Activities
- Connect to Active Directory13669534395
- Disconnect from Active Directory
- Add Computer to Group
- Add Domain User to Local Group
- Add Group to Group
- Add User to Group
- 13669534395
- 13669534395
- 13669534395
- 13669534395
- 13669534395
- Change User Password
- Change User Password (non-encrypted)
- ClearADAttributeValue
- Computer Exists
- Create Computer
- Create Group
- Create User
- Create User With Password String
- Delete Entry
- 13669534395
- Edit Account Expires
- Edit Computer Account Status
- Edit Entry
- Edit User Account Status
- Get Account Expires
- Get Entries by Filter
- Get Entry
- Get Entry Attributes
- Get Password Expiration Date
- Get User Account Status
- Get User Groups
- Get Users in Group
- Get Entry SID
- Group Exists
- Is Member
- Join Computer to Domain
- Move Entry
- Remove Computer from Group
- Remove Group from Group
- Remove User from Group
- User Exists
Connect to Active Directory
...
The Connect to Active Directory activity parameters can be provided by manual inserted values or via IN arguments or variables:
Parameters:
- AD Path (combo box control) (type: string): the Active Directory connection string, without "LDAP:\\\\" part. Here can be inserted, for example, the name of the Domain Controller server: "dc1.com"
- Logon Provider AD Site (combo box control) (type: string): choose from the drop down list the logon provider. Flowster Studio provides the following options:
- Default: Use the standard logon provider for the system. The default security provider is negotiate, unless you pass NULL for the domain name and the user name is not in UPN format. In this case the default provider is NTLM.
- WinNT50: Use the negotiate logon provider. This value is not support for Windows NT 4 or earlier.
- WinNT40: Use the NTLM logon provider
- WinNT35: Use the Windows NT 3.5 logon provider
- Domain entry Path (text box editor type) (type: string): Enter Domain entry path "LDAP://domain.com". Only in conjuction with AD Site Filter parameter for cross domains. If left empty it will use the current domain entry path.
- Logon Provider (combo box control) (type: string): choose from the drop down list the type of logon operation to perform.
- Interactive: used for a logon at the console of a computer. An Interactive logon is logged when it is attempted to log on at a Windows computer’s local keyboard and screen
- Network: occurs when there are accessed remote file shares or printers. Also, most logons to Internet Information Services (IIS) are classified as network logons, other than IIS logons that use the basic authentication protocol (those are logged as logon type Network Clear Text)
- Batch: used for scheduled workflows. When the Windows Scheduler service starts a scheduled workflow, it first creates a new logon session for the workflow, so that it can run in the security context of the account that was specified when the workflow was created
- Service: used for services and service accounts that log on to start a service. When a service starts, Windows first creates a logon session for the user account that is specified in the service configuration
- Unlock: used whenever a Windows machine is unlocked
- Network Clear Text: used when log on over a network and the password is sent in clear text. This happens, for example, when basic authentication is used to authenticate to an IIS server
- New Credentials: used when running an application using the RunAs command and specify the /netonly switch. When you start a program with RunAs using /netonly, the program starts in a new logon session that has the same local identity (this is the identity of the currently logged on user), but uses different credentials (the ones specified in the runas command) for other network connections. Without /netonly, Windows runs the program on the local computer and on the network as the user specified in the runas command, and logs the logon event with type Interactive
- Password (password editor type) (type: string): the password for the provided username.
- Password Binding (text box editor type) (type: string): bind to a variable containing the encrypted password for the connection. (This parameter is used only when the user wants to send an encripted password from outside the workflow, for example Flowster Portal).
- Root (combo box control) (type: string): the root type:
- LDAP: when the scope of a search is the domain or an organizational unit
- GC: when the scope of a search is the forest
- Secure Connection (combo box control) (type: string): this can be used as input when you need a secure connection. You can either provider. Flowster Studio provides the following options:
- Default: Use the standard logon provider for the system. The default security provider is negotiate, unless you pass NULL for the domain name and the user name is not in UPN format. In this case the default provider is NTLM.
