Active Directory response rules
Active Directory response rules define the actions to be applied to an account if a rule is triggered.
When creating and editing response rules using Active Directory, specify the values for the following settings.
Response rule settings
Setting | Description |
---|---|
Name | Required setting. Unique name of the resource. Must contain 1 to 128 Unicode characters. |
Tenant | Required setting. The name of the tenant that owns the resource. |
Type | Required setting. Response rule type, Response via Active Directory. |
Source of the user account ID | Event field from which the Active Directory account ID value is taken. Possible values:
|
AD command | Command that is applied to the account when the response rule is triggered. Available values:
If your Active Directory domain allows selecting the User cannot change password check box, resetting the user account password as a response will result in a conflict of requirements for the user account: the user will not be able to authenticate. The domain administrator will need to clear one of the check boxes for the affected user account: User cannot change password or User must change password at next logon.
|
Group DN | The DistinguishedName of the domain group in fields for each role. The users of this domain group must be able to authenticate with their domain user accounts. Example of entering a group: OU=KUMA users,OU=users,DC=example,DC=domain |
Handlers | The number of handlers that the service can run simultaneously to process response rules in parallel. By default, the number of handlers is the same as the number of virtual processors on the server where the service is installed. |
Filter | Used to define the conditions for the events to be processed using the response rule. You can select an existing filter from the drop-down list or create a new filter. |