Active Directory response rules

Active Directory response rules define the actions to be applied to an account if a rule is triggered.

When creating and editing response rules using Active Directory, specify the values for the following settings.

Response rule settings

Setting

Description

Name

Required setting.

Unique name of the resource. Must contain 1 to 128 Unicode characters.

Tenant

Required setting.

The name of the tenant that owns the resource.

Type

Required setting.

Response rule type, Response via Active Directory.

Source of the user account ID

Event field from which the Active Directory account ID value is taken. Possible values:

  • SourceAccountID
  • DestinationAccountID

AD command

Command that is applied to the account when the response rule is triggered.

Available values:

  • Add account to group
  • Remove account from group
  • Reset account password

If your Active Directory domain allows selecting the User cannot change password check box, resetting the user account password as a response will result in a conflict of requirements for the user account: the user will not be able to authenticate. The domain administrator will need to clear one of the check boxes for the affected user account: User cannot change password or User must change password at next logon.

  • Block account

Group DN

The DistinguishedName of the domain group in fields for each role. The users of this domain group must be able to authenticate with their domain user accounts. Example of entering a group: OU=KUMA users,OU=users,DC=example,DC=domain

Handlers

The number of handlers that the service can run simultaneously to process response rules in parallel. By default, the number of handlers is the same as the number of virtual processors on the server where the service is installed.

Filter

Used to define the conditions for the events to be processed using the response rule. You can select an existing filter from the drop-down list or create a new filter.

Creating a filter in resources

Page top