Activities
- Connect to Active Directory
- Disconnect from Active Directory
- Add Computer to Group
- Add Domain User to Local Group
- Add Group to Group
- Add User to Group
- Change User Password
- Change User Password (non-encrypted)
- ClearADAttributeValue
- Computer Exists
- Create Computer
- Create Group
- Create User
- Create User With Password String
- Delete Entry
- Edit Account Expires
- Edit Computer Account Status
- Edit Entry
- Edit User Account Status
- Get Account Expires
- Get Entries by Filter
- Get Entry
- Get Entry Attributes
- Get Password Expiration Date
- Get User Account Status
- Get User Groups
- Get Users in Group
- Get Entry SID
- Group Exists
- Is Member
- Join Computer to Domain
- Move Entry
- Remove Computer from Group
- Remove Group from Group
- Remove User from Group
- User Exists
...
Connect to Active Directory
...
- AD Path (combo box control) (type: string): the Active Directory connection string, without "LDAP:\\\\" part. Here can be inserted, for example, the name of the Domain Controller server, in full address format: VSRPDC201.FMRP.intern
- Logon Provider (combo box control) (type: string): choose from the drop down list the logon provider. Flowster Studio provides the following options:
- Default: Use the standard logon provider for the system. The default security provider is negotiate, unless you pass NULL for the domain name and the user name is not in UPN format. In this case the default provider is NTLM.
- WinNT50: Use the negotiate logon provider. This value is not support for Windows NT 4 or earlier.
- WinNT40: Use the NTLM logon provider
- WinNT35: Use the Windows NT 3.5 logon provider
- Logon Type (combo box control) (type: string): choose from the drop down list the type of logon operation to perform.
- Interactive: used for a logon at the console of a computer. An Interactive logon is logged when it is attempted to log on at a Windows computer’s local keyboard and screen
- Network: occurs when there are accessed remote file shares or printers. Also, most logons to Internet Information Services (IIS) are classified as network logons, other than IIS logons that use the basic authentication protocol (those are logged as logon type Network Clear Text)
- Batch: used for scheduled tasksworkflows. When the Windows Scheduler service starts a scheduled taskworkflow, it first creates a new logon session for the taskworkflow, so that it can run in the security context of the account that was specified when the task workflow was created
- Service: used for services and service accounts that log on to start a service. When a service starts, Windows first creates a logon session for the user account that is specified in the service configuration
- Unlock: used whenever a Windows machine is unlocked
- Network Clear Text: used when log on over a network and the password is sent in clear text. This happens, for example, when basic authentication is used to authenticate to an IIS server
- New Credentials: used when running an application using the RunAs command and specify the /netonly switch. When you start a program with RunAs using /netonly, the program starts in a new logon session that has the same local identity (this is the identity of the currently logged on user), but uses different credentials (the ones specified in the runas command) for other network connections. Without /netonly, Windows runs the program on the local computer and on the network as the user specified in the runas command, and logs the logon event with type Interactive
- Password (password editor type) (type: string): the password for the provided username.
- Password Binding (text box editor type) (type: string): bind to a variable containing the encrypted password for the connection. (This parameter is used only when the user wants to send an encripted password from outside the taskworkflow, for example Flowster Portal).
- Root (combo box control) (type: string): the root type:
- LDAP: when the scope of a search is the domain or an organizational unit
- GC: when the scope of a search is the forest
- Secure Connection (combo box control) (type: string): this can be used as input when you need a secure connection.
- Username (text box editor type) (type: string): the the username of the SQL Server Administrator. The accepted format is domain\username
...
- Connection (type: object): outputs an Active Directory Connection. This parameter should be used as input for all Connection parameters used for activities placed under Active Directory category.
Execution:
Disconnect from Active Directory
...
- Connection (text box editor type) (type: object): the Active Directory Connection. The output parameter from Connect To Active Directory activity should be used as Input here.
Add Computer to Group
This activity adds a computer to specified group.
...