- WinNT50: Use the negotiate logon provider. This value is not support for Windows NT 4 or earlier.
- WinNT40: Use the NTLM logon provider
- WinNT35: Use the Windows NT 3.5 logon provider
- Logon Type (combo box control) (type: string): choose from the drop down list the type of logon operation to perform.
- Interactive: used for a logon at the console of a computer. An Interactive logon is logged when it is attempted to log on at a Windows computer’s local keyboard and screen
- Network: occurs when there are accessed remote file shares or printers. Also, most logons to Internet Information Services (IIS) are classified as network logons, other than IIS logons that use the basic authentication protocol (those are logged as logon type Network Clear Text)
- Batch: used for scheduled workflows. When the Windows Scheduler service starts a scheduled workflow, it first creates a new logon session for the workflow, so that it can run in the security context of the account that was specified when the workflow was created
- Service: used for services and service accounts that log on to start a service. When a service starts, Windows first creates a logon session for the user account that is specified in the service configuration
- Unlock: used whenever a Windows machine is unlocked
- Network Clear Text: used when log on over a network and the password is sent in clear text. This happens, for example, when basic authentication is used to authenticate to an IIS server
- New Credentials: used when running an application using the RunAs command and specify the /netonly switch. When you start a program with RunAs using /netonly, the program starts in a new logon session that has the same local identity (this is the identity of the currently logged on user), but uses different credentials (the ones specified in the runas command) for other network connections. Without /netonly, Windows runs the program on the local computer and on the network as the user specified in the runas command, and logs the logon event with type Interactive
- Password (password editor type) (type: string): the password for the provided username.
- Password Binding (text box editor type) (type: string): bind to a variable containing the encrypted password for the connection. (This parameter is used only when the user wants to send an encripted password from outside the workflow, for example Flowster Portal).
- Persistance Enable this parameter in order to serialize activities for persistance.
- Port (combo box control) (type: string): Enter the AD port on which you want to connect. Usually 636 for ssl and 389 non ssl.
- Root (combo box control) (type: string): the root type:
- LDAP: when the scope of a search is the domain or an organizational unit
- GC: when the scope of a search is the forest
- Secure Connection (combo box control) (type: string): this can be used as input when you need a secure connection. You can either choose from the drop down list if the connection should be secured or you can bind this parameter to a Variable/Global Variable or IN argument.
- Username (text box editor type) (type: string): the username to query and perform Active Directory operations. The accepted format is domain\username
...
The Disconnect from Active Directory activity parameters can be provided by manual inserted values or via IN arguments or variables:
Parameters:
- Connection (text box editor type) (type: object): the Active Directory Connection. The output parameter from Connect To Active Directory activity should be used as Input here.
...
- use a Get Entry activity to extract the Group entry (the group where the user will be added):
- use another Get Entry activity to extract the User entry path (the user will be added):
use another Get Entry activity to extract the User entry path (the user which will be added into the group)
bind the obtained paths (stored in variables) to the Group and Group To Be Added fields from the Add Group To Group activity:
- which will be added into the group)
- bind the obtained paths (stored in variables) to the Group and Group To Be Added fields from the Add Group To Group activity:
Add User to Group Extended
This activity adds specified user to specified group.
Activity Parameters
The Add User to Group Extended activity parameters can be provided by manual inserted values or via IN arguments or variables:
Parameters:
- Close AD Connection (text box editor type) (type: object): Close AD connection after success or failure.
- Connection (text box editor type) (type: object): the Active Directory Connection. The output parameter from Connect To Active Directory activity should be used as Input here.
- Group (text box editor type) (type: string): the entry path of the group where the user will be added, or bind this parameter with the output parameter of a Get Entry activity. If the Group Entry Path will be manually inserted, the accepted format should be written like in the following example: "LDAP://servername.dc1.com/CN=TestingGroup,OU=Groups,OU=__DEV-Testing,DC=dc1,DC=com"
- RetryCount (text box editor type) (type: object): Enter the amount of retries the activity does every {RetryDelay} in seconds, when the activity fails.
