Chat now with support
Chat with Support

Active Roles 7.4.3 - Solutions Guide

Active Roles Solutions Overview ERFM Solution Overview Configuration Transfer Wizard overview Understanding SPML Provider Skype for Business Solution Overview
Introducing Skype for Business Server User Management Supported Active Directory topologies User Management policy Master Account Management policy Access Templates for Lync Server Deploying the Solution Managing Skype for Business Server Users
Management Pack for SCOM

Specifying controls to return to the SPML Provider client

This section covers the controlsForOutput and control XML elements that your SPML request must include to specify a set of controls to return to the SPML Provider client.

Element name: controlsForOutput

Element description: Specifies a collection of OutControl-type controls to return to SPML client.

Child clements: control

Attributes:

Table 8: Attributes for controlsForOutput

attribute name

attribute description

xmlns

Declares the namespase for all child elements of the controls element. This attribute must be set to quest:ars:SPML:2:0

Element name: control

Element description: Describes a control to return to SPML Provider client with an SPML response.

Parent elements: controlsForOutput

Child elements: None

Attributes:

Table 9: Attributes for control

attribute name

attribute description

name

Specifies the name of the control.

The control elements used to specify controls to return with SPML response must be defined as follows:

<control name=%control name% />

Sample SPML request

This section provides a sample SPML request and the SPML response that illustrate how to use Active Roles controls in your SPML requests.

This sample shows how an SPML Provider client can send a request to modify the specified user object. With this request, the client sends the AllowApproval built-in control set to Confirm, and the CustomControl control set to MyCustomValue. The request also contains the controlsForOutput element, which specifies that Active Roles Administration service will return values of the OperationStatus and CustomControl controls in the SPML response.

TIP: For more information about the use of the AllowApproval and OperationStatus controls, refer to the Active Roles SDK.

NOTE: You need to modify the sample SPML request in order to adjust it to your environment. Before using this sample, set the ID attribute of the psoID element to the distinguished name of the user account you want to modify.

SPML request

<?xml version="1.0"?>

<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">

<soap:Body>

     <spml:modifyRequest xmlns:spml="urn:oasis:names:tc:SPML:2:0">

          <controls xmlns="quest:ars:SPML:2:0">

               <control name="AllowApproval">Confirm</control>

   <control name="CustomControl">MyCustomValue</control>

        </controls>

      <controlsForOutput xmlns="quest:ars:SPML:2:0">

          <control name="OperationStatus"/>

         <control name="CustomControl"/>

      </controlsForOutput>
  <spml:psoID ID="CN=JDOE,OU=Users,DC=mycompany,DC=com"/>

<spml:modification>
<modification name="description" operation="replace"          xmlns="urn:oasis:names:tc:DSML:2:0:core">

<value>New description</value>

</modification>

</spml:modification>

</spml:modifyRequest>

</soap:Body>

</soap:Envelope>

SPML response

<?xml version="1.0" encoding="UTF-16"?>

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">

<soap:Body>

<modifyResponse status="success" xmlns="urn:oasis:names:tc:SPML:2:0">

<controls xmlns="quest:ars:SPML:2:0">

<control name="OperationStatus">Completed</control>

<control name="CustomControl">ReturnedValue</control>

</controls>

<pso>

<psoID ID="CN=JDOE,OU=Users,DC=mycompany,DC=com"/>

<data>

<attr name="cn" xmlns="urn:oasis:names:tc:DSML:2:0:core">

<value xsi:type="xsd:string">Admin1</value>

</attr>

<attr name="objectClass" xmlns="urn:oasis:names:tc:DSML:2:0:core">

<value xsi:type="xsd:string">top</value>

<value xsi:type="xsd:string">person</value>

<value xsi:type="xsd:string">organizationalPerson</value>

<value xsi:type="xsd:string">user</value>

</attr>

<attr name="objectCategory" xmlns="urn:oasis:names:tc:DSML:2:0:core">

<value xsi:type="xsd:string">CN=Person,CN=Schema,CN=Configuration,DC=dom,DC=lab,DC=local</value>

</attr>

<attr name="objectGUID" xmlns="urn:oasis:names:tc:DSML:2:0:core">

<value xsi:type="xsd:base64Binary">Aodvua6TAE+Ja9O3vnRntg==</value>

</attr>

<attr name="description" xmlns="urn:oasis:names:tc:DSML:2:0:core">

<value xsi:type="xsd:string">New description</value>

</attr>

</data>

</pso>

</modifyResponse>

</soap:Body>

</soap:Envelope>

 

Supported Azure Features

  • Active Roles 7.4 SPML Provider supports Azure user, group, and contact creation.