Execution: the activity will search if the provided entry paths are valid and if yes, it will add the indicated computer to the indicated group:
Using Get Entry activities: get Entry activities can be used in order to extract the needed entry paths from Active Directory. The steps below are describing a scenario of how to use both Get Entry and Add Computer to Group activity types:
- use a Get Entry activity to extract the Computer entry
- use another Get Entry activity to extract the Group entry path
- bind the obtained paths (stored in variables) to the Computer and Group fields from the Add Computer To Group activity:
...
Add Domain User to Local Group
...
Execution: the activity will search if the provided domain and the user with the given sAMAccountName exists. If yes, the it will add the domain user to given the local group.
Add Group to Group
This activity adds a group to another group.
...
Execution: the activity will search if the provided entry paths are valid and if yes, it will add the indicated group to the other group:
Using Get Entry activities: get Entry activities can be used in order to extract the needed entry paths from Active Directory. The steps below are describing a scenario of how to use both Get Entry and Add Group to Group activity types:
- use a Get Entry activity to extract the first Group entry (the group where the second group will be added):
- use another Get Entry activity to extract the second Group entry path (the group which will be added into the first group)
- bind the obtained paths (stored in variables) to the Group and Group To Be Added fields from the Add Group To Group activity:
Add User to Group
This activity adds specified user to specified group.
...
Execution: the activity will search if the provided entry paths are valid and if yes, it will add the indicated user to the indicated group:
Using Get Entry activities: get Entry activities can be used in order to extract the needed entry paths from Active Directory. The steps below are describing a scenario of how to use both Get Entry and Add User to Group activity types:
- use a Get Entry activity to extract the Group entry (the group where the user will be added):
- use another Get Entry activity to extract the User entry path (the user which will be added into the group)
- bind the obtained paths (stored in variables) to the Group and Group To Be Added fields from the Add Group To Group activity:
...
Change User Password
This activity changes the password of a user account.
...
- Entry (text box editor type) (type: string): the entry for the user. The entry can be linked to a variable outputed by the GetEntry activity or written by hand. The accepted format should be written as in the given example: "LDAP://VSRPDC201.FMRP.intern/CN=TestingUser,OU=Users,OU=__DEV-Testing,DC=FMRP,DC=intern":
- Password (text box editor type) (type: string): the new password for the User.
- Password Binding (text box editor type) (type: string): bind to a variable containing the encrypted password for the User. (This parameter is used only when the user wants to send an encripted password from outside the taskworkflow, for example Flowster Portal)
...
- use another Get Entry activity to extract the User entry path:
- bind the obtained path (stored in a variable) to the User field from the Change User Password activity:
...
Change User Password(non-encrypted)
...
- Entry (text box editor type) (type: string): the entry for the user. The entry can be linked to a variable outputed by the GetEntry activity or written by hand. The accepted format should be written as in the given example: "LDAP://VSRPDC201.FMRP.intern/CN=TestingUser,OU=Users,OU=__DEV-Testing,DC=FMRP,DC=intern":
- Password Binding (text box editor type) (type: string): bind to a variable containing the non-encrypted password or input the string password. E.g. "Welcome2016". The variable can be defined in the Variables section and should be of type String:
...
Using Get Entry activity: get Entry activities can be used in order to extract the needed entry paths from Active Directory. The steps below are describing a scenario of how to use both Get Entry and Change User Password (non-encrypted) activity types:
- use another Get Entry activity to extract the User entry path:
- bind the obtained path (stored in a variable) to the User field from the Change User Password (non-encrypted) activity:
...
ClearADAttributeValue
This activity clears the value of a specified attribute for an Active Directory entry.
NOTE: An attribute to be cleared means to insert null value but strings with 0 length or attributes with null value are not valid attribute in AD, this means that when you set a value to "" , the property/attribute gets deleted.
...