- RetryDelay (text box editor type) (type: object): The delay in seconds between each retry.
- User (text box editor type) (type: string): the entry path of the user that will be added to the group, or bind this parameter with the output parameter of a Get Entry activity. If the User Entry Path will be manually inserted, the accepted format should be written like in the following example: "LDAP://servername.dc1.com/CN=TestingUser,OU=Users,OU=__DEV-Testing,DC=dc1,DC=com"
The Read Only Output variable are the possible output values that the activity will provide:
- Error Code (type: string): The error code from the error that occured (if any).
- Error Message (type: string): The error message from the error that occured (if any).
- HRESULT Code (type: string): The HRESULT from the error that occured (if any)
- Output success status (type: boolean): Outputs whether the acrivity succeeded or not.
- Source (type: object): The source from the error that occured (if any).
Change User Password
This activity changes the password of a user account.
Activity Parameters
The Change User Password activity parameters can be provided by manual inserted values or via IN arguments or variables:
...
This activity changes the password of a user account with non-encrypted Password String.
Activity Parameters
The Change User Password (non-encrypted) activity parameters can be provided by manual inserted values or via IN arguments or variables:
...
NOTE: An attribute to be cleared means to insert null value but strings with 0 length or attributes with null value are not valid attribute in AD, this means that when you set a value to "" , the property/attribute gets deleted.
Activity Parameters
The ClearADAttributeValue activity parameters can be provided by manual inserted values or via IN arguments or variables:
...
- ClearAttribute (text box editor type) (type: string): the attribute that will be cleared/removed.
- Entry (text box editor type) (type: string): the entry path of the Active Directory entry, or bind this parameter with the output parameter of a Get Entry activity. If the Entry Path will be manually inserted, the accepted format should be written like in the following example: "LDAP://servername.dc1.com/CN=DemoUser,OU=DemoOU,DC=dc1,DC=com"
Using Get Entry activities: get Entry activities can be used in order to extract the needed entry paths from Active Directory. The steps below are describing a scenario of how to use both Get Entry and ClearADAttributeValue activity:
...
This activity checks in the Active Directory if specified computer has an entry in 'Computer' class.
Activity Parameters
The Computer Exists activity parameters can be provided by manual inserted values or via IN arguments or variables:
...
This activity creates a new entry of class 'Computer' in Active Directory.
Activity Parameters
The Create Computer activity parameters can be provided by manual inserted values or via IN arguments or variables:
...
- Entry Path (type: string): outputs the path of the new created computer.
Create Group
This activity creates a new entry of class 'Group' in Active Directory.
Activity Parameters
The Create Group activity parameters can be provided by manual inserted values or via IN arguments or variables:
...
Execution: the activity will output the result of the group creation, displaying the newly created group's Path.
Create User
This activity creates a new entry of class 'User' in Active Directory.
Activity Parameters
The Create User activity parameters can be provided by manual inserted values or via IN arguments or variables:
...
Execution: the activity will output the result of the group creation, displaying the newly created user's Path.
Create User With Password String
This activity creates a new entry of class 'User' in Active Directory.
Activity Parameters
The Create User With Password String activity parameters can be provided by manual inserted values or via IN arguments or variables:
Parameters:
- Attributes (text box editor type) (type: string): enter user specific Attributes for the new created user. Here can be inserted attributes that would not be created by default with the activity (optional attributes in AD). For example, it can be inserted the displayName attribute. In the Collection editor window, when adding a new member, at Name insert the attribute's name (e.g. displayName) and at Value insert the value that the attribute should take:
- CN String (text box editor type) (type: string): the CN String value of the place where the user will be created. For Example: 'CN=TEST'. This value will be associated with the CN attribute.
