Direct Inward Dialing: +1 408 916 9393
Free EditionThis API helps in removing user accounts from Active Directory groups from your application.
Request URL (JSON) Format: http://<hostname>:<port>/RestAPI/RemoveUsersFromGroup
Request Parameters:
| Parameters | Mandatory | Description |
| AuthToken | Yes | Authentication token that is generated either from the Delegation tab (Delegation > Configuration > Technician Authtokens) or from the My account tab (My Account > Active Authtokens) in the top right corner of the product. |
| domainName | Yes | Domain in which the user object's group membership has to be modified |
| inputFormat | Yes | Details of the attributes of user accounts to be modified. This attribute should be a JSONArray string and should be in the format mentioned below. [<JSONObject>, <JSONObject>, <JSONObject>]; JSONObject: The key/value pair of LDAP attributes and their corresponding values. Sample code in java: JSONArray userDetails = new JSONArray(); JSONObject json = new JSONObject(); json.put("sAMAccountName", "John"); userDetails.put(json); json = new JSONObject(); json.put("sAMAccountName", "Damien");userDetails.put(json); Note: If the "templateName" attribute is not included in the key/value pair, the default user modification template assigned for the technician will be used. |
| PRODUCT_NAME | Yes | Product name/module name from which the request is being sent; will be needed for auditing. |
| isRemoveFromAllGroup | Yes | Remove all the existing memberships of the specific user. The value of this parameter can be set to True or False based on the requirements. |
| removeGroup | No | List of all groups to be removed (sAMAccountName value) |
Response:
The response will be a JSON array string which contains the list of JSONObjects. Each JSONObject in the list represents a user sent in the inputFormat attribute in the request. Each object will contain the following properties about the status.
| Parameters | Description |
| status | Status of the user modification operation: '1' on successful modification. '0' if there is an error. |
| statusMessage | Contains the message about the issues or errors that occur while performing the specified action. |
| sAMAccountName | sAMAccountName of the user account removed. |
| userPrincipalName | userPrincipalName of the user account removed. |
Sample Input / Output
Request 1:
http://admanager:8080/RestAPI/RemoveUsersFromGroup?PRODUCT_NAME=MODULE&AuthToken=75adb327-91a0-4384-98b6-6c42332f8263&domainName=admp.local&inputFormat=[{"sAMAccountName":"john"}]&isRemoveFromAllGroup=false&removeGroup=[Account Operators, Administrators]
Request 2:
http://admanager:8080/RestAPI/RemoveUsersFromGroup?PRODUCT_NAME=MODULE&AuthToken=75adb327-91a0-4384-98b6-6c42332f8263&domainName=admp.local&inputFormat=[{"sAMAccountName":"john"}]&isRemoveFromAllGroup=true
Response:
[{"sAMAccountName":"john","objectSID":"S-1-5-21-2664452653-2810534411-3271467435-4097","userPrincipalName":"john@admp.local","statusMessage":"Successfully modified.","status":"1"}]
Technician-based remove users from group limit
The total number of times that technicians can remove users from a group, in a day using the remove users from group API depends on the total number of licensed help desk technicians (HDTs).
If an API is used to create five AD users, and three of them are successfully created while two fail, it will be considered as three API calls. The maximum number of API calls that an HDT can make is 50/day, irrespective of the tasks that the HDT performs. If you have two HDT licenses, the total number of API calls that you can make is 100/day.
As the per day API call limit is not task-specific, you can perform any operation but the total number of API calls should not exceed 100. That is, an HDTcan perform a variety of operations like user creation, OU creation, password reset, etc., but the number of API calls for all the tasks put together should not exceed 100.
Note:
Reserved characters include ; /? : @ = &
Unsafe characters include < > # % { } | \ ^ ~ [ ] ` "'
