Versions Compared

Version Old Version 86 New Version 87
Changes made by

wiki

wiki

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Activities

...

  • ClearAttribute (text box editor type) (type: string): the attribute that will be cleared/removed.
  • Entry (text box editor type) (type: string): the entry path of the Active Directory entry, or bind this parameter with the output parameter of a Get Entry activity. If the Entry Path will be manually inserted, the accepted format should be written like in the following example: "LDAP://servername.dc1.com/CN=DemoUser,OU=DemoOU,DC=dc1,DC=com"



Using Get Entry activities: get Entry activities can be used in order to extract the needed entry paths from Active Directory. The steps below are describing a scenario of how to use both Get Entry and ClearADAttributeValue activity:

...

The Edit Account Expires activity parameters can be provided by manual inserted values or via IN arguments or variables:

Image RemovedImage Added

Parameters:

  • Date (text box editor type) (type: string): the value for the date and time when the account should expire. The value must be inserted as a string, following the format given inside the Date Format parameter (e.g. 07/01/2017 10:10:10, which means that the account will expire on January 7, 2017 at 10:00:00)
  • Date Format (text box editor type) (type: string): the format of the date and time when the account will expire. If no value is provided, the the activity will take the System's defaults.
  • Entry (text box editor type) (type: string): the entry for the account, in this case the entry for an user account. The entry can be linked to a variable outputed by the GetEntry activity or written by hand. The accepted format should be written as in the given example: "LDAP://VSRPDC201servername.FMRPdc1.interncom/CN=TestingUserDemoUser1,OU=Users,OU=__DEV-Testing,DC=FMRPdc1,DC=interncom":
    Image Removed.


Using Get Entry activity: get Entry activities can be used in order to extract the needed entry paths from Active Directory. The steps below are describing a scenario of how to use both Get Entry and Edit Account Expires activity types:

...

The Edit Computer Account Status activity parameters can be provided by manual inserted values or via IN arguments or variables:

Image RemovedImage Added

Parameters:

  • Action (combo box control) (type: string): choose to Enable/Disable the specified computer account.
  • Entry (text box editor type) (type: string): the entry for the account, in this case the entry for a computer account. The entry can be linked to a variable outputed by the GetEntry activity (for GetEntry binding usage, see the Add Computer To Group activity) or written by hand. The accepted format should be written as in the given example: "LDAP://VSRPDC201servername.FMRPdc1.interncom/CN=TestingMachineDemoComputer1,OU=Computers,OU=__DEV-Testing,DC=FMRPdc1,DC=interncom":.Image Removed

The Read Only Output variable are the possible output values that the activity will provide:

...

The Edit Entry activity parameters can be provided by manual inserted values or via IN arguments or variables:

Image RemovedImage Added

Parameters:

  • Attribute (text box editor type) (type: string): the attribute for which the value(s) will be edited. Here should be inserted the name exactly as seen in Active Directory (e.g. displayName)
  • Attributes (text box editor type) (type: string): the attributes as a collection for the AD entry that you want to edit. This parameter can be used in case of multiple attributes that will be edited. Attributes will be added as a list, with their Names and new Values
  • CSV Attributes (text box editor type) (type: string): overrides the 'Attributes' parameter. The values must be entered with the format: "AttributeName1,Attribute1Value;Attribute2Name,Attribute2Value". This parameter can be used instead of the Attributes one if there is desired to write all attributes and their values as a single string
  • Date Format (text box editor type) (type: string): if 'Value Type' is 'DateTime', enter the date format string. For example: dd.MM.yyyy; if no value is entered, the system defaults are used.
  • Entry (text box editor type) (type: string): the entry for the account, in this case the entry for an user account. The entry can be linked to a variable outputed by the GetEntry activity (for GetEntry binding usage, see the Add Computer To Group activity) or written by hand. The accepted format should be written as in the given example: "LDAP://VSRPDC201servername.FMRPdc1.interncom/CN=TestingUserDemoUser1,OU=Users,OU=__DEV-Testing,DC=FMRPdc1,DC=interncom":.Image Removed
  • Value Type (combo box control) (type: string): choose Data type for the edited value. In our example String will be needed
  • Value(s) (text box editor type) (type: IEnumerable<string>): enter new value(s) for the attribute (the one provided in the Attribute field), separated by ','. Being of type IEnumerable<of string>, the value(s) should be written between {}
    • Examples of values:
      • simple string: {"Demo Test"}
      • multiple values: {"Demo Test","Demo Name","Demo Value"}
      • simple string with comma in it: {"Demo, Test"}
      • multiple values with comma inside of the string: {"Demo, Test","Demo, Name"","Demo, Value"}
 

