Support
 
Phone Live Chat
 
Support
 
US: +1 888 720 9500
US: +1 800 443 6694
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9393

 
 
 
 
 
Add users
 

Add users to group API

This API helps in adding user accounts to an Active Directory group from your application.

Request URL (JSON) Format: http://<hostname>:<port>/RestAPI/AddUsersToGroup

Request Parameters:

Parameters Mandatory Description
AuthToken Yes Authentication token that is generated either from the Delegation tab (Delegation > Configuration > Technician Authtokens) or from the My account tab (My Account > Active Authtokens) in the top right corner of the product.
domainName Yes Domain in which the user object has to be modified
inputFormat Yes Details of the attributes of user accounts to be modified. This attribute should be a JSONArray string and should be in the format mentioned below.
[<JSONObject>, <JSONObject>, <JSONObject>];
JSONObject: The key/value pair of LDAP attributes and the values.
Sample code in java:
JSONArray userDetails = new JSONArray(); JSONObject json = new JSONObject(); json.put("sAMAccountName", "John"); userDetails.put(json);
json = new JSONObject(); json.put("sAMAccountName", "Damien");userDetails.put(json);
PRODUCT_NAME Yes Product name/module name from which the request is being sent; will be needed for auditing.
addGroup No To add users to groups in intra domain, provide a list of all sAMAccountName of the groups.

To add users to groups in cross domain, provide a list of all groups either in distinguishedName format or in sAMAccountName(group)\\domainName (FQDN) format.
primaryGroup No sAMAccountName of the primary group.
duration*

Build 7180 and above*

No The time period after which users must be removed from groups.
durationType*

Build 7180 and above*

No Specify a custom date or specify the duration in terms of minutes, hours, or, 'n' number of days.

*The parameter is supported only for the specified build numbers

*When the duration and durationType parameters are specified in an API call, a workflow request is automatically created to add user accounts to groups. However, only the help desk technicians configured as requesters can raise a workflow request in ADManager Plus. Thus, ensure that you have the appropriate permissions before using these parameters, or simply send an API call without specifying these parameters to perform this action.

Response:

The response will be a JSON array string which contains the list of JSONObjects. Each JSONObject in the list represents a user sent in the inputFormat attribute in the request. Each object will contain the following properties about the status.

Parameters Description
status Status of the user modification operation: '1' on successful modification. '0' if there is an error.
statusMessage Contains the message about the issues or errors that occur while performing the specified action.
SAM ACCOUNT NAME sAMAccountName of the user added to the group.
userPrincipalName userPrincipalName of the user account added to the group.

Sample requests & responses:

Request 1:

http://admanager:8080/RestAPI/AddUsersToGroup?PRODUCT_NAME=MODULE&AuthToken=75adb327-91a0-4384-98b6-6c42332f8263&domainName=admp.local&inputFormat=[{"sAMAccountName":"John"}, {"sAMAccountName":"Damien"}]&addGroup=[Account Operators, Administrators]&primaryGroup=Domain Users

Response:

[{"sAMAccountName":"John","objectSID":"S-1-5-21-2664452653-2810534411-3271467435-4097","userPrincipalName":"John@admp.local","statusMessage":"Successfully modified.","status":"1"}, {"statusMessage":"sAMAccountName: Damien - No such user matched. Verify the LDAP attribute in search query or could be a privilege issue.","status":"0"}]

Request 2:

http://admanager:8080/RestAPI/AddUsersToGroup?duration=1&durationType=days&PRODUCT_NAME=SDP AddOn Check&domainName=ADMpdev.com&inputFormat=[{"sAMAccountName":"ByronTest"}]&addGroup=["Sales Department"]&AuthToken=31777bb0-d4ab-4a94-9a0e-e36783e25f38

Response:

[{"sAMAccountName":"ByronTest","statusMessage":"Add operation successful. ","status":"1"}]

Request 3 (addGroup parameter):

http://localhost:8080/RestAPI/AddUsersToGroup?domainName=test.com&PRODUCT_NAME=Rest API&inputFormat=[{"sAMAccountName":"test"}]&AuthToken=93gsl18d-ebb2-4c75-b1e1-91f236b57bc1&addGroup=["testGroup1\\child.test.com","CN=testgroup,CN=Users,DC=child,DC=test,DC=com"]

Response 3:

[ { "sAMAccountName": "Test", "objectGUID": "{2412B3D5-E352-44B5-8CCC-CA354A22D5A0}", "objectSID": "S-1-5-21-151774880-1558191534-1686170714-1769", "userPrincipalName": "test@test.com", "ouName": "OU=Test,DC=test,DC=com", "statusMessage": "Successfully modified.The memberOf attribute will be updated as a background task.", "status": "1" } ]

Technician-based add users to group limit

The total number of times that technicians can add users to a group, in a day using the add users to group API depends on the total number of licensed help desk technicians (HDTs).

If an API is used to create five AD users, and three of them are successfully created while two fail, it will be considered as three API calls. The maximum number of API calls that an HDT can make is 50/day, irrespective of the tasks that the HDT performs. If you have two HDT licenses, the total number of API calls that you can make is 100/day.

As the per day API call limit is not task-specific, you can perform any operation but the total number of API calls should not exceed 100. That is, an HDTcan perform a variety of operations like user creation, OU creation, password reset, etc., but the number of API calls for all the tasks put together should not exceed 100.

Note:

  • The default admin account will not be considered a HDT.
  • Ensure that you URL encode all the special and reserved characters used in REST API requests. Since the client sending the request (browser, postman or TP tools) does not fall under the purview ADManager Plus, encoding the URL for special, reserved and unsafe characters is solely the users' responsibility.

Reserved characters include ; /? : @ = &
Unsafe characters include < > # % { } | \ ^ ~ [ ] ` "'

ADManager Plus Trusted By

The one-stop solution to Active Directory Management and Reporting
Email Download Link