[TR-2947] Active Directory Enable Account Dispatch

[ljstella]

Pull Request Type

Please check all that apply:

• New playbook
• Bugfix
• Feature add
• Code style update (formatting, renaming)
• Documentation
• Other (please describe):

Release Notes

Replace the following list with release notes that describe the high level components of the PR:

• Feature - Added new automation playbook for unlocking accounts w/ [TR-2953] Azure AD Account Unlocking #2739 , [TR-2958] AWS IAM Account Unlocking #2738 , and [TR-2955] AD LDAP Account Restoration #2737

Playbook quality checklist

Please check if your PR fulfills the following requirements.

Requirements for Settings

• Playbook name is A-Z in Title case with underscores between words. (e.g. MS_Graph_Search_and_Purge)
• Category in Title case with spaces between words (e.g. Identifier Reputation Analysis)
• Description is free of grammatical errors and describe what the playbook does.
• Notes list any setup required on the third-party API as well as intended areas for customization.
• Label is set to '*'

Requirements for all playbooks

• Playbook block count not greater than 15 (not including Start and End blocks).
• No more than 3 branching paths.
• If referencing a custom list, Notes document what the expected values are in that custom list.

Requirements for all playbook blocks

• All blocks have a custom name no more than 4 words, all lowercase, and separated by space (e.g. close workbook task)
• All blocks that support a Notes Tooltip have it filled out. Must be grammatically correct and describes the intended purpose of that block.
• Where custom code is used, block notes indicate presence of custom code (e.g. "This block uses custom code")
• No block is disabled by custom code
• Custom code is documented with notes

Requirements for specific blocks

Action

• Use apps available on Splunkbase
• Use asset names that are the app name, all lowercase separated by underscores (e.g. Azure AD Graph becomes azure_ad_graph)

Utility

• Block is using community version

Playbook

• Block is using local version

Requirements for specific playbooks

Other considerations (PR type specific)

• If new playbook, there is a screenshot ending in .png with the same name as the playbook .json
• Playbook major minor version matches repo (e.g. 5.5 != 6.0)
• PR contains both .py and .json

---

Thanks for contributing!

[P4T12ICK]

• In Notes for the playbook is a small typo: Ulocking instead of Unlocking
• I'm not sure if the first if/else block with the condition artifact:*.cef.act is correct. When I added manually some user name as artifacts, it never executed. Maybe you can explain it to me.
• The generated note table has a small bug (see screenshot)

[P4T12ICK]

[patel-bhavin]

reviewed by Patrick!