- CSV Attributes (text box editor type) (type: string): overrides the 'Attributes' parameter. The values must be entered with the format: "Attribute1Name,Attribute1Value;Attribute2Name,Attribute2Value". This field can be used in order to provide all the desired attributes and their values on a single field. The example presented in the screenshot can be translated as "displayName,TestingUser;mail,TstUser@flowster.de;company,Flowster Solutions".
- Parent Entry (text box editor type) (type: string): the parent entry for the new created user. The parent entry can be linked to a variable outputed by the GetEntry activity (for GetEntry binding usage, see the Add Computer To Group activity) or written by hand. The accepted format should be written as in the given example: "LDAP://servername.dc1.com/OU=Users,OU=__DEV-Testing,DC=dc1,DC=com"Password String ,DC=dc1,DC=com"
- Password String (text box editor type) (type: string): the string value for the password. When editing this parameter, the value of the password will appear as plain text.
- sAMAccountName (text box editor type) (type: string): the string value for the password. When editing this parameter, the value of the password will appear as plain text.sAMAccountName (text box editor type the sAMAccountName for the new user.
The Read Only Output variable are the possible output values that the activity will provide:
- Entry Path (type: string): outputs the path of the new created user.
Execution: the activity will output the result of the group creation, displaying the newly created group's Path.
Delete Entry
This activity deletes specified entry from Active Directory.
Activity Parameters
The Delete Entry activity parameters can be provided by manual inserted values or via IN arguments or variables:
Parameters:
- Entry (combo box control) (type: string):
...
- the entry for the
...
The Read Only Output variable are the possible output values that the activity will provide:
- Entry Path (type: string): outputs the path of the new created user.
...
Execution: the activity will output the result of the group creation, displaying the newly created group's Path.
...
- account, in this case the entry for an user account. The entry can be linked to a variable outputed by the GetEntry activity (for GetEntry binding usage, see the Add Computer To Group activity) or written by hand. The accepted format should be written as in the given example: "LDAP://servername.dc1.com/CN=DemoUser_1,OU=Users,DC=dc1,DC=com"
Delete Entry Recursive
This activity deletes specified entry from Active Directory including all sub objects.
Activity Parameters
The Delete Entry Entry Recursive activity parameters can be provided by manual inserted values or via IN arguments or variables:
...
- Entry (combo box control) (type: string): the entry for the account, in this case the entry for an user account. The entry can be linked to a variable outputed by the GetEntry activity (for GetEntry binding usage, see the Add Computer To Group activity) or written by hand. The accepted format should be written as in the given example: "LDAP://servername.dc1.com/CN=DemoUser_1,OU=Users,DC=dc1,DC=com"
Edit Account Expires
This activity sets the value of the "accountExpires" property for an Active Directory account.
Activity Parameters
The Edit Account Expires activity parameters can be provided by manual inserted values or via IN arguments or variables:
...
- use another Get Entry activity to extract the User entry path:
- bind the obtained path (stored in a variable) to the User field from the Edit Account Status activity:
Edit Computer Account Status
This activity allows Enable/Disable for an Active Directory computer account.
Activity Parameters
The Edit Computer Account Status activity parameters can be provided by manual inserted values or via IN arguments or variables:
...
Execution: the activity will search for the given computer entry and if it is a valid one, will perform the specified operation (disable or enable):
Edit Entry
This activity edits specified attribute(s) values of a specified input entry.
Activity Parameters
The Edit Entry activity parameters can be provided by manual inserted values or via IN arguments or variables:
...
As mentioned above, the value(s) can be edited in 3 different ways:
- by using the Attribute parameter (single attribute):
- by using the Attributes collection of parameters (multiple attributes):
- by using the CSV Attributes parameter (multiple attributes and values, written as a single string):
Edit User Account Status
This activity allows Enable/Disable or Lock/Unlock for an Active Directory user account.
Activity Parameters
The Edit User Account Status activity parameters can be provided by manual inserted values or via IN arguments or variables:
Parameters:
- Action (combo box control) (type: string): choose to Enable/Disable or Lock/Unlock the specified user account.
