Active Directory Target CLI Configuration

This topic includes CLI commands and parameters for adding Active Directory target applications and target accounts.
capam32
This topic includes CLI commands and parameters for adding Active Directory target applications and target accounts.
2
Active Directory Target Connector CLI Parameters
To add an Active Directory target application and connector using the CLI, use the addTargetApplication command and the following command parameters:
TargetApplication.type
The target application connector type.
Required
Default Value
Valid Values
yes
N/A
windowsDomainService
Attribute.disableAutoConnectTargetAccount
Disable automatic connections to the remote target server for all target accounts using this application type.
Required
Default Value
Valid Values
no
false
  • true - disables automatic connectivity. Automatic connections are not allowed.
  • false - enables automatic connectivity. Automatic connections are allowed.
Attribute.domainName
The Windows domain that is managed by the Active Directory Server.
Required
Default Value
Valid Values
yes
N/A
Domain name (text string)
Attribute.useDNS
Determines the level to which DNS is used.
Required
Default Value
Valid Values
yes
none
  • noDNS. DNS is not used
  • retrieveDNS. Retrieve the DNS server that is used by the Credential Manager server
  • specifiedDNS. Use the DNS server that is specified by the dnsServer attribute
Attribute.dnsServer
The host names of the DNS servers to use.
Required
Default Value
Valid Values
Required if
Attribute.useDNS
is set to
specifiedDNS
none
Comma separated list of DNS server host names.
Attribute.dcPort
The port that is used to connect to the Active Directory server.
Required
Default Value
Valid Values
no
636
Numeric
Attribute.adSite
The Active Directory site. This parameter is only used if 
Attribute.useDNS
 is set to 
retrieveDNS
 or
 specifiedDNS
. If a value is given, Credential Manager uses the value to narrow the search for domain controllers based on the specified name.
Required
Default Value
Valid Values
no
N/A
String
Active Directory Target Account CLI Parameters
To add an Active Directory target account that uses the target connector, use the addTargetAccount command and the following command parameters:
Attribute.extensionType
Specifies the type of account to be used.
Required
Default Value
Valid Values
yes
N/A
windowsDomainService
Attribute.userDN
The user s distinguished name on the Active Directory Server.
Required
Default Value
Valid Values
yes
N/A
String.
Attribute.useOtherAccountToChangePassword
Specifies whether to use the target account or a different account to perform password change requests.
Required
Default Value
Valid Values
yes
N/A
true, false
Attribute.otherAccount
Specifies which other account to use to perform password change requests.
Required
Default Value
Valid Values
Required if Attribute.useOtherAccountToChangePassword is true.
N/A
String.
A valid target account ID.
Attribute.serviceInfo
List of services.
Required
Default Value
Valid Values
No
N/A
<empty string>
no services
Add
one
of the following entries for each service:
  • <
    proxy_hostname
    >:<
    hostname
    >:<
    service_name
    >:restart
  • <
    proxy_hostname
    >:<
    hostname
    >:<
    servicename
    >:norestart
Multiple services are delimited by the
|
character.
<
proxy_hostname
>
is the name of the server running the proxy.
<
hostname
>
is the name of the server where the service is hosted.
Attribute.tasks
List of scheduled tasks.
Required
Default Value
Valid Values
No
none
<empty string>
no tasks
Add the following for each task:
<
proxy_hostname
>:<
hostname
>:<
task_name
>
Multiple tasks are delimited by the
|
character.
<
proxy_hostname
>
is the name of the server running the proxy.
<
hostname
>
is the name of the server where the scheduled task is hosted.
Active Directory CLI Example
cmdName=addTargetApplication TargetServer.hostName=myhostname.mydomain.com
TargetApplication.name=myAD TargetApplication.type=windowsDomainService Attribute.domainName=cspm2
Attribute.useDNS= specifiedDNS Attribute.dnsServer=dns1.cloakware.com,dns2.cloakware.com
Attribute.dcPort=636 Attribute.adSite=London
cmdName=addTargetAccount TargetServer.hostName=myhostname.mydomain.com TargetApplication.name=mywindows
TargetAccount.userName=admin TargetAccount.password=P@ssw0rd TargetAccount.cacheAllow=true
TargetAccount.cacheDuration=19 Attribute.extensionType=windowsDomainService Attribute.useOtherAccountToChangePassword=false
Attribute.forcePasswordChange=false Attribute.userDN=cn=admin,dc=cspm2
Attribute.serviceInfo=proxyhostA:HostA:serviceName:restart|proxyhostB:HostB:serviceName:norestart
Attribute.tasks=proxyHostA:HostA:taskName|proxyHostB:HostB:taskName