About Microsoft LDAP - Active Directory Protocol

LDAP (Lightweight Directory Access Protocol) is an open-source protocol used for directory services authentication. In other words, LDAP allows applications on the system to communicate with other directory services servers and access information such as computer accounts, users, etc.

The key to breaking easily into any network resides in the organization’s Active Directory (AD), and hackers are well-aware of this fact. To prevent this breach from happening, organizations protect their Active Directory by integrating with Microsoft LDAP.

Supported Actions

SIRP’s integration with Microsoft LDAP allows multiple activities to be initiated from playbooks in SIRP to an Active Directory.

For Active Directory services, actions include: enable and disable a user, add user to group, and remove user from group, etc.

SIRP’s Microsoft LDAP integration app allows you to execute the following actions:



Get User Info

Action to get user info from the active directory.

Check User Group

Action to get user group from active directory.

Add User from Group

Action to add user in a group.

Remove User from Group

Action to remove a user from a group.

Disable User

Action to disable a user in the active directory.

Enable User

Action to enable a user in the active directory.

Change User DN

Action to change user Distinguished Name (DN) in active directory.

Get Manager Info

Action to get info of user’s manager from active directory.

Enable and Configure Active Directory

Step 1: Creating a New User in Active Directory

Note: Active Directory uses the LDAP protocol to create new users, which is required for SIRP to communicate with AD and execute automated actions.

Open the Server Manager, go to the Tools menu and select Active Directory Users and Computers.

  1. Expand the domain and click Users

2. Right-click on the right pane and press New > User.

3. When the New Object-User box displays enter the following details:

a. First name

b. Last name

c. User logon name

4. Click Next.

5. Enter a password and press Next.

6. The user has been created.

Step 2: Manage Active Directory Permissions to Delegate Control to SIRP user account.

Note: An administrator may assign delegation.

To delegate control, first, identify a specific user with the right to join. Then, by using Active Directory Users and Computers, delegate the task of creating/deleting user accounts to a group—in this example, the object is SIRP.

  1. In the Active Directory Users and Computers > Domain Controllers, click the relevant ou where the user resides. (for example, new ou)

  2. Right-click new ou and then click Delegate Control.

3. The Delegation of Control wizard appears. Click Next.

4. Enter the user name

5. On the Users or Groups page, click Add, scroll to users or groups, double-click it, and click Next

6. On the Tasks to Delegate page, click Create a custom task to delegate, and then click Next.

7. Click Only the following objects in the folder.

8. From the list, select User objects.

9. In the permissions list, select the Property-specific check box for the required permissions shown in the table below.

In this case select Read userAccountControl and Write userAccountControl.

Note: These permissions would grant the user to enable/disable domain users through an automated action in SIRP.

10. Click Next > Finish

Configure SIRP Application

1. Log in to SIRP, then go to Apps from the left navigation bar.

2. Locate the app named Microsoft LDAP.

3. Enable the Microsoft LDAP app by clicking on the toggle button under the Status column

  1. A new configuration window will pop-up asking for information. Add the following details:

Provide the following information:

a. Host=<server address>

b. SAM Account Name=<DN of user>

c. Password=<password>

d. Base-DN=<Base DN>

e. Click on save.

Did this answer your question?