- Attempts (text box editor type) (type: string): the number of allowed bad password attempts.
- Entry (text box editor type) (type: string): the entry for the account, in this case the entry for an user account. The entry can be linked to a variable outputed by the GetEntry activity (for GetEntry binding usage, see the Add Computer To Group activity) or written by hand. The accepted format should be written as in the given example: "LDAP://servername.dc1.com/CN=DemoUser1,OU=Users,OU=__DEV-Testing,DC=dc1,DC=com".
...
- Output Status (type: boolean): outputs the result status. If the operation succeeded then TRUE, otherwise FALSE.
- Output Statusmessage (type: string): outputs the status message from the trackingdata about the change.
Execution: the activity will check the provided entry and if found, will perform the selected operation on it (enable, disable, lick, unlock):
Get Account Expires
This activity returns the value stored on the accountExpires attribute.
Activity Parameters
The Get Account Expires activity parameters can be provided by manual inserted values or via IN arguments or variables:
...
This activity retrieves a collection of Active Directory entries (paths) based on the input filters.
Activity Parameters
The Get Entries by Filter activity parameters can be provided by manual inserted values or via IN arguments or variables:
Parameters:
- Filter By (combo box control) (type: string): the property name by which you want to filter the results (ex: name, sAMAccountName). Flowster Studio provides the following options:
- sAMAccountName
- Name
- Display Name
- OU
- CN
- Distinguished Name
- Filter Value (text box editor type) (type: string): the value (for the 'Filter by' parameter) by which you want to filter the results. If there is desired to be returned all the results, the leave the field empty (as seen in the screenshot above)
- Location (text box editor type) (type: string): the Active Directory path from where you want to retrieve the entries. The accepted format should be written as in the given example: "LDAP://servername.dc1.com/OU=Groups,OU=__DEV-Testing,DC=dc1,DC=com".
- Object Class (combo box control) (type: string): choose the class of the entries you want to retrieve. Flowster Studio provides the following options:
- User
- Group
- Computer
- OU
- Output Fields (text box editor type) (type: string): enter the names of the fields to be returned on the output. Multiple fields are allowed, split by ';'. For example: "sAMAccountName;name"
The Read Only Output variable are the possible output values that the activity will provide:
...
The Get Element From Collection activity will take the Iterator1 as the Collection Input, extracting the String's value from it.
Get Entry
This activity gets specified entry from Active Directory.
Activity Parameters
The Get Entry activity parameters can be provided by manual inserted values or via IN arguments or variables:
...
This activity gets specified entry and retrieves a collection containing the attributes and their corresponding values.
Activity Parameters
The Get Entry Attributes activity parameters can be provided by manual inserted values or via IN arguments or variables:
...
This activity returns the password expiration date.
Activity Parameters
The Get Password Expiration Date activity parameters can be provided by manual inserted values or via IN arguments or variables:
...
- Output Date (type: Nullable<DateTime>): outputs the expiration date for the specified period. If NULL is returned then the user password never expires.
- Output Days (type: int32): outputs the number of days until/since the expiration date. If it is negative it means that the password is already expired.
Get Entry SID
This activity returns the SID object and a string equivalent of an AD Entry.
Activity Parameters
The Get Entry SID activity parameters can be provided by manual inserted values or via IN arguments or variables:
...
Execution: the activity will check the provided entry path and if found, will return the SID object in object and string formats:
Get User Account Status
This activity returns information about an entry, regarding the account status,password,account expiration date, email.
Activity Parameters
The Get User Account Status activity parameters can be provided by manual inserted values or via IN arguments or variables:
...
Execution: the activity will retrieve all statuses for the given entry:
Get User Groups
This activity retrieves a collection containing the groups the user is a member of.
Activity Parameters
The Get User Groups activity parameters can be provided by manual inserted values or via IN arguments or variables:
...
This activity retrieves a collection containing the users of a specified group.
