components to return some usable information on whether an account was locked out. The only results I was able to get back was what I can only guess is some sort of riddle.
So, turns out that the solution for converting that into usable data was going to require way more effort than I was willing to give it, so I figured I may as well use my time for something more useful, like starting to learn C#.
The result of 2 days’ worth of effort finally paid off, and I’m able to pull a readable, usable value for an account’s lockout status. I’m also able to set a password and unlock that account pretty easily. Here’s some info on how to do it.
The Code (Script) Component
I’ve always shied away from this component, as I’m not and have never been a coder. By the end of the day on Friday, however, it was starting to feel like I may not be able to find another way to accomplish the directive “find out if an account is locked in AD”. So here we go!
Search the toolbox for “code” and you’ll see some results in the “Unloaded Libraries” section. Expand that folder, then expand the Scripting directory, and simply click on one of the Code components there to load in the library.
Pull the “Code (Script) Component” out onto the Workflow canvas.
For my test, I gave the component a simple Text input and a Text output.
Then, on the third page of the script wizard, select C# from the dropdown at the top, and punch in some code. Note also that I’ve added the System.DirectorySevices.AccountManagement namespace to the top list. Edit out whatever actions you don’t intend to apply to the account, and leave in the ones you do. If you intend to perform an action against an account and you remove the “return” line, go back to page 2 and remove the output variable as well.
Code for copy/paste:
PrincipalContext ctx = new PrincipalContext(ContextType.Domain, "intuitive.cb", "CN=Users,DC=intuitive,DC=cb", "andrewtest", "Password1234$"); UserPrincipal user = UserPrincipal.FindByIdentity(ctx, UnlockUser); user.SetPassword("Password1234$!@"); //this'll set a password user.UnlockAccount(); //this will unlock a user account bool isLockedOut = user.IsAccountLockedOut(); //account lock status return isLockedOut.ToString(); //write the status to the result as a string
Finally, on step 4, we can test the code with an input value.
Downstream from this component, we can see any output values that were configured in the code component.
It should be noted that I just started trying to figure out C# last Friday, so there’s no error handling going on in the code I’m using. I imagine that as my knowledge of the language improves, I’ll return to this post to update the scripts. As such, however, the code does seem to work.