Update Active Directory via API

So is there such thing? like a rest/soap API where one can update a users phone number, email, address?

 

Does PS support rest?

That would be the way I would think you can.

 

LDAP. Born of the 1980s.

 

yeah but i'm looking at something simple, rest call update these fields and done ....like

Dim x As IADs
Set x = GetObject("LDAP://CN=Administrator,CN=Users,DC=intranet,DC=com")
x.PutEx ADS_PROPERTY_UPDATE, "OtherHomePhone", Array("8888", "9999")
x.SetInfo

and done

how hard is it to create a windows/AD API

 

There is Active Directory Web Services, which will sort-of do what you want. but not in the way that you want it. (https://blogs.msdn.microsoft.com/adpowershell/2009/04/06/active-directory-web-services-overview/)

Is there a reason you can't just use powershell (set-aduser blah -officephone "555 6969") for what you are trying to do?

Alternatively there are programs like Adaxes which will give you a prettier way to do it, if you are that way inclined.

Whats the goal?

 

I have a php app where users live in and they authenticate via ADFS (SAML) so if they update their number I want a rest call to AD and bam

 

you have nearly complete control of active directory via c# api.

i would guess much of Active Directory tools themselves are written using the c# api

eg. change phone no:
http://stackoverflow.com/questions/...hone-number-in-active-directory-using-c-sharp

you can call c# DLL from php:

Code:

$object = new COM('MyDllProjectName.MyDllClassName');
$object->myMethod();

 

I think you may need to roll your own then.

If you have Exchange in the environment, you may be able to leverage Exchange Web Services to achieve your end goal. (https://msdn.microsoft.com/en-us/library/office/jj220535(v=exchg.80).aspx) Depending on what roles your users have, they may be able to change some of their own details via it.

And how exactly is that c# api exposed via REST?

 

maybe these:

https://msdn.microsoft.com/en-us/library/ms180896(v=vs.80).aspx

i think he probably just wants a php LDAP library though.

http://stackoverflow.com/questions/2835927/reset-a-ldap-password-with-php ?

 

i think that's too complicated as the php application is in a different DC

essentially the php application has SSO via ADFS (SAML) and I need to be able to write back to AD from the php application some fields for the logged in user via preferably REST or SOAP

 

You could use Azure Automation to receive the variables via API and then run a PS script with those variables i.e. updated phone number.