    NOTE: You must complete Azure AD configuration, before using SPML for user, group, and contact creation in Azure AD. For more information, see Azure AD and Office 365 Management Administrator Guide.

Sample SPML request for Azure user, group, and contact creation

Sample SPML request for Azure User Creation

<?xml version="1.0"?>

<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">

<soap:Body>

<addRequest xmlns="urn:oasis:names:tc:SPML:2:0" returnData="everything">

<containerID ID="OU=AzureOU, DC=Sample,DC=local,DC=com"/>

<data>

<attr name="cn" xmlns="urn:oasis:names:tc:DSML:2:0:core">

<value>AzureUser</value>

</attr>

<attr name="description" xmlns="urn:oasis:names:tc:DSML:2:0:core">

<value>Azure test user</value>

</attr>

<attr name="sAMAccountName" xmlns="urn:oasis:names:tc:DSML:2:0:core">

<value>AzureUser</value>

</attr>

<attr name="objectClass" xmlns="urn:oasis:names:tc:DSML:2:0:core">

<value>user</value>

</attr>

<attr name="mail" xmlns="urn:oasis:names:tc:DSML:2:0:core">

<value>AzureUser@ARStestdev.onmicrosoft.com</value>

</attr>

<attr name="otherHomePhone" xmlns="urn:oasis:names:tc:DSML:2:0:core">

<value>12135555555</value>

<value>12134444444</value>

</attr>

<attr name="edsaPassword" xmlns="urn:oasis:names:tc:DSML:2:0:core">

<value>P@ssw0rd123</value>

</attr>

<attr name="edsaAccountIsDisabled" xmlns="urn:oasis:names:tc:DSML:2:0:core">

<value>FALSE</value>

</attr>

<attr name="userPrincipalName" xmlns="urn:oasis:names:tc:DSML:2:0:core">

<value>AzureUser@ARStestdev.onmicrosoft.com</value>

</attr>

<attr name="edsvaAzureOffice365Enabled" xmlns="urn:oasis:names:tc:DSML:2:0:core">

<value>TRUE</value>

</attr>

<attr name="edsaAzureUserPrincipalName" xmlns="urn:oasis:names:tc:DSML:2:0:core">

<value>AzureUser@ARStestdev.onmicrosoft.com</value>

</attr>

<attr name="edsaAzureUserAccountEnabled" xmlns="urn:oasis:names:tc:DSML:2:0:core">

<value>TRUE</value>

</attr>

<attr name="edsaAzureUserDisplayName" xmlns="urn:oasis:names:tc:DSML:2:0:core">

<value>AzureUser</value>

</attr>

 

</data>

</addRequest>

</soap:Body>

</soap:Envelope>

Sample SPML request for Azure Group Creation.

<?xml version="1.0"?>

<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">

<soap:Body>

<addRequest xmlns="urn:oasis:names:tc:SPML:2:0" returnData="everything">

<psoID ID="CN=GroupName,OU=AzureOU,DC=Sample,DC=local,DC=com"/>

<data>

<attr name="objectClass" xmlns="urn:oasis:names:tc:DSML:2:0:core">

<value>group</value>

</attr>

<attr name="description" xmlns="urn:oasis:names:tc:DSML:2:0:core">

<value>My test group</value>

</attr>

<attr name="mailEnabled" xmlns="urn:oasis:names:tc:DSML:2:0:core">

<value>false</value>

</attr>

<attr name="mail" xmlns="urn:oasis:names:tc:DSML:2:0:core">

<value> GroupName@company.com</value>

</attr>

<attr name="mailNickName" xmlns="urn:oasis:names:tc:DSML:2:0:core">

<value> GroupName</value>

</attr>

<attr name="edsvaAzureOffice365Enabled" xmlns="urn:oasis:names:tc:DSML:2:0:core">