As mentioned above, the value(s) can be edited in 3 different ways:

  • by using the Attribute parameter (single attribute):
    Image Removed
    Image Added

  • by using the Attributes collection of parameters (multiple attributes):
    Image Removed
    Image Added

  • by using the CSV Attributes parameter (multiple attributes and values, written as a single string):
    Image Removed
    Image Added


 

Edit User Account Status

...

The Edit User Account Status activity parameters can be provided by manual inserted values or via IN arguments or variables:

Image RemovedImage Added

Parameters:

  • Action (combo box control) (type: string): choose to Enable/Disable or Lock/Unlock the specified user account.
  • Attempts (text box editor type) (type: string): the number of allowed bad password attempts.
  • Entry (text box editor type) (type: string): the entry for the account, in this case the entry for an user account. The entry can be linked to a variable outputed by the GetEntry activity (for GetEntry binding usage, see the Add Computer To Group activity) or written by hand. The accepted format should be written as in the given example: "LDAP://VSRPDC201servername.FMRPdc1.interncom/CN=TestingUserDemoUser1,OU=Users,OU=__DEV-Testing,DC=FMRPdc1,DC=interncom":
    Image Removed.

The Read Only Output variable are the possible output values that the activity will provide:

...

The Get Account Expires activity parameters can be provided by manual inserted values or via IN arguments or variables:

Image RemovedImage Added

Parameters:

  • Entry (text box editor type) (type: string): the entry for the account, in this case the entry for an user account. The entry can be linked to a variable outputed by the GetEntry activity (for GetEntry binding usage, see the Add Computer To Group activity) or written by hand. The accepted format should be written as in the given example: "LDAP://VSRPDC201servername.FMRPdc1.interncom/CN=TestingUserDemoUser1,OU=Users,OU=__DEV-Testing,DC=FMRPdc1,DC=interncom":
    Image Removed.

The Read Only Output variable are the possible output values that the activity will provide:

  • Output (type: string): outputs the result status. If the operation succeeded then TRUE, otherwise FALSE.

Execution: the activity will check the provided entry and if found, will return the value stored on the accountExpires attribute, as a string (in this case will be the date and the time when the account will expire):

Image Removed

  • value of the 'accountExpires' attribute as string.
  • Output FileTime (type: Int64): outputs the value of the 'accountExpires' attribute converted to FileTime. In order to work with this output value the activity 'ConvertFileTimeToDateTime' can be used.




Get Entries by Filter

This activity retrieves a collection of Active Directory entries (paths) based on the input filters.

...

The Get Entries by Filter activity parameters can be provided by manual inserted values or via IN arguments or variables:

Image RemovedImage Added

Parameters:

  • Filter By (combo box control) (type: string): the property name by which you want to filter the results (ex: name, sAMAccountName). Flowster Studio provides the following options:
    • sAMAccountName
    • Name
    • Display Name
    • OU
    • CN
    • Distinguished Name
  • Filter Value (text box editor type) (type: string): the value (for the 'Filter by' parameter) by which you want to filter the results. If there is desired to be returned all the results, the leave the field empty (as seen in the screenshot above)
  • Location (text box editor type) (type: string): the Active Directory path from where you want to retrieve the entries. The accepted format should be written as in the given example: "LDAP://VSRPDC201servername.FMRPdc1.interncom/OU=Groups,OU=__DEV-Testing,DC=FMRPdc1,DC=interncom":
    Image Removed.
  • Object Class (combo box control) (type: string): choose the class of the entries you want to retrieve. Flowster Studio provides the following options:
    • User
    • Group
    • Computer
    • OU

...

  • Output (type: collection<collection<collection<string>>>): returns a collection of entries (their paths and attributes).To use the elements of the collection, use Get Element From Collection activity.
  • Output Rows (type: int32)outputs the number of rows retrieved.
 

Image Removed


Execution: the activity will check the provided location path and if found, will return the objects stored within (groups, user, computers or OUs, depends on the used filter). The example below is an execution where all the groups from the Groups OU were returned:

Image Removed


In order to extract the values from the output collection (in our case the output is a Collection(Of Collection(Of Collection(Of String))) ), several For Each and Get Element From Collection activities should be used:

...

