Activities




Connect to Active Directory

This activity connects to Active Directory.The Output of this activity should be used as input for all Connection parameters used for activities placed under Active Directory category.


Active Directory Authentication types

Flowster Studio uses two values for the authentication type in the Active Directory entries: Secure and Secure Socket Layer.

The Secure one: requests secure authentication. When this flag is set, the WinNT provider uses NTLM to authenticate the client. Active Directory Domain Services uses Kerberos, and possibly NTLM, to authenticate the client. When the user name and password are a null reference (Nothing in Visual Basic), ADSI binds to the object using the security context of the calling thread, which is either the security context of the user account under which the application is running or of the client user account that the calling thread is impersonating. 

The Secure Socket Layer one: Attaches a cryptographic signature to the message that both identifies the sender and ensures that the message has not been modified in transit. Active Directory Domain Services requires the Certificate Server be installed to support Secure Sockets Layer (SSL) encryption.

Active Directory supports both Kerberos and NTLM. Windows will first try Kerberos and if all the requirements are not met, it will fallback to NTLM. 

Keberos is the default authentication method for AD but it can fallback to NTLM in some cases, but that is handled by Windows itself. Kerberos is used every time a login to an AD is made.

As an example, accessing file share by name like \server1\share would invoke Kerberos and should succeed given proper permision. But accessing same file share using IP address would invoke Kerberos first and fail (as there is no SPN for IP Address) and then fail over to NTLM.

Here are some links for a better understanding of how the two protocols are working:

https://msdn.microsoft.com/en-us/library/bb742516.aspx

https://blogs.msdn.microsoft.com/chiranth/2013/09/20/ntlm-want-to-know-how-it-works/

http://windowsitpro.com/security/kerberos-active-directory

Activity Parameters

The Connect to Active Directory activity parameters can be provided by manual inserted values or via IN arguments or variables:



Parameters:

The Read Only Output variable are the possible output values that the activity will provide:

 




Disconnect from Active Directory

This activity disconnects from Active Directory.

Activity Parameters

The Disconnect from Active Directory activity parameters can be provided by manual inserted values or via IN arguments or variables:



Parameters:


Add Computer to Group

This activity adds a computer to specified group.

Activity Parameters

The Add Computer to Group activity parameters can be provided by manual inserted values or via IN arguments or variables:



Parameters:

Execution: the activity will search if the provided entry paths are valid and if yes, it will add the indicated computer to the indicated group.



Using Get Entry activities: get Entry activities can be used in order to extract the needed entry paths from Active Directory. The steps below are describing a scenario of how to use both Get Entry and Add Computer to Group activity types:





Add Domain User to Local Group

This activity adds a domain user to a local group.

Activity Parameters

The Add Domain User to Local Group activity parameters can be provided by manual inserted values or via IN arguments or variables:



Parameters:

Execution: the activity will search if the provided domain and the user with the given sAMAccountName exists. If yes, the it will add the domain user to given the local group.



 

Add Group to Group

This activity adds a group to another group.

Activity Parameters

The Add Group to Group activity parameters can be provided by manual inserted values or via IN arguments or variables:



Parameters:

Execution: the activity will search if the provided entry paths are valid and if yes, it will add the indicated group to the other group:


Using Get Entry activities: get Entry activities can be used in order to extract the needed entry paths from Active Directory. The steps below are describing a scenario of how to use both Get Entry and Add Group to Group activity types:



 

Add User to Group

This activity adds specified user to specified group.

Activity Parameters

The Add User to Group activity parameters can be provided by manual inserted values or via IN arguments or variables:



Parameters:

Execution: the activity will search if the provided entry paths are valid and if yes, it will add the indicated user to the indicated group:


Using Get Entry activities: get Entry activities can be used in order to extract the needed entry paths from Active Directory. The steps below are describing a scenario of how to use both Get Entry and Add User to Group activity types:



 

Change User Password

This activity changes the password of a user account.

Activity Parameters

The Change User Password activity parameters can be provided by manual inserted values or via IN arguments or variables:



Parameters:


Using Get Entry activity: get Entry activities can be used in order to extract the needed entry paths from Active Directory. The steps below are describing a scenario of how to use both Get Entry and Change User Password activity types:




Change User Password(non-encrypted)

This activity changes the password of a user account with non-encrypted Password String.

Activity Parameters

The Change User Password (non-encrypted) activity parameters can be provided by manual inserted values or via IN arguments or variables:



Parameters:

Using Get Entry activity: get Entry activities can be used in order to extract the needed entry paths from Active Directory. The steps below are describing a scenario of how to use both Get Entry and Change User Password (non-encrypted) activity types:


ClearADAttributeValue

This activity clears the value of a specified attribute for an Active Directory entry.


NOTE: An attribute to be cleared means to insert null value but strings with 0 length or attributes with null value are not valid attribute in AD, this means that when you set a value to "" , the property/attribute gets deleted.