- Entry (text box editor type) (type: string): the entry path of the Active Directory entry, or bind this parameter with the output parameter of a Get Entry activity. If the Entry Path will be manually inserted, the accepted format should be written like in the following example: "LDAP://VSRPDC201.FMRP.intern/CN=TestingUser,OU=Users,OU=__DEV-Testing,DC=FMRP,DC=intern"
Using Get Entry activities: get Entry activities can be used in order to extract the needed entry paths from Active Directory. The steps below are describing a scenario of how to use both Get Entry and ClearADAttributeValue activity:
...
Execution: the activity will search the Active Directory for the specified sAMAccountName, in the Computer class. The link with the AD is made via the Connection parameters (the output from the Connect to Active Directory activity). If the machine is found, then True will be displayed, otherwise False:
Create Computer
This activity creates a new entry of class 'Computer' in Active Directory.
...
Execution: the activity will output the result of the computer creation, displaying the newly created machine's Path:
...
Create Group
This activity creates a new entry of class 'Group' in Active Directory.
...
Execution: the activity will output the result of the group creation, displaying the newly created group's Path:
Create User
This activity creates a new entry of class 'User' in Active Directory.
...
- Attributes (text box editor type) (type: string): enter user specific Attributes for the new created user. Here can be inserted attributes that would not be created by default with the activity (optional attributes in AD). For example, it can be inserted the displayName attribute. In the Collection editor window, when adding a new member, at Name insert the attribute's name (e.g. displayName) and at Value insert the value that the attribute should take:
- CN String (text box editor type) (type: string): the CN String value of the place where the user will be created. For Example: 'CN=TEST'. This value will be associated with the CN attribute.
- CSV Attributes (text box editor type) (type: string): overrides the 'Attributes' parameter. The values must be entered with the format: "Attribute1Name,Attribute1Value;Attribute2Name,Attribute2Value". This field can be used in order to provide all the desired attributes and their values on a single field. The example presented in the screenshot can be translated as "displayName,TestingUser;mail,TstUser@flowster.de;company,Flowster Solutions".
- Parent Entry (text box editor type) (type: string): the parent entry for the new created user. The parent entry can be linked to a variable outputed by the GetEntry activity (for GetEntry binding usage, see the Add Computer To Group activity) or written by hand. The accepted format should be written as in the given example: "LDAP://VSRPDC201.FMRP.intern/OU=Users,OU=__DEV-Testing,DC=FMRP,DC=intern":
- Password (text box editor type) (type: string): the password for the User.
- Password Binding (text box editor type) (type: string): bind to a variable containing the encrypted password for the User. (This parameter is used only when the user wants to send an encripted password from outside the taskworkflow, for example Flowster Portal)
- sAMAccountName (text box editor type) (type: string): the sAMAccountName for the new user.
...
Execution: the activity will output the result of the group creation, displaying the newly created group's Path:
Create User With Password String
This activity creates a new entry of class 'User' in Active Directory.
Activity Parameters
The Create User With Password String activity parameters can be provided by manual inserted values or via IN arguments or variables:
Parameters:
- Attributes (text box editor type) (type: string): enter user specific Attributes for the new created user. Here can be inserted attributes that would not be created by default with the activity (optional attributes in AD). For example, it can be inserted the displayName attribute. In the Collection editor window, when adding a new member, at Name insert the attribute's name (e.g. displayName) and at Value insert the value that the attribute should take:
- CN String (text box editor type) (type: string): the CN String value of the place where the user will be created. For Example: 'CN=TEST'. This value will be associated with the CN attribute.
- CSV Attributes (text box editor type) (type: string): overrides the 'Attributes' parameter. The values must be entered with the format: "Attribute1Name,Attribute1Value;Attribute2Name,Attribute2Value". This field can be used in order to provide all the desired attributes and their values on a single field. The example presented in the screenshot can be translated as "displayName,TestingUser;mail,TstUser@flowster.de;company,Flowster Solutions".
- Parent Entry (text box editor type) (type: string): the parent entry for the new created user. The parent entry can be linked to a variable outputed by the GetEntry activity (for GetEntry binding usage, see the Add Computer To Group activity) or written by hand. The accepted format should be written as in the given example: "LDAP://VSRPDC201.FMRP.intern/OU=Users,OU=__DEV-Testing,DC=FMRP,DC=intern":
- Password String (text box editor type) (type: string): the string value for the password. When editing this parameter, the value of the password will appear as plain text.