The Get Element From Collection activity will take the Iterator1 as the Collection Input, extracting the String's value from it.

Image Removed

 

Get Entry

This activity gets specified entry from Active Directory.

...

  • Output (type: object): outputs entry object from Active Directory, in the System.DirectoryServices.DirectoryEntry format

  • Output Entry Path : outputs the resulted entry path. This output will be used by the most of the Active Directory activities as an entry value:
 

Image Removed

Execution: the activity will search the Active Directory for the given input and if found, it will return its values:

Image Removed

...


Get Entry Attributes

This activity gets specified entry and retrieves a collection containing the attributes and their corresponding values.

...

The Get Entry Attributes activity parameters can be provided by manual inserted values or via IN arguments or variables:

Image RemovedImage Added

Parameters:

  • Entry (text box editor type) (type: string):  the entry for the account, in this case the entry for an user account. The entry can be linked to a variable outputed by the GetEntry activity (for GetEntry binding usage, see the Add Computer To Group activity) or written by hand. The accepted format should be written as in the given example: "LDAP://VSRPDC201servername.FMRPdc1.interncom/CN=TestingUserDemoUser1,OU=Users,OU=__DEV-Testing,DC=FMRPdc1,DC=interncom":Image Removed
  • Selected Attribute (text box editor type) (type: string): specify an attribute for which you want a separate output. This parameter is used when it is desired for the activity to return only the value(s) for a single attribute (e.g. sAMAccountName)

...

  • Output (Collection<Collection<String>>): outputs a collection of Groups and their AD paths.To use the elements of the collection, use Get Element From Collection activity.
  • Output Rows Countoutput Rows Count.
  • Selected Attribute Multiple Outputoutputs a collection of values of the specified 'Selected Attribute' parameter, for example for attribute 'objectClass'. To use the elements of the collection, use Get Element From Collection activity.
  • Selected Attribute Single Outputoutputs a single value (first) of the specified 'Selected Attribute' parameter.
 

...

Execution: the activity will check the provided entry path and if found, will return the values for all attributes (if the Selected Attribute field is empty) or just for a single attribute (if the Selected Attribute parameter contains a value):

...

The Get Element From Collection activity will take the Iterator as the Collection Input, extracting the String's value from it.Image Removed




Get Password Expiration Date

...

The Get Password Expiration Date activity parameters can be provided by manual inserted values or via IN arguments or variables:

Image RemovedImage Added

Parameters:

  • Entry (text box editor type) (type: string): the entry for the account, in this case the entry for an user account. The entry can be linked to a variable outputed by the GetEntry (for GetEntry binding usage, see the Add Computer To Group activity) activity or written by hand. The accepted format should be written as in the given example: "LDAP://VSRPDC201servername.FMRPdc1.interncom/CN=TestingUserDemoUser1,OU=Users,OU=__DEV-Testing,DC=FMRPdc1,DC=interncom":
    Image Removed

The Read Only Output variable are the possible output values that the activity will provide:

  • Output Date (type: Nullable<DateTime>): outputs the expiration date for the specified period. If NULL is returned then the user password never expires. 
  • Output Days (type: int32): outputs the number of days until/since the expiration date. If it is negative it means that the password is already expired.


 

Get Entry SID

This activity returns the SID object and a string equivalent of an AD Entry.

...

The Get Entry SID activity parameters can be provided by manual inserted values or via IN arguments or variables:

Image RemovedImage Added

Parameters:

  • Entry (text box editor type) (type: string): the entry for the account, in this case the entry for an user account. The entry can be linked to a variable outputed by the GetEntry activity (for GetEntry binding usage, see the Add Computer To Group activity) or written by hand. The accepted format should be written as in the given example: "LDAP://VSRPDC201servername.FMRPdc1.interncom/CN=TestingUserDemouser1,OU=Users,OU=__DEV-Testing,DC=FMRPdc1,DC=interncom":
    Image Removed.

The Read Only Output variable are the possible output values that the activity will provide:

  • SID (type: string): SID string of the specified AD Entry.
  • SID Object (type: byte[ ]): an array of byte representing the SID Object.