<value>TRUE</value>

</attr>

<attr name="edsaAzureGroupDisplayName" xmlns="urn:oasis:names:tc:DSML:2:0:core">

<value> GroupName</value>

</attr>

<attr name="edsaEstablishGroupEmail" xmlns="urn:oasis:names:tc:DSML:2:0:core">

<value>false</value>

</attr>

<attr name="edsaAzureGroupType" xmlns="urn:oasis:names:tc:DSML:2:0:core">

<value>-2147483646</value>

</attr>

</data>

</addRequest>

</soap:Body>

</soap:Envelope>

Sample SPML request for Azure Contact Creation

<?xml version="1.0"?>

<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">

<soap:Body>

<addRequest xmlns="urn:oasis:names:tc:SPML:2:0" returnData="everything">

<containerID ID="OU=AzureOU,DC=Sample,DC=local,DC=com"/>

<data>

<attr name="cn" xmlns="urn:oasis:names:tc:DSML:2:0:core">

<value>AzureContact</value>

</attr>

<attr name="description" xmlns="urn:oasis:names:tc:DSML:2:0:core">

<value>AzureContact</value>

</attr>

<attr name="objectClass" xmlns="urn:oasis:names:tc:DSML:2:0:core">

<value>Contact</value>

</attr>

<attr name="edsvaAzureOffice365Enabled" xmlns="urn:oasis:names:tc:DSML:2:0:core">

<value>TRUE</value>

</attr>

<attr name="edsaAzureContactEmail" xmlns="urn:oasis:names:tc:DSML:2:0:core">

<value>AzureContact@test.com</value>

</attr>

</data>

</addRequest>

</soap:Body>

</soap:Envelope>

 

Supported operations

SPML Provider implements the SPML v2 core protocol and supports core operations that are required for conformance to the official SPML v2 specification. The following table lists the core operations supported by SPML Provider.

Table 10: Core operations supported by SPML Provider

Operation

Description

listTargets

Lists targets available for provisioning through SPML Provider and the SPML Provider's supported set of capabilities for targets.

add

Creates a new object on the target.

modify

Changes the specified object on the target.

lookup

Obtains the XML that represents the specified object on the target.

delete

Removes the specified object from the target.

In addition to core operations required for conformance to the SPML v2 specification, SPML Provider supports a set of optional operations (Capabilities) that are functionally related. The following tables list the Capabilities supported by SPML Provider.

Search capability

Table 11: Capabilities supported by SPML Provider

Operation

Description

search

Obtains every object that matches the specified query.

iterate

Obtains the next set of objects from the result set selected for a search operation.

closeIterator

Informs SPML Provider that the client no longer intends to iterate the search result.

Suspend capability

Table 12: Suspend capability

Operation

Description

suspend

Disables/deprovisions the specified object on the target.

resume

Re-enables the specified object on the target.

active

Checks whether the specified object on the target has been suspended.

Password Capability

Table 13: Password capability

Operation

Description

setPassword

Specifies a new password for a user account.

expirePassword

Marks as invalid the current password for a user account.

For detailed information on the SPML v2 operations, refer to the “Operations” section in the official SPML v2 specification, available for download at http://www.oasis-open.org/specs/index.php#spmlv2.0.

Samples of use

SPML Provider implements the SPML v2 core protocol and supports the DSML v2 Profile for SPML operations. SPML Provider comes with a sample client that includes examples illustrating how to construct SOAP messages that contain SPML payloads to perform common directory operations.

To work with the examples in the SPML Provider sample client

  1. From the Start menu on the computer on which SPML Provider is installed, select Active Roles SPML Provider to open the home page of the sample client in your Web browser.
  2. On the Samples of Use home page, under How do I, click the example you want to examine.

For instance, you might click Create new user to view, modify, and perform the SPML v2 request that creates a user object.

  1. On the page that opens, in the SPMLv2 request box, view the SOAP message that will be sent to SPML Provider.

You may need to modify the SOAP message in order to adjust it to your environment. Thus, with the Create new user example, you have to set the ID attribute of the <ContainerID> element to the distinguished name (DN) of the container where you want to create a new user.

  1. Click the Send Request button to send the SOAP message to SPML Provider.
  2. In the SPMLv2 response box, view the SOAP message returned by SPML Provider in response to your request.
  3. To examine another example, return to the home page, and then click the desired example.
Related Documents