Activity Parameters

The ClearADAttributeValue activity parameters can be provided by manual inserted values or via IN arguments or variables:



Parameters:



Using Get Entry activities: get Entry activities can be used in order to extract the needed entry paths from Active Directory. The steps below are describing a scenario of how to use both Get Entry and ClearADAttributeValue activity:




Computer Exists

This activity checks in the Active Directory if specified computer has an entry in 'Computer' class.

Activity Parameters

The Computer Exists activity parameters can be provided by manual inserted values or via IN arguments or variables:



Parameters:

The Read Only Output variable are the possible output values that the activity will provide:

 

Execution: the activity will search the Active Directory for the specified sAMAccountName, in the Computer class. The link with the AD is made via the Connection parameters (the output from the Connect to Active Directory activity). If the machine is found, then True will be displayed, otherwise False:




Create Computer

This activity creates a new entry of class 'Computer' in Active Directory.

Activity Parameters

The Create Computer activity parameters can be provided by manual inserted values or via IN arguments or variables:



Parameters:

The Read Only Output variable are the possible output values that the activity will provide:

 

 

Create Group

This activity creates a new entry of class 'Group' in Active Directory.

Activity Parameters

The Create Group activity parameters can be provided by manual inserted values or via IN arguments or variables:



Parameters:

The Read Only Output variable are the possible output values that the activity will provide:

 

Execution: the activity will output the result of the group creation, displaying the newly created group's Path.



 

Create User

This activity creates a new entry of class 'User' in Active Directory.

Activity Parameters

The Create User activity parameters can be provided by manual inserted values or via IN arguments or variables:



Parameters:

The Read Only Output variable are the possible output values that the activity will provide:

 

Execution: the activity will output the result of the group creation, displaying the newly created user's Path.




Create User With Password String

This activity creates a new entry of class 'User' in Active Directory.

Activity Parameters

The Create User With Password String activity parameters can be provided by manual inserted values or via IN arguments or variables:



Parameters:

The Read Only Output variable are the possible output values that the activity will provide:

 

Execution: the activity will output the result of the group creation, displaying the newly created group's Path.




Delete Entry

This activity deletes specified entry from Active Directory.

Activity Parameters

The Delete Entry activity parameters can be provided by manual inserted values or via IN arguments or variables:



Parameters:




Edit Account Expires

This activity sets the value of the "accountExpires" property for an Active Directory account.

Activity Parameters

The Edit Account Expires activity parameters can be provided by manual inserted values or via IN arguments or variables:



Parameters:


Using Get Entry activity: get Entry activities can be used in order to extract the needed entry paths from Active Directory. The steps below are describing a scenario of how to use both Get Entry and Edit Account Expires activity types:


 

Edit Computer Account Status

This activity allows Enable/Disable for an Active Directory computer account.

Activity Parameters

The Edit Computer Account Status activity parameters can be provided by manual inserted values or via IN arguments or variables:



Parameters:

The Read Only Output variable are the possible output values that the activity will provide:


Execution: the activity will search for the given computer entry and if it is a valid one, will perform the specified operation (disable or enable):



 

Edit Entry

This activity edits specified attribute(s) values of a specified input entry.

Activity Parameters

The Edit Entry activity parameters can be provided by manual inserted values or via IN arguments or variables:



Parameters:

 

As mentioned above, the value(s) can be edited in 3 different ways:


 

Edit User Account Status

This activity allows Enable/Disable or Lock/Unlock for an Active Directory user account.

Activity Parameters

The Edit User Account Status activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

The Read Only Output variable are the possible output values that the activity will provide:

Execution: the activity will check the provided entry and if found, will perform the selected operation on it (enable, disable, lick, unlock):



 


Get Account Expires

This activity returns the value stored on the accountExpires attribute.

Activity Parameters

The Get Account Expires activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

The Read Only Output variable are the possible output values that the activity will provide:




Get Entries by Filter

This activity retrieves a collection of Active Directory entries (paths) based on the input filters.

Activity Parameters

The Get Entries by Filter activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

The Read Only Output variable are the possible output values that the activity will provide:

 



Execution: the activity will check the provided location path and if found, will return the objects stored within (groups, user, computers or OUs, depends on the used filter).


In order to extract the values from the output collection (in our case the output is a Collection(Of Collection(Of Collection(Of String))) ), several For Each and Get Element From Collection activities should be used:



The first For Each is used to extract a first collection from the output collection, the variable being of type Collection<Of Collection<Of Collection<Of String>>>. The extracted Collection<Of Collection<Of String>> will be assigned to the Iterator variable.

The second For Each is used to extract a second collection from the Iterator collection, the Iterator being of type Collection<Of Collection<Of String>>. The extracted Collection<<Of String> will be assigned to the Iterator1 variable.

The Get Element From Collection activity will take the Iterator1 as the Collection Input, extracting the String's value from it.

 

Get Entry

This activity gets specified entry from Active Directory.

Activity Parameters

The Get Entry activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

The Read Only Output variable are the possible output values that the activity will provide:

 


Execution: the activity will search the Active Directory for the given input and if found, it will return its values


Get Entry Attributes

This activity gets specified entry and retrieves a collection containing the attributes and their corresponding values.

Activity Parameters

The Get Entry Attributes activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

The Read Only Output variable are the possible output values that the activity will provide:

 

Execution: the activity will check the provided entry path and if found, will return the values for all attributes (if the Selected Attribute field is empty) or just for a single attribute (if the Selected Attribute parameter contains a value):



In order to extract the values from the output collection (in our case the output is a Collection(Of Collection(Of String)) ), For Each and Get Element From Collection activities should be used:



The For Each is used to extract a single collection from the output collection, the output collection being of type Collection<Of Collection<Of String>>. The extracted Collection<<Of String> will be assigned to the Iterator variable.

The Get Element From Collection activity will take the Iterator as the Collection Input, extracting the String's value from it.




Get Password Expiration Date

This activity returns the password expiration date.

Activity Parameters

The Get Password Expiration Date activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

The Read Only Output variable are the possible output values that the activity will provide:


 

Get Entry SID

This activity returns the SID object and a string equivalent of an AD Entry.

Activity Parameters

The Get Entry SID activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

The Read Only Output variable are the possible output values that the activity will provide:

Execution: the activity will check the provided entry path and if found, will return the SID object in object and string formats:


 

Get User Account Status

This activity returns information about an entry, regarding the account status,password,account expiration date, email.

Activity Parameters

The Get User Account Status activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

The Read Only Output variable are the possible output values that the activity will provide:



Execution: the activity will retrieve all statuses for the given entry:



 

Get User Groups

This activity retrieves a collection containing the groups the user is a member of.

Activity Parameters

The Get User Groups activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

The Read Only Output variable are the possible output values that the activity will provide:

 

Execution: the activity will retrieve all the groups where the given entry is a member of.



Get Users in Group

This activity retrieves a collection containing the users of a specified group.

Activity Parameters

The Get Users in Group activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

The Read Only Output variable are the possible output values that the activity will provide:

 



Execution: the activity will retrieve all the users which are members of the given group.


Group Exists

This activity checks in the Active Directory if specified group has an entry in 'Groups' class.

Activity Parameters

The Group Exists activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

The Read Only Output variable are the possible output values that the activity will provide:

 

Execution: the activity will search after the given value (a sAMAccountName, a Name, a Display Name or othet values that the provided attribute can take) and if it finds the object, will return True, otherwise it will return False:




Is Member

This activity validates if user, group or computer-account is member of a specified Active Directory group.

Activity Parameters

The Is Member activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

The Read Only Output variable are the possible output values that the activity will provide:

 

Execution: the activity will search if the given user (Entry Path parameter) is a member of the given group (Group Path parameter). If yes, it will return True, otherwise False:






Join Computer to Domain

This activity joins a computer to a specified domain.

Activity Parameters

The Join Computer to Domain activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

The Read Only Output variable are the possible output values that the activity will provide:

 

Execution: the activity will try to add the given machine to the given domain, for example:




 

Move Entry

This activity moves a specified entry to a new location in Active Directory.

Activity Parameters

The Move Entry activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

 

Execution: the activity will move the user into the new location. In the screenshot below, there can be seen the user in the new location, in Active Directory.


 

Remove Computer from Group

This activity removes specified computer from specified group.

Activity Parameters

The Remove Computer from Group activity parameters can be provided by manual inserted values or via IN arguments or variables:


Parameters:

 

Execution: the activity will remove the given computer from the given group. The output will display both the computer and the group AD paths and their DN (distinguished names)



Remove Group from Group

This activity removes group from specified group.

Activity Parameters

The Remove Group from Group activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

Execution: the activity will search if the provided entry paths are valid and if yes, it will remove the indicated group from the other group. The output will display both the groups AD paths and their DN (distinguished names)


 

Remove User from Group

This activity removes specified user from specified group.

Activity Parameters

The Remove User from Group activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

Execution: the activity will search if the provided entry paths are valid and if yes, it will remove the indicated user from the other group. The output will display both the user and the group AD paths and their DN (distinguished names).



Rename Entry

This activity gives new value(s) to an AD attribute that needs to be renamed (for example, the name attribute needs a different method for assigning a new value that edit).

Activity Parameters

The Rename Entry activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

The Read Only Output variable are the possible output values that the activity will provide:

 





User Exists

This activity checks in the Active Directory if specified user has an entry in 'User' Class..

Activity Parameters

The User Exists activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

The Read Only Output variable are the possible output values that the activity will provide:

 

Execution: the activity will search the Active Directory for the given input and if found, it will return True, otherwise False: