Activities

Connect to Active Directory

This activity connects to Active Directory.The Output of this activity should be used as input for all Connection parameters used for activities placed under Active Directory category.

User Account Control

Active Directory Authentication types

Flowster Studio uses two values for the authentication type in the Active Directory entries: Secure and Secure Socket Layer.

The Secure one: requests secure authentication. When this flag is set, the WinNT provider uses NTLM to authenticate the client. Active Directory Domain Services uses Kerberos, and possibly NTLM, to authenticate the client. When the user name and password are a null reference (Nothing in Visual Basic), ADSI binds to the object using the security context of the calling thread, which is either the security context of the user account under which the application is running or of the client user account that the calling thread is impersonating.

The Secure Socket Layer one: Attaches a cryptographic signature to the message that both identifies the sender and ensures that the message has not been modified in transit. Active Directory Domain Services requires the Certificate Server be installed to support Secure Sockets Layer (SSL) encryption.

Active Directory supports both Kerberos and NTLM. Windows will first try Kerberos and if all the requirements are not met, it will fallback to NTLM.

Keberos is the default authentication method for AD but it can fallback to NTLM in some cases, but that is handled by Windows itself. Kerberos is used every time a login to an AD is made.

As an example, accessing file share by name like \server1\share would invoke Kerberos and should succeed given proper permision. But accessing same file share using IP address would invoke Kerberos first and fail (as there is no SPN for IP Address) and then fail over to NTLM.

Here are some links for a better understanding of how the two protocols are working:

https://msdn.microsoft.com/en-us/library/bb742516.aspx

https://blogs.msdn.microsoft.com/chiranth/2013/09/20/ntlm-want-to-know-how-it-works/

http://windowsitpro.com/security/kerberos-active-directory

Activity Parameters

The Connect to Active Directory activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

AD Path (combo box control) (type: string): the Active Directory connection string, without "LDAP:\\\\" part. Here can be inserted, for example, the name of the Domain Controller server: "dc1.com"
AD Site (combo box control) (type: string): Enter the AD site. The activity will connect to the Domain Controller belonging to this site only.
Domain entry Path (text box editor type) (type: string): Enter Domain entry path "LDAP://domain.com". Only in conjuction with AD Site Filter parameter for cross domains. If left empty it will use the current domain entry path.
Logon Provider (combo box control) (type: string): choose from the drop down list the logon provider. Flowster Studio provides the following options:
- Default: Use the standard logon provider for the system. The default security provider is negotiate, unless you pass NULL for the domain name and the user name is not in UPN format. In this case the default provider is NTLM.
- WinNT50: Use the negotiate logon provider. This value is not support for Windows NT 4 or earlier.
- WinNT40: Use the NTLM logon provider
- WinNT35: Use the Windows NT 3.5 logon provider
Logon Type (combo box control) (type: string): choose from the drop down list the type of logon operation to perform.
- Interactive: used for a logon at the console of a computer. An Interactive logon is logged when it is attempted to log on at a Windows computer’s local keyboard and screen
- Network: occurs when there are accessed remote file shares or printers. Also, most logons to Internet Information Services (IIS) are classified as network logons, other than IIS logons that use the basic authentication protocol (those are logged as logon type Network Clear Text)
- Batch: used for scheduled workflows. When the Windows Scheduler service starts a scheduled workflow, it first creates a new logon session for the workflow, so that it can run in the security context of the account that was specified when the workflow was created
- Service: used for services and service accounts that log on to start a service. When a service starts, Windows first creates a logon session for the user account that is specified in the service configuration
- Unlock: used whenever a Windows machine is unlocked
- Network Clear Text: used when log on over a network and the password is sent in clear text. This happens, for example, when basic authentication is used to authenticate to an IIS server
- New Credentials: used when running an application using the RunAs command and specify the /netonly switch. When you start a program with RunAs using /netonly, the program starts in a new logon session that has the same local identity (this is the identity of the currently logged on user), but uses different credentials (the ones specified in the runas command) for other network connections. Without /netonly, Windows runs the program on the local computer and on the network as the user specified in the runas command, and logs the logon event with type Interactive
Password (password editor type) (type: string): the password for the provided username.
Password Binding (text box editor type) (type: string): bind to a variable containing the encrypted password for the connection. (This parameter is used only when the user wants to send an encripted password from outside the workflow, for example Flowster Portal).
Persistance Enable this parameter in order to serialize activities for persistance.
Port (combo box control) (type: string): Enter the AD port on which you want to connect. Usually 636 for ssl and 389 non ssl.
Root (combo box control) (type: string): the root type:
- LDAP: when the scope of a search is the domain or an organizational unit
- GC: when the scope of a search is the forest
Secure Connection (combo box control) (type: string): this can be used as input when you need a secure connection. You can either choose from the drop down list if the connection should be secured or you can bind this parameter to a Variable/Global Variable or IN argument.
Username (text box editor type) (type: string): the username to query and perform Active Directory operations. The accepted format is domain\username

The Read Only Output variable are the possible output values that the activity will provide:

Connection (type: object): outputs an Active Directory Connection. This parameter should be used as input for all Connection parameters used for activities placed under Active Directory category.