Activity Parameters
The Get Users in Group activity parameters can be provided by manual inserted values or via IN arguments or variables:
...
This activity checks in the Active Directory if specified group has an entry in 'Groups' class.
Activity Parameters
The Group Exists activity parameters can be provided by manual inserted values or via IN arguments or variables:
...
This activity validates if user, group or computer-account is member of a specified Active Directory group.
Activity Parameters
The Is Member activity parameters can be provided by manual inserted values or via IN arguments or variables:
...
Execution: the activity will search if the given user (Entry Path parameter) is a member of the given group (Group Path parameter). If yes, it will return True, otherwise False:
Join Computer to Domain
This activity joins a computer to a specified domain.
Activity Parameters
The Join Computer to Domain activity parameters can be provided by manual inserted values or via IN arguments or variables:
Parameters:
- Account Create (combo box editor type): specifies if the activity will also create a Computer account into Active Directory for the given machine. If set to Yes, then the account will be created in the given Destination OU or in the default location (if Destination OU is empty). If set to No, the activity will only join the computer to the domain, without creating an account for it.
- Destination OU (text box editor type) (type: string): the Active Directory organizational unit (OU) where the new computer account will be created. If this parameter is specified and if the Account Create flag is set to Yes, then the new computer account will be created in this AD location. If the field is left empty and the Account Create flag is set to Yes, the new computer account will be created in the AD's default Computers location.
- Domain (text box editor type) (type: string): the domain where the given machine will be joined. For example, "dc1.com".
- Domain Join if Joined (combo box editor type) : specifies if the machine will rejoin the given domain, if it is already joined. If set to No, the machine will not rejoin the domain (only if it is already joined) and the activity message will be "The machine is already joined to the domain".
- Machine Name (text box editor type) (type: string): the name of the machine which will be joined to the given domain. If Account Create is set to Yes, then this will also be the name of the AD computer account.
- Password (password box editor type) (type: string): the password for the user which will try adding the machine to the domain.
- Password Binding (text box editor type) (type: string): bind to a variable containing the encrypted password for the connection. This parameter is used only when the user wants to send an encrypted password from outside the workflow, for example Flowster Studio Portal.
- User Domain (text box editor type) (type: string): the domain of the user which will try to add the machine to the domain. For example "dc1.com", which is also the domain where the user is a member of.
- Username (text box editor type) (type: string): the user which will try adding the machine to the domain. The user must have rights to perform this kind of operation.
The Read Only Output variable are the possible output values that the activity will provide:
- Output (type: String): outputs the status of the operation.
Execution: the activity will try to add the given machine to the given domain, for example:
Move Entry
This activity moves a specified entry to a new location in Active Directory.
Activity Parameters
The Move Entry activity parameters can be provided by manual inserted values or via IN arguments or variables:
...
Execution: the activity will move the user into the new location. In the screenshot below, there can be seen the user in the new location, in Active Directory.
Remove Computer from Group
This activity removes specified computer from specified group.
Activity Parameters
The Remove Computer from Group activity parameters can be provided by manual inserted values or via IN arguments or variables:
...
This activity removes group from specified group.
Activity Parameters
The Remove Group from Group activity parameters can be provided by manual inserted values or via IN arguments or variables:
...
Execution: the activity will search if the provided entry paths are valid and if yes, it will remove the indicated group from the other group. The output will display both the groups AD paths and their DN (distinguished names)
Remove User from Group
This activity removes specified user from specified group.
Activity Parameters
The Remove User from Group activity parameters can be provided by manual inserted values or via IN arguments or variables:
...
This activity gives new value(s) to an AD attribute that needs to be renamed (for example, the name attribute needs a different method for assigning a new value that edit).
Activity Parameters
The Rename Entry activity parameters can be provided by manual inserted values or via IN arguments or variables:
...
This activity checks in the Active Directory if specified user has an entry in 'User' Class..
Activity Parameters
The User Exists activity parameters can be provided by manual inserted values or via IN arguments or variables:
...