- sAMAccountName (text box editor type) (type: string): the sAMAccountName for the new user.
The Read Only Output variable are the possible output values that the activity will provide:
- Entry Path (type: string): outputs the path of the new created user.
Execution: the activity will output the result of the group creation, displaying the newly created group's Path:
...
Delete Entry
This activity deletes specified entry from Active Directory.
...
This activity can be used to remove different kind of entries, not just users. It can remove a computer and also a group.
Edit Account Expires
This activity sets the value of the "accountExpires" property for an Active Directory account.
...
- Date (text box editor type) (type: string): the value for the date and time when the account should expire. The value must be inserted as a string, following the format given inside the Date Format parameter (e.g. 07/01/2017 10:10:10, which means that the account will expire on January 7, 2017 at 10:00:00)
- Date Format (text box editor type) (type: string): the format of the date and time when the account will expire. If no value is provided, the the activity will take the System's defaults.
- Entry (text box editor type) (type: string): the entry for the account, in this case the entry for an user account. The entry can be linked to a variable outputed by the GetEntry activity or written by hand. The accepted format should be written as in the given example: "LDAP://VSRPDC201.FMRP.intern/CN=TestingUser,OU=Users,OU=__DEV-Testing,DC=FMRP,DC=intern":
Using Get Entry activity: get Entry activities can be used in order to extract the needed entry paths from Active Directory. The steps below are describing a scenario of how to use both Get Entry and Edit Account Expires activity types:
- use another Get Entry activity to extract the User entry path:
- bind the obtained path (stored in a variable) to the User field from the Edit Account Status activity:
Edit Computer Account Status
...
- Output Status (type: boolean): outputs the result status. If the operation succeeded then TRUE, otherwise FALSE.
...
Execution: the activity will search for the given computer entry and if it is a valid one, will perform the specified operation (disable or enable):
Edit Entry
This activity edits specified attribute(s) values of a specified input entry.
...
As mentioned above, the value(s) can be edited in 3 different ways:
- by using the Attribute parameter (single attribute):
- by using the Attributes collection of parameters (multiple attributes):
- by using the CSV Attributes parameter (multiple attributes and values, written as a single string):
...
Edit User Account Status
...
Execution: the activity will check the provided entry and if found, will perform the selected operation on it (enable, disable, lick, unlock):
Get Get Account Expires
This activity returns the value stored on the accountExpires attribute.
...
Execution: the activity will check the provided entry and if found, will return the value stored on the accountExpires attribute, as a string (in this case will be the date and the time when the account will expire):
Get Entries by Filter
This activity retrieves a collection of Active Directory entries (paths) based on the input filters.
...
- Output (type: collection<collection<collection<string>>>): returns a collection of entries (their paths and attributes).To use the elements of the collection, use Get Element From Collection activity.
- Output Rows (type: int32): outputs the number of rows retrieved.
...
Execution: the activity will check the provided location path and if found, will return the objects stored within (groups, user, computers or OUs, depends on the used filter). The example below is an execution where all the groups from the Groups OU were returned:
In order to extract the values from the output collection (in our case the output is a Collection(Of Collection(Of Collection(Of String))) ), several For Each and Get Element From Collection activities should be used:
The first For Each is used to extract a first collection from the output collection, the variable being of type Collection<Of Collection<Of Collection<Of String>>>. The extracted Collection<Of Collection<Of String>> will be assigned to the Iterator variable.
...
Output (type: object): outputs entry object from Active Directory, in the System.DirectoryServices.DirectoryEntry format
- Output Entry Path : outputs the resulted entry path. This output will be used by the most of the Active Directory activities as an entry value:
Execution: the activity will search the Active Directory for the given input and if found, it will return its values:
Get Entry Attributes
This activity gets specified entry and retrieves a collection containing the attributes and their corresponding values.