Image Removed

Execution: the activity will check the provided entry path and if found, will return the SID object in object and string formats:


 

Get User Account Status

This activity returns information about an entry, regarding the account status,password,account expiration date, email.

...

The Get User Account Status activity parameters can be provided by manual inserted values or via IN arguments or variables:

Image RemovedImage Added

Parameters:

  • Entry (text box editor type) (type: string): the entry for the account, in this case the entry for an user account. The entry can be linked to a variable outputed by the GetEntry activity (for GetEntry binding usage, see the Add Computer To Group activity) or written by hand. The accepted format should be written as in the given example: "LDAP://VSRPDC201servername.FMRPdc1.interncom/CN=TestingUserDemoUser1,OU=Users,OU=__DEV-Testing,DC=FMRPdc1,DC=interncom":
    Image Removed.

The Read Only Output variable are the possible output values that the activity will provide:

  • Output (type: collection<string>): outputs a collection of attributes and their values for the specified entry.
  • Output Status  (type: boolean)outputs the result status. If the operation succeeded then TRUE, otherwise FALSE.

...



Execution: the activity will retrieve all statuses for the given entry:



 

Get User Groups

This activity retrieves a collection containing the groups the user is a member of.

...

 


Execution: the activity will retrieve all the groups where the given entry is a member of:




 

Get Users in Group

This activity retrieves a collection containing the users of a specified group.

...

Execution: the activity will retrieve all the users which are members of the given group:


 




Group Exists

This activity checks in the Active Directory if specified group has an entry in 'Groups' class.

...

 

Execution: the activity will search if the given user (Entry Path parameter) is a member of the given group (Group Path parameter). If yes, it will return True, otherwise False:






Join Computer to Domain

This activity joins a computer to a specified domain.

Activity Parameters

The Join Computer to Domain activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

  • Account Create (combo box editor type): specifies if the activity will also create a Computer account into Active Directory for the given machine. If set to Yes, then the account will be created in the given Destination OU or in the default location (if Destination OU is empty). If set to No, the activity will only join the computer to the domain, without creating an account for it.
  • Destination OU (text box editor type) (type: string): the Active Directory organizational unit (OU) where the new computer account will be created. If this parameter is specified and if the Account Create flag is set to Yes, then the new computer account will be created in this AD location. If the field is left empty and the Account Create flag is set to Yes, the new computer account will be created in the AD's default Computers location.
  • Domain (text box editor type) (type: string): the domain where the given machine will be joined. For example, "FMRP.intern".
  • Domain Join if Joined (combo box editor type) : specifies if the machine will rejoin the given domain, if it is already joined. If set to No, the machine will not rejoin the domain (only if it is already joined) and the activity message will be "The machine is already joined to the domain".
  • Machine Name (text box editor type) (type: string): the name of the machine which will be joined to the given domain. If Account Create is set to Yes, then this will also be the name of the AD computer account.
  • Password (password box editor type) (type: string): the password for the user which will try adding the machine to the domain.
  • Password Binding (text box editor type) (type: string): bind to a variable containing the encrypted password for the connection. This parameter is used only when the user wants to send an encrypted password from outside the workflow, for example Flowster Studio Portal.
  • User Domain (text box editor type) (type: string): the domain of the user which will try to add the machine to the domain. For example "FMRP.intern", which is also the domain where the user is a member of.
  • Username (text box editor type) (type: string): the user which will try adding the machine to the domain. The user must have rights to perform this kind of operation.

The Read Only Output variable are the possible output values that the activity will provide:

  • Output  (type: boolean): outputs the status of the operation.
 

Execution: the activity will try to add the given machine to the given domain, for example:




 

Move Entry

This activity moves a specified entry to a new location in Active Directory.

...

 

Execution: the activity will move the user into the new location. In the screenshot below, there can be seen the user in the new location, in Active Directory:



 

Remove Computer from Group

...

Execution: the activity will search if the provided entry paths are valid and if yes, it will remove the indicated group from the other group. The output will display both the groups AD paths and their DN (distinguished names):



 

Remove User from Group

This activity removes specified user from specified group.

...

Execution: the activity will search if the provided entry paths are valid and if yes, it will remove the indicated user from the other group. The output will display both the user and the group AD paths and their DN (distinguished names):



 


Rename Entry

This activity gives new value(s) to an AD attribute that needs to be renamed (for example, the name attribute needs a different method for assigning a new value that edit).

...