Why This Matters
Set Group Attributes:
Users have explicitly requested the ability to manage AD group attributes within Privileged Task Automation (PTA) to consolidate their administrative workflows. Until now, administrators couldn’t set or update key AD group attributes in-platform, forcing them to rely on external tools and fragmented processes. This limitation reduced efficiency and made it difficult for organizations to fully consolidate identity management operations within PTA.
User Extension Attributes:
Customer requests for extension attribute search functionality have informed the latest improvements to our product. Many organizations rely on AD extension attributes (1–15) to store business-critical custom user information and classification data. Without native support for searching by these attributes, administrators have been forced to use alternative, less efficient methods to identify and manage users—creating workflow inefficiencies and limiting the platform’s utility in environments with customized AD implementations.
This release introduces two key Active Directory enhancements to PTA:
- The ability to set and update AD group attributes directly within the platform.
- Support for searching users by extension attributes 1–15.
These features directly respond to customer requests, helping consolidate AD management workflows and reducing reliance on external tools for managing group attributes and custom user data.
New Capabilities
Set Group Attributes:
Customers can now use the new update_group_attributes command within the Active Directory action to manage eight key AD group attributes directly within PTA: sAMAccountName, company, info, description, department, displayName, location, and owner. These single-value string attributes can be updated or cleared (by providing blank values) without requiring external tools. Additionally, these same attributes are now supported as optional fields in the existing create_group command, allowing administrators to set group attributes atomically during group creation rather than requiring separate update operations. The feature includes built-in validation and will return appropriate error codes for unsupported attributes.
User Extension Attributes:
Administrators can now search for users based on Active Directory extension attributes 1-15 using the existing search_users command within the Active Directory action, enabling efficient identification and management of users with specific custom attribute values. This capability supports organizations that rely on extension attributes for business-critical user information and classification.
Who is affected?
This enhancement affects all current PTA customers, particularly those using the Active Directory action. Customers who will especially benefit include organizations that:
- Currently manage AD group attributes through external tools outside of PTA
- Store custom business information in AD extension attributes 1-15
- Require consolidated identity management operations within a single platform
- Have complex AD implementations with extensive use of group attributes and extension attributes for user classification
The enhancements are additive to the existing Active Directory action capabilities, so all PTA customers with AD integrations will have immediate access to these new commands upon release.
Action Required?
Customers who want to use the new AD group attribute management or extension attribute search functionality can access these features through the existing PTA workflow builder interface immediately upon release.
Important Dates
This will roll out to production in the last week of June, with all customers expected to have access by the first week of July.
Additional Resources
The updated documentation will include:
- Enhanced Active Directory action documentation with new
update_group_attributescommand, supported attributes and usage examples - Updated
create_groupcommand documentation showing new optional attribute fields - Enhanced
search_userscommand documentation with extension attribute search parameters