...
- Output (Collection<Collection<String>>): outputs a collection of Groups and their AD paths.To use the elements of the collection, use Get Element From Collection activity.
- Output Rows Count: output Rows Count.
- Selected Attribute Multiple Output: outputs a collection of values of the specified 'Selected Attribute' parameter.To use the elements of the collection, use Get Element From Collection activity.
- Selected Attribute Single Output: outputs a single value (first) of the specified 'Selected Attribute' parameter.
Execution: the activity will check the provided entry path and if found, will return the values for all attributes (if the Selected Attribute field is empty) or just for a single attribute (if the Selected Attribute parameter contains a value):
In order to extract the values from the output collection (in our case the output is a Collection(Of Collection(Of String)) ), For Each and Get Element From Collection activities should be used:
The For Each is used to extract a single collection from the output collection, the output collection being of type Collection<Of Collection<Of String>>. The extracted Collection<<Of String> will be assigned to the Iterator variable.
The Get Element From Collection activity will take the Iterator as the Collection Input, extracting the String's value from it.
Get Password Expiration Date
...
- Output Date (type: Nullable<DateTime>): outputs the expiration date for the specified period. If NULL is returned then the user password never expires.
- Output Days (type: int32): outputs the number of days until/since the expiration date. If it is negative it means that the password is already expired.
Get Entry SID
This activity returns the SID object and a string equivalent of an AD Entry.
...
- SID (type: string): SID string of the specified AD Entry.
- SID Object (type: byte[ ]): an array of byte representing the SID Object.
Execution: the activity will check the provided entry path and if found, will return the SID object in object and string formats:
Get User Account Status
This activity returns information about an entry, regarding the account status,password,account expiration date, email.
...
- Output (type: collection<string>): outputs a collection of attributes and their values for the specified entry.
- Output Status (type: boolean): outputs the result status. If the operation succeeded then TRUE, otherwise FALSE.
Execution: the activity will retrieve all statuses for the given entry:
Get User Groups
This activity retrieves a collection containing the groups the user is a member of.
...
- Output (type: collection<collection<string>>): outputs a collection of Groups and their AD paths. To use the elements of the collection, use Get Element From Collection activity.
- Output Rows Count (type: int32): outputs Rows Count of the returned values.
Execution: the activity will retrieve all the groups where the given entry is a member of:
Get Users in Group
This activity retrieves a collection containing the users of a specified group.
...
- Output (type: collection<collection<string>>): outputs a collection of Users and their AD paths.To use the elements of the collection, use Get Element From Collection activity.
- Output Rows Count (type: int32): outputs Rows Count for retrieved users.
Execution: the activity will retrieve all the users which are members of the given group:
Group Exists
This activity checks in the Active Directory if specified group has an entry in 'Groups' class.
...
Execution: the activity will search after the given value (a sAMAccountName, a Name, a Display Name or othet values that the provided attribute can take) and if it finds the object, will return True, otherwise it will return False:
Is Member
This activity validates if user, group or computer-account is member of a specified Active Directory group.
...
Execution: the activity will search if the given user (Entry Path parameter) is a member of the given group (Group Path parameter). If yes, it will return True, otherwise False:
Join Computer to Domain
This activity joins a computer to a specified domain.
Activity Parameters
The Join Computer to Domain activity parameters can be provided by manual inserted values or via IN arguments or variables:
Parameters:
- Account Create (combo box editor type): specifies if the activity will also create a Computer account into Active Directory for the given machine. If set to Yes, then the account will be created in the given Destination OU or in the default location (if Destination OU is empty). If set to No, the activity will only join the computer to the domain, without creating an account for it.
- Destination OU (text box editor type) (type: string): the Active Directory organizational unit (OU) where the new computer account will be created. If this parameter is specified and if the Account Create flag is set to Yes, then the new computer account will be created in this AD location. If the field is left empty and the Account Create flag is set to Yes, the new computer account will be created in the AD's default Computers location.
- Domain (text box editor type) (type: string): the domain where the given machine will be joined. For example, "FMRP.intern".
- Domain Join if Joined (combo box editor type) : specifies if the machine will rejoin the given domain, if it is already joined. If set to No, the machine will not rejoin the domain (only if it is already joined) and the activity message will be "The machine is already joined to the domain".
- Machine Name (text box editor type) (type: string): the name of the machine which will be joined to the given domain. If Account Create is set to Yes, then this will also be the name of the AD computer account.
- Password (password box editor type) (type: string): the password for the user which will try adding the machine to the domain.
- Password Binding (text box editor type) (type: string): bind to a variable containing the encrypted password for the connection. This parameter is used only when the user wants to send an encrypted password from outside the taskworkflow, for example Flowster Studio Portal.
- User Domain (text box editor type) (type: string): the domain of the user which will try to add the machine to the domain. For example "FMRP.intern", which is also the domain where the user is a member of.
- Username (text box editor type) (type: string): the user which will try adding the machine to the domain. The user must have rights to perform this kind of operation.
The Read Only Output variable are the possible output values that the activity will provide:
- Output (type: boolean): outputs the status of the operation.
Execution: the activity will try to add the given machine to the given domain, for example:
Move Entry
This activity moves a specified entry to a new location in Active Directory.
...
Execution: the activity will move the user into the new location. In the screenshot below, there can be seen the user in the new location, in Active Directory:
Remove Computer from Group
...
The Remove Computer from Group activity parameters can be provided by manual inserted values or via IN arguments or variables:
Parameters:
- Computer (text box editor type) (type: string): the entry for the computer. The entry can be linked to a variable outputed by the GetEntry activity (for GetEntry binding usage, see the Add Computer To Group activity) or written by hand. The accepted format should be written as in the given example: "LDAP://VSRPDC201.FMRP.intern/CN=TestingMachine,OU=Computers,OU=__DEV-Testing,DC=FMRP,DC=intern":
- Group (text box editor type) (type: string): the entry for the group where the computer is a member of. The entry can be linked to a variable outputed by the GetEntry activity (for GetEntry binding usage, see the Add Computer To Group activity) or written by hand. The accepted format should be written as in the given example: "LDAP://VSRPDC201.FMRP.intern/CN=TestingGroup,OU=Groups,OU=__DEV-Testing,DC=FMRP,DC=intern":
Execution: the activity will remove the given computer from the given group. The output will display both the computer and the group AD paths and their DN (distinguished names):
Remove Group from Group
This activity removes group from specified group.
...
Execution: the activity will search if the provided entry paths are valid and if yes, it will remove the indicated group from the other group. The output will display both the groups AD paths and their DN (distinguished names):
Remove User from Group
This activity removes specified user from specified group.
...
Execution: the activity will search if the provided entry paths are valid and if yes, it will remove the indicated user from the other group. The output will display both the user and the group AD paths and their DN (distinguished names):
Rename Entry
This activity gives new value(s) to an AD attribute that needs to be renamed (for example, the name attribute needs a different method for assigning a new value that edit).
...
Output (type: object): outputs entry object from Active Directory, in the System.DirectoryServices.DirectoryEntry format
- Output Entry Path : outputs the resulted entry path. This output can be used by the most of the Active Directory activities as an entry value:
Execution: the activity will search the Active Directory for the given input and if found, it will rename it:
...
Rename Entry
This activity gives new value(s) to an AD attribute that needs to be renamed (for example, the name attribute needs a different method for assigning a new value that edit).
...
Output (type: object): outputs entry object from Active Directory, in the System.DirectoryServices.DirectoryEntry format
- Output Entry Path : outputs the resulted entry path. This output can be used by the most of the Active Directory activities as an entry value:
Execution: the activity will search the Active Directory for the given input and if found, it will rename it:
User Exists
This activity checks in the Active Directory if specified user has an entry in 'User' Class..
...
Execution: the activity will search the Active Directory for the given input and if found, it will return True, otherwise False:
