Question

Automating the Creation of AD & Exchange Accounts

Workflow Integrations Version 9 Empower14 Ideas

Updated April 19, 2017

asked on February 12, 2014 • Show version history

At the Conference this year there were multiple customer stories about onboarding workflows. Some of them spoke about how when an employee was officially hired, Workflow was then used to create an Active Directory account and email address in Exchange for the new employee. Does anyone have any sample scripts for this type of integration that they would be willing to share? We are looking at this type of integration and any help would be appreciated.

1 0

Replies

replied on April 18, 2017

We use Dovestones AD Bulk Users to create and update our users from a SQL database on a schedule. The product is dirt cheap and pretty decent. https://www.dovestones.com/active-directory-user-import/

2 0

replied on February 12, 2014

That's a very good idea. Sadly I have nothing to share. Unfortunately, our network admins are loath to give up their tedious, time consuming, and highly error prone manual process.

0 0

replied on February 12, 2014

We currently use ADmanager which is not expensive and easy to use.

We currently have it being used by our HR folks to create accounts for new hires and automatically give them access to their resources. After email is created the HR specialist sends the online contract to the new employee for approval.

0 0

replied on February 18, 2014

Google yielded some scripts, which could probably be inserted into a workflow-based SDK Script:

http://www.morgantechspace.com/2013/10/create-user-in-active-directory-by-vb.html

...or on the Microsoft forum:

http://social.msdn.microsoft.com/Forums/vstudio/en-US/44b238f4-daf8-48c4-801f-f115bea57bb2/how-to-create-ad-users-with-vbnet?forum=vbgeneral

0 0

replied on November 26, 2014

I'm working on something like this. I already have a Powershell script written separate from LF for internal IT use. It:

Creates a new AD account based on an existing user (usually it's a re-hire or similar position to another)
adds the same security and distribution groups
Populates some of the common fields (Title, web site, manager, etc)
Creates an email account
Creates & maps their home folder
Creates database accounts as needed with proper roles
Adds a Laserfiche license (based on security group) if needed

I'm going to tie it into a dynamic form and Workflow so it can be initiated by HR. My goal is to have it so they can create a new user or modify an existing one as permissions and duties change. If it goes well, I'll try to built departure procedures into it too.

I'll contribute once I'm a little further along, it's an 'as time allows' project!

0 0

replied on April 18, 2017

Just checking in on this older discussion thread - I'm looking at doing the exact same thing. Has anyone here had success automating the account creation process?

I was thinking Forms for the initial account info collection and approval process, then hand off to Workflow which would use a Script or SDK Script activity to run some powershell scripts to create the accounts, etc.

Thoughts?

0 0

replied on April 19, 2017

according to google...

DirectoryEntry cnUsers = new DirectoryEntry("LDAP://CN=Users,DC=celtestdom,DC=local");

// create a user directory entry in the container
DirectoryEntry newUser = container.Children.Add("cn=NewUserAccount", "user");

// add the samAccountName mandatory attribute
newUser.Properties["sAMAccountName"].Value = "NewUser";

// add any optional attributes
newUser.Properties["givenName"].Value = "User";
newUser.Properties["sn"].Value = "One";

// save to the directory
newUser.CommitChanges();

// set a password for the user account
// using Invoke method and IadsUser.SetPassword
newUser.Invoke("SetPassword", new object[] { "pAssw0rdO1" });

// require that the password must be changed on next logon
newUser.Properties["pwdLastSet"].Value = 0;

// save to the directory
newUser.CommitChanges();

or with .Net 3.5 and up, using System.DirectoryServices.AccountManagement ...

// create a context for a domain and define "base" container to use
PrincipalContext ctx = new PrincipalContext(ContextType.Domain,
         "celtestdom", "CN=Users,DC=celtestdom,DC=local");

// create a user principal object
UserPrincipal user = new UserPrincipal(ctx, "NewUser", "pass@1w0rd01", true);

// assign some properties to the user principal
user.GivenName = "User";
user.Surname = "One";

// force the user to change password at next logon
user.ExpirePasswordNow();

// save the user to the directory
user.Save();

I use something similar.

http://stackoverflow.com/questions/9812199/adding-users-to-ad-using-ldap

2 0

You are not allowed to follow up in this post.

Question

Question

Automating the Creation of AD & Exchange Accounts

Replies

Sign in to reply to this post.