Disconnect from Active Directory

This activity disconnects from Active Directory.

Activity Parameters

The Disconnect from Active Directory activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

Connection (text box editor type) (type: object): the Active Directory Connection. The output parameter from Connect To Active Directory activity should be used as Input here.

Add Computer to Group

This activity adds a computer to specified group.

Activity Parameters

The Add Computer to Group activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

Computer (text box editor type) (type: string): the entry path of the computer, or bind this parameter with the output parameter of a Get Entry activity. If the Computer Entry Path will be manually inserted, the accepted format should be written like in the following example: "LDAP://ServerName.dc1.com/CN=TestingMachine,OU=Computers,OU=__DEV-Testing,DC=dc1,DC=com"
Group (text box editor type) (type: string): the entry path of the group, or bind this parameter with the output parameter of a Get Entry activity. If the Group Entry Path will be manually inserted, the accepted format should be written like in the following example: "LDAP://ServerName.dc1.com/CN=TestingGroup,OU=Groups,OU=__DEV-Testing,DC=dc1,DC=com"

Execution: the activity will search if the provided entry paths are valid and if yes, it will add the indicated computer to the indicated group.

Using Get Entry activities: get Entry activities can be used in order to extract the needed entry paths from Active Directory. The steps below are describing a scenario of how to use both Get Entry and Add Computer to Group activity types:

use a Get Entry activity to extract the Computer entry
use another Get Entry activity to extract the Group entry path
bind the obtained paths (stored in variables) to the Computer and Group fields from the Add Computer To Group activity:

Add Domain User to Local Group

This activity adds a domain user to a local group.

Activity Parameters

The Add Domain User to Local Group activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

Domain (text box editor type) (type: string): the domain from where the user will be added into the local group (e.g. "dc1").
Group Name (text box editor type) (type: string): the name of the local group where the domain user will be added (e.g. "FlowsterLocalGroup").
User Name (text box editor type) (type: string): the sAMAccountName of the domain user which will be added to the local group (e.g. "demouser"). This is the Active Directory attribute after which the activity will retrieve the user.

Execution: the activity will search if the provided domain and the user with the given sAMAccountName exists. If yes, the it will add the domain user to given the local group.

Add Group to Group

This activity adds a group to another group.

Activity Parameters

The Add Group to Group activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

Group (text box editor type) (type: string): the entry path of the group where the other group will be added, or bind this parameter with the output parameter of a Get Entry activity. If the Group Entry Path will be manually inserted, the accepted format should be written like in the following example: "LDAP://servername.dc1.com/CN=TestingGroup,OU=Groups,OU=__DEV-Testing,DC=dc1,DC=com"

Group To Be Added (text box editor type) (type: string): the entry path of the group that will be added into another group, or bind this parameter with the output parameter of a Get Entry activity. If the Group Entry Path will be manually inserted, the accepted format should be written like in the following example: "LDAP://servername.dc1.com/CN=DemoGroup,OU=Groups,OU=__DEV-Testing,DC=dc1,DC=com"

Execution: the activity will search if the provided entry paths are valid and if yes, it will add the indicated group to the other group:

Using Get Entry activities: get Entry activities can be used in order to extract the needed entry paths from Active Directory. The steps below are describing a scenario of how to use both Get Entry and Add Group to Group activity types:

use a Get Entry activity to extract the first Group entry (the group where the second group will be added):

use another Get Entry activity to extract the second Group entry path (the group which will be added into the first group)
bind the obtained paths (stored in variables) to the Group and Group To Be Added fields from the Add Group To Group activity:

Add User to Group

This activity adds specified user to specified group.

Activity Parameters

The Add User to Group activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

Group (text box editor type) (type: string): the entry path of the group where the user will be added, or bind this parameter with the output parameter of a Get Entry activity. If the Group Entry Path will be manually inserted, the accepted format should be written like in the following example: "LDAP://servername.dc1.com/CN=TestingGroup,OU=Groups,OU=__DEV-Testing,DC=dc1,DC=com"

User (text box editor type) (type: string): the entry path of the user that will be added to the group, or bind this parameter with the output parameter of a Get Entry activity. If the User Entry Path will be manually inserted, the accepted format should be written like in the following example: "LDAP://servername.dc1.com/CN=TestingUser,OU=Users,OU=__DEV-Testing,DC=dc1,DC=com"

Execution: the activity will search if the provided entry paths are valid and if yes, it will add the indicated user to the indicated group:

Using Get Entry activities: get Entry activities can be used in order to extract the needed entry paths from Active Directory. The steps below are describing a scenario of how to use both Get Entry and Add User to Group activity types:

use a Get Entry activity to extract the Group entry (the group where the user will be added):
use another Get Entry activity to extract the User entry path (the user which will be added into the group)
bind the obtained paths (stored in variables) to the Group and Group To Be Added fields from the Add Group To Group activity:

Add User to Group Extended

This activity adds specified user to specified group.

Activity Parameters

The Add User to Group Extended activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

Close AD Connection (text box editor type) (type: object): Close AD connection after success or failure.

Connection (text box editor type) (type: object): the Active Directory Connection. The output parameter from Connect To Active Directory activity should be used as Input here.

Group (text box editor type) (type: string): the entry path of the group where the user will be added, or bind this parameter with the output parameter of a Get Entry activity. If the Group Entry Path will be manually inserted, the accepted format should be written like in the following example: "LDAP://servername.dc1.com/CN=TestingGroup,OU=Groups,OU=__DEV-Testing,DC=dc1,DC=com"
RetryCount (text box editor type) (type: object): Enter the amount of retries the activity does every {RetryDelay} in seconds, when the activity fails.
RetryDelay (text box editor type) (type: object): The delay in seconds between each retry.
User (text box editor type) (type: string): the entry path of the user that will be added to the group, or bind this parameter with the output parameter of a Get Entry activity. If the User Entry Path will be manually inserted, the accepted format should be written like in the following example: "LDAP://servername.dc1.com/CN=TestingUser,OU=Users,OU=__DEV-Testing,DC=dc1,DC=com"

The Read Only Output variable are the possible output values that the activity will provide:

Error Code (type: string): The error code from the error that occured (if any).
Error Message (type: string): The error message from the error that occured (if any).
HRESULT Code (type: string): The HRESULT from the error that occured (if any)
Output success status (type: boolean): Outputs whether the acrivity succeeded or not.
Source (type: object): The source from the error that occured (if any).

Change User Password

This activity changes the password of a user account.

Activity Parameters

The Change User Password activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

Entry (text box editor type) (type: string): the entry for the user. The entry can be linked to a variable outputed by the GetEntry activity or written by hand. The accepted format should be written as in the given example: "LDAP://servername.dc1.com/CN=TestingUser,OU=Users,OU=__DEV-Testing,DC=dc1,DC=com"
Password (text box editor type) (type: string): the new password for the User.
Password Binding (text box editor type) (type: string): bind to a variable containing the encrypted password for the User. (This parameter is used only when the user wants to send an encripted password from outside the workflow, for example Flowster Portal)

Using Get Entry activity: get Entry activities can be used in order to extract the needed entry paths from Active Directory. The steps below are describing a scenario of how to use both Get Entry and Change User Password activity types:

use another Get Entry activity to extract the User entry path:
bind the obtained path (stored in a variable) to the User field from the Change User Password activity:

Change User Password(non-encrypted)

This activity changes the password of a user account with non-encrypted Password String.

Activity Parameters

The Change User Password (non-encrypted) activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

Entry (text box editor type) (type: string): the entry for the user. The entry can be linked to a variable outputed by the GetEntry activity or written by hand. The accepted format should be written as in the given example: "LDAP://servername.dc1.com/CN=TestingUser,OU=Users,OU=__DEV-Testing,DC=dc1,DC=com"
Password Binding (text box editor type) (type: string): bind to a variable containing the non-encrypted password or input the string password. E.g. "Welcome2016". The variable can be defined in the Variables section and should be of type String.

Using Get Entry activity: get Entry activities can be used in order to extract the needed entry paths from Active Directory. The steps below are describing a scenario of how to use both Get Entry and Change User Password (non-encrypted) activity types:

use another Get Entry activity to extract the User entry path:
bind the obtained path (stored in a variable) to the User field from the Change User Password (non-encrypted) activity:

ClearADAttributeValue

This activity clears the value of a specified attribute for an Active Directory entry.

NOTE: An attribute to be cleared means to insert null value but strings with 0 length or attributes with null value are not valid attribute in AD, this means that when you set a value to "" , the property/attribute gets deleted.

Activity Parameters

The ClearADAttributeValue activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

ClearAttribute (text box editor type) (type: string): the attribute that will be cleared/removed.
Entry (text box editor type) (type: string): the entry path of the Active Directory entry, or bind this parameter with the output parameter of a Get Entry activity. If the Entry Path will be manually inserted, the accepted format should be written like in the following example: "LDAP://servername.dc1.com/CN=DemoUser,OU=DemoOU,DC=dc1,DC=com"

Using Get Entry activities: get Entry activities can be used in order to extract the needed entry paths from Active Directory. The steps below are describing a scenario of how to use both Get Entry and ClearADAttributeValue activity:

use a Get Entry activity to extract the Entry path:

bind the obtained path (stored in variable) to the Entry field from ClearADAttributeValue activity:

Computer Exists

This activity checks in the Active Directory if specified computer has an entry in 'Computer' class.

Activity Parameters

The Computer Exists activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

Check Entry By (text box editor type) (type: string): the activity will search into Active Directory for a computer type object with the specified value of this attribute. By default it is set to sAMAccountName, which is an AD attribute with unique values
Value (text box editor type) (type: string): the value for selected attribute in Check Entry By parameter. In the example above, the value for sAMAccountName (e.g. TestingMachine)

The Read Only Output variable are the possible output values that the activity will provide:

Output (type: boolean): outputs True or False to reflect if computer exists or not in the specified AD path.

Execution: the activity will search the Active Directory for the specified sAMAccountName, in the Computer class. The link with the AD is made via the Connection parameters (the output from the Connect to Active Directory activity). If the machine is found, then True will be displayed, otherwise False:

Create Computer

This activity creates a new entry of class 'Computer' in Active Directory.

Activity Parameters

The Create Computer activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

Attributes (text box editor type) (type: string): enter computer specific Attributes for the new created computer. Here can be inserted attributes that would not be created by default with the activity (optional attributes in AD).
CN String (text box editor type) (type: string): the CN String value that will be associated with the Canonical Name of the object. For Example: 'CN=DemoComputer1' will create a computer with the Canonical Name: dc1.com/__DEV-Testing/Computers/DemoComputer1.
CSV Attributes (text box editor type) (type: string): overrides the 'Attributes' parameter. The values must be entered with the format: "Attribute1Name,Attribute1Value;Attribute2Name,Attribute2Value". This field can be used in order to provide all the desired attributes and their values on a single field.
Parent Entry (text box editor type) (type: string): the parent entry for the new created computer. The parent entry can be linked to a variable outputed by the GetEntry activity (for GetEntry binding usage, see the Add Computer To Group activity) or written by hand. The accepted format should be written as in the given example: "LDAP://servername.dc1.com/OU=Computers,OU=__DEV-Testing,DC=dc1,DC=com"
sAMAccountName (text box editor type) (type: string): the sAMAccountName for the new computer.

The Read Only Output variable are the possible output values that the activity will provide:

Entry Path (type: string): outputs the path of the new created computer.

Create Group

This activity creates a new entry of class 'Group' in Active Directory.

Activity Parameters

The Create Group activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

Attributes (text box editor type) (type: string): enter group specific Attributes for the new created group. Here can be inserted attributes that would not be created by default with the activity (optional attributes in AD). For example, it can be inserted the displayName attribute. In the Collection editor window, when adding a new member, at Name insert the attribute's name (e.g. displayName) and at Value insert the value that the attribute should take.
CN String (text box editor type) (type: string): the CN String value of the place where the group will be created. For Example: 'CN=TEST'. This value will be associated with the CN attribute.
CSV Attributes (text box editor type) (type: string): overrides the 'Attributes' parameter. The values must be entered with the format: "Attribute1Name,Attribute1Value;Attribute2Name,Attribute2Value". This field can be used in order to provide all the desired attributes and their values on a single field. The example presented in the screenshot can be translated as "displayName,TestingGroup".
Group Type (combo box control) (type: string): choose the type of the group you want to create. Flowster Studio provides the following options:
- Local Security Group
- Global Security Group
- Builtin Group
- Universal Security Group
- Global Distribution Group
- Local Distribution group
- Universal Distribution group
Parent Entry (text box editor type) (type: string): the parent entry for the new created group. The parent entry can be linked to a variable outputed by the GetEntry activity (for GetEntry binding usage, see the Add Computer To Group activity) or written by hand. The accepted format should be written as in the given example: "LDAP://servername.dc1.com/OU=Groups,OU=__DEV-Testing,DC=dc1,DC=com".
sAMAccountName (text box editor type) (type: string): the sAMAccountName for the new group.

The Read Only Output variable are the possible output values that the activity will provide:

Entry Path (type: string): outputs the path of the new created group.

Execution: the activity will output the result of the group creation, displaying the newly created group's Path.

Create User

This activity creates a new entry of class 'User' in Active Directory.

Activity Parameters

The Create User activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

Attributes (text box editor type) (type: string): enter user specific Attributes for the new created user. Here can be inserted attributes that would not be created by default with the activity (optional attributes in AD). For example, it can be inserted the displayName attribute. In the Collection editor window, when adding a new member, at Name insert the attribute's name (e.g. displayName) and at Value insert the value that the attribute should take:
CN String (text box editor type) (type: string): the CN String value of the place where the user will be created. For Example: 'CN=TEST'. This value will be associated with the CN attribute.
CSV Attributes (text box editor type) (type: string): overrides the 'Attributes' parameter. The values must be entered with the format: "Attribute1Name,Attribute1Value;Attribute2Name,Attribute2Value". This field can be used in order to provide all the desired attributes and their values on a single field. The example presented in the screenshot can be translated as "displayName,TestingUser;mail,TstUser@flowster.de;company,Flowster Solutions".
Parent Entry (text box editor type) (type: string): the parent entry for the new created user. The parent entry can be linked to a variable outputed by the GetEntry activity (for GetEntry binding usage, see the Add Computer To Group activity) or written by hand. The accepted format should be written as in the given example: "LDAP://servername.dc1.com/OU=Users,OU=__DEV-Testing,DC=dc1,DC=com".
Password (text box editor type) (type: string): the password for the User.
Password Binding (text box editor type) (type: string): bind to a variable containing the encrypted password for the User. (This parameter is used only when the user wants to send an encripted password from outside the workflow, for example Flowster Portal)
sAMAccountName (text box editor type) (type: string): the sAMAccountName for the new user.

The Read Only Output variable are the possible output values that the activity will provide:

Entry Path (type: string): outputs the path of the new created user.

Execution: the activity will output the result of the group creation, displaying the newly created user's Path.

Create User With Password String

This activity creates a new entry of class 'User' in Active Directory.

Activity Parameters

The Create User With Password String activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

Attributes (text box editor type) (type: string): enter user specific Attributes for the new created user. Here can be inserted attributes that would not be created by default with the activity (optional attributes in AD). For example, it can be inserted the displayName attribute. In the Collection editor window, when adding a new member, at Name insert the attribute's name (e.g. displayName) and at Value insert the value that the attribute should take:
CN String (text box editor type) (type: string): the CN String value of the place where the user will be created. For Example: 'CN=TEST'. This value will be associated with the CN attribute.
CSV Attributes (text box editor type) (type: string): overrides the 'Attributes' parameter. The values must be entered with the format: "Attribute1Name,Attribute1Value;Attribute2Name,Attribute2Value". This field can be used in order to provide all the desired attributes and their values on a single field. The example presented in the screenshot can be translated as "displayName,TestingUser;mail,TstUser@flowster.de;company,Flowster Solutions".
Parent Entry (text box editor type) (type: string): the parent entry for the new created user. The parent entry can be linked to a variable outputed by the GetEntry activity (for GetEntry binding usage, see the Add Computer To Group activity) or written by hand. The accepted format should be written as in the given example: "LDAP://servername.dc1.com/OU=Users,OU=__DEV-Testing,DC=dc1,DC=com"
Password String (text box editor type) (type: string): the string value for the password. When editing this parameter, the value of the password will appear as plain text.
sAMAccountName (text box editor type) (type: string): the sAMAccountName for the new user.

The Read Only Output variable are the possible output values that the activity will provide:

Entry Path (type: string): outputs the path of the new created user.

Execution: the activity will output the result of the group creation, displaying the newly created group's Path.

Delete Entry

This activity deletes specified entry from Active Directory.

Activity Parameters

The Delete Entry activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

Entry (combo box control) (type: string): the entry for the account, in this case the entry for an user account. The entry can be linked to a variable outputed by the GetEntry activity (for GetEntry binding usage, see the Add Computer To Group activity) or written by hand. The accepted format should be written as in the given example: "LDAP://servername.dc1.com/CN=DemoUser_1,OU=Users,DC=dc1,DC=com"

Delete Entry Recursive

This activity deletes specified entry from Active Directory including all sub objects.

Activity Parameters

The Delete Entry Recursive activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

Entry (combo box control) (type: string): the entry for the account, in this case the entry for an user account. The entry can be linked to a variable outputed by the GetEntry activity (for GetEntry binding usage, see the Add Computer To Group activity) or written by hand. The accepted format should be written as in the given example: "LDAP://servername.dc1.com/CN=DemoUser_1,OU=Users,DC=dc1,DC=com"

Edit Account Expires

This activity sets the value of the "accountExpires" property for an Active Directory account.

Activity Parameters

The Edit Account Expires activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

Date (text box editor type) (type: string): the value for the date and time when the account should expire. The value must be inserted as a string, following the format given inside the Date Format parameter (e.g. 07/01/2017 10:10:10, which means that the account will expire on January 7, 2017 at 10:00:00)
Date Format (text box editor type) (type: string): the format of the date and time when the account will expire. If no value is provided, the the activity will take the System's defaults.
Entry (text box editor type) (type: string): the entry for the account, in this case the entry for an user account. The entry can be linked to a variable outputed by the GetEntry activity or written by hand. The accepted format should be written as in the given example: "LDAP://servername.dc1.com/CN=DemoUser1,OU=Users,OU=__DEV-Testing,DC=dc1,DC=com".

Using Get Entry activity: get Entry activities can be used in order to extract the needed entry paths from Active Directory. The steps below are describing a scenario of how to use both Get Entry and Edit Account Expires activity types:

use another Get Entry activity to extract the User entry path:
bind the obtained path (stored in a variable) to the User field from the Edit Account Status activity:

Edit Computer Account Status

This activity allows Enable/Disable for an Active Directory computer account.

Activity Parameters

The Edit Computer Account Status activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

Action (combo box control) (type: string): choose to Enable/Disable the specified computer account.
Entry (text box editor type) (type: string): the entry for the account, in this case the entry for a computer account. The entry can be linked to a variable outputed by the GetEntry activity (for GetEntry binding usage, see the Add Computer To Group activity) or written by hand. The accepted format should be written as in the given example: "LDAP://servername.dc1.com/CN=DemoComputer1,OU=Computers,OU=__DEV-Testing,DC=dc1,DC=com".

The Read Only Output variable are the possible output values that the activity will provide:

Output Status (type: boolean): outputs the result status. If the operation succeeded then TRUE, otherwise FALSE.

Execution: the activity will search for the given computer entry and if it is a valid one, will perform the specified operation (disable or enable):

Edit Entry

This activity edits specified attribute(s) values of a specified input entry.

Activity Parameters

The Edit Entry activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

Attribute (text box editor type) (type: string): the attribute for which the value(s) will be edited. Here should be inserted the name exactly as seen in Active Directory (e.g. displayName)
Attributes (text box editor type) (type: string): the attributes as a collection for the AD entry that you want to edit. This parameter can be used in case of multiple attributes that will be edited. Attributes will be added as a list, with their Names and new Values
CSV Attributes (text box editor type) (type: string): overrides the 'Attributes' parameter. The values must be entered with the format: "AttributeName1,Attribute1Value;Attribute2Name,Attribute2Value". This parameter can be used instead of the Attributes one if there is desired to write all attributes and their values as a single string
Date Format (text box editor type) (type: string): if 'Value Type' is 'DateTime', enter the date format string. For example: dd.MM.yyyy; if no value is entered, the system defaults are used.
Entry (text box editor type) (type: string): the entry for the account, in this case the entry for an user account. The entry can be linked to a variable outputed by the GetEntry activity (for GetEntry binding usage, see the Add Computer To Group activity) or written by hand. The accepted format should be written as in the given example: "LDAP://servername.dc1.com/CN=DemoUser1,OU=Users,OU=__DEV-Testing,DC=dc1,DC=com".
Value Type (combo box control) (type: string): choose Data type for the edited value. In our example String will be needed
Value(s) (text box editor type) (type: IEnumerable<string>): enter new value(s) for the attribute (the one provided in the Attribute field), separated by ','. Being of type IEnumerable<of string>, the value(s) should be written between {}
- Examples of values:
  - simple string: {"Demo Test"}
  - multiple values: {"Demo Test","Demo Name","Demo Value"}
  - simple string with comma in it: {"Demo, Test"}
  - multiple values with comma inside of the string: {"Demo, Test","Demo, Name"","Demo, Value"}

As mentioned above, the value(s) can be edited in 3 different ways:

by using the Attribute parameter (single attribute):
by using the Attributes collection of parameters (multiple attributes):
by using the CSV Attributes parameter (multiple attributes and values, written as a single string):

Edit User Account Status

This activity allows Enable/Disable or Lock/Unlock for an Active Directory user account.

Activity Parameters

The Edit User Account Status activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

Action (combo box control) (type: string): choose to Enable/Disable or Lock/Unlock the specified user account.
Attempts (text box editor type) (type: string): the number of allowed bad password attempts.
Entry (text box editor type) (type: string): the entry for the account, in this case the entry for an user account. The entry can be linked to a variable outputed by the GetEntry activity (for GetEntry binding usage, see the Add Computer To Group activity) or written by hand. The accepted format should be written as in the given example: "LDAP://servername.dc1.com/CN=DemoUser1,OU=Users,OU=__DEV-Testing,DC=dc1,DC=com".

The Read Only Output variable are the possible output values that the activity will provide:

Output Status (type: boolean): outputs the result status. If the operation succeeded then TRUE, otherwise FALSE.
Output Statusmessage (type: string): outputs the status message from the trackingdata about the change.

Execution: the activity will check the provided entry and if found, will perform the selected operation on it (enable, disable, lick, unlock):

Get Account Expires

This activity returns the value stored on the accountExpires attribute.

Activity Parameters

The Get Account Expires activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

Entry (text box editor type) (type: string): the entry for the account, in this case the entry for an user account. The entry can be linked to a variable outputed by the GetEntry activity (for GetEntry binding usage, see the Add Computer To Group activity) or written by hand. The accepted format should be written as in the given example: "LDAP://servername.dc1.com/CN=DemoUser1,OU=Users,OU=__DEV-Testing,DC=dc1,DC=com".

The Read Only Output variable are the possible output values that the activity will provide:

Output (type: string): outputs the value of the 'accountExpires' attribute as string.
Output FileTime (type: Int64): outputs the value of the 'accountExpires' attribute converted to FileTime. In order to work with this output value the activity 'ConvertFileTimeToDateTime' can be used.

Get Entries by Filter

This activity retrieves a collection of Active Directory entries (paths) based on the input filters.

Activity Parameters

The Get Entries by Filter activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

Filter By (combo box control) (type: string): the property name by which you want to filter the results (ex: name, sAMAccountName). Flowster Studio provides the following options:
- sAMAccountName
- Name
- Display Name
- OU
- CN
- Distinguished Name
Filter Value (text box editor type) (type: string): the value (for the 'Filter by' parameter) by which you want to filter the results. If there is desired to be returned all the results, the leave the field empty (as seen in the screenshot above)
Location (text box editor type) (type: string): the Active Directory path from where you want to retrieve the entries. The accepted format should be written as in the given example: "LDAP://servername.dc1.com/OU=Groups,OU=__DEV-Testing,DC=dc1,DC=com".
Object Class (combo box control) (type: string): choose the class of the entries you want to retrieve. Flowster Studio provides the following options:
- User
- Group
- Computer
- OU
Output Fields (text box editor type) (type: string): enter the names of the fields to be returned on the output. Multiple fields are allowed, split by ';'. For example: "sAMAccountName;name"

The Read Only Output variable are the possible output values that the activity will provide:

Output (type: collection<collection<collection<string>>>): returns a collection of entries (their paths and attributes).To use the elements of the collection, use Get Element From Collection activity.
Output Rows (type: int32): outputs the number of rows retrieved.

Execution: the activity will check the provided location path and if found, will return the objects stored within (groups, user, computers or OUs, depends on the used filter).

In order to extract the values from the output collection (in our case the output is a Collection(Of Collection(Of Collection(Of String))) ), several For Each and Get Element From Collection activities should be used:

The first For Each is used to extract a first collection from the output collection, the variable being of type Collection<Of Collection<Of Collection<Of String>>>. The extracted Collection<Of Collection<Of String>> will be assigned to the Iterator variable.

The second For Each is used to extract a second collection from the Iterator collection, the Iterator being of type Collection<Of Collection<Of String>>. The extracted Collection<<Of String> will be assigned to the Iterator1 variable.

The Get Element From Collection activity will take the Iterator1 as the Collection Input, extracting the String's value from it.

Get Entry

This activity gets specified entry from Active Directory.

Activity Parameters

The Get Entry activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

Get Entry By (combo box control) (type: string): select the Active Directory attribute. Flowster Studio provides the following options:
- sAMAccountName
- Name
- Display Name
- Distinguished Name
- OU
- CN
Value (text box editor type) (type: string): the value for selected attribute.

The Read Only Output variable are the possible output values that the activity will provide:

Output (type: object): outputs entry object from Active Directory, in the System.DirectoryServices.DirectoryEntry format
Output Entry Path : outputs the resulted entry path. This output will be used by the most of the Active Directory activities as an entry value:

Execution: the activity will search the Active Directory for the given input and if found, it will return its values

Get Entry Attributes

This activity gets specified entry and retrieves a collection containing the attributes and their corresponding values.

Activity Parameters

The Get Entry Attributes activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

Entry (text box editor type) (type: string): the entry for the account, in this case the entry for an user account. The entry can be linked to a variable outputed by the GetEntry activity (for GetEntry binding usage, see the Add Computer To Group activity) or written by hand. The accepted format should be written as in the given example: "LDAP://servername.dc1.com/CN=DemoUser1,OU=Users,OU=__DEV-Testing,DC=dc1,DC=com"
Selected Attribute (text box editor type) (type: string): specify an attribute for which you want a separate output. This parameter is used when it is desired for the activity to return only the value(s) for a single attribute (e.g. sAMAccountName)

The Read Only Output variable are the possible output values that the activity will provide:

Output (Collection<Collection<String>>): outputs a collection of Groups and their AD paths.To use the elements of the collection, use Get Element From Collection activity.
Output Rows Count: output Rows Count.
Selected Attribute Multiple Output: outputs a collection of values of the specified 'Selected Attribute' parameter, for example for attribute 'objectClass'. To use the elements of the collection, use Get Element From Collection activity.
Selected Attribute Single Output: outputs a single value (first) of the specified 'Selected Attribute' parameter.

Execution: the activity will check the provided entry path and if found, will return the values for all attributes (if the Selected Attribute field is empty) or just for a single attribute (if the Selected Attribute parameter contains a value):

In order to extract the values from the output collection (in our case the output is a Collection(Of Collection(Of String)) ), For Each and Get Element From Collection activities should be used:

The For Each is used to extract a single collection from the output collection, the output collection being of type Collection<Of Collection<Of String>>. The extracted Collection<<Of String> will be assigned to the Iterator variable.

The Get Element From Collection activity will take the Iterator as the Collection Input, extracting the String's value from it.

Get Password Expiration Date

This activity returns the password expiration date.

Activity Parameters

The Get Password Expiration Date activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

Entry (text box editor type) (type: string): the entry for the account, in this case the entry for an user account. The entry can be linked to a variable outputed by the GetEntry (for GetEntry binding usage, see the Add Computer To Group activity) activity or written by hand. The accepted format should be written as in the given example: "LDAP://servername.dc1.com/CN=DemoUser1,OU=Users,OU=__DEV-Testing,DC=dc1,DC=com"

The Read Only Output variable are the possible output values that the activity will provide:

Output Date (type: Nullable<DateTime>): outputs the expiration date for the specified period. If NULL is returned then the user password never expires.
Output Days (type: int32): outputs the number of days until/since the expiration date. If it is negative it means that the password is already expired.

Get Entry SID

This activity returns the SID object and a string equivalent of an AD Entry.

Activity Parameters

The Get Entry SID activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

Entry (text box editor type) (type: string): the entry for the account, in this case the entry for an user account. The entry can be linked to a variable outputed by the GetEntry activity (for GetEntry binding usage, see the Add Computer To Group activity) or written by hand. The accepted format should be written as in the given example: "LDAP://servername.dc1.com/CN=Demouser1,OU=Users,OU=__DEV-Testing,DC=dc1,DC=com".

The Read Only Output variable are the possible output values that the activity will provide:

SID (type: string): SID string of the specified AD Entry.
SID Object (type: byte[ ]): an array of byte representing the SID Object.

Execution: the activity will check the provided entry path and if found, will return the SID object in object and string formats:

Get User Account Status

This activity returns information about an entry, regarding the account status,password,account expiration date, email.

Activity Parameters

The Get User Account Status activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

Entry (text box editor type) (type: string): the entry for the account, in this case the entry for an user account. The entry can be linked to a variable outputed by the GetEntry activity (for GetEntry binding usage, see the Add Computer To Group activity) or written by hand. The accepted format should be written as in the given example: "LDAP://servername.dc1.com/CN=DemoUser1,OU=Users,OU=__DEV-Testing,DC=dc1,DC=com".

The Read Only Output variable are the possible output values that the activity will provide:

Output (type: collection<string>): outputs a collection of attributes and their values for the specified entry.
Output Status (type: boolean): outputs the result status. If the operation succeeded then TRUE, otherwise FALSE.

Execution: the activity will retrieve all statuses for the given entry:

Get User Groups

This activity retrieves a collection containing the groups the user is a member of.

Activity Parameters

The Get User Groups activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

Entry (text box editor type) (type: string): the entry for the account, in this case the entry for an user account. The entry can be linked to a variable outputed by the GetEntry activity (for GetEntry binding usage, see the Add Computer To Group activity) or written by hand. The accepted format should be written as in the given example: "LDAP://servername.dc1.com/CN=DemoUser1,OU=Users,OU=__DEV-Testing,DC=dc1,DC=com".

The Read Only Output variable are the possible output values that the activity will provide:

Output (type: collection<collection<string>>): outputs a collection of Groups and their AD paths. To use the elements of the collection, use Get Element From Collection activity.
Output Rows Count (type: int32): outputs Rows Count of the returned values.

Execution: the activity will retrieve all the groups where the given entry is a member of.

Get Users in Group

This activity retrieves a collection containing the users of a specified group.

Activity Parameters

The Get Users in Group activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

Attributes (text box editor type) (type: string): the attributes to retrieve for found users, in addition to the 'Path' attribute, which is retrieved by default. The attributes must be separated by ','. For example: name,distinguishedName,sAMAccount.
Group Name (text box editor type) (type: string): the group name. This value can be used when no path is given for the group
Group Path (text box editor type) (type: string): the entry for the group. The entry can be linked to a variable outputed by the GetEntry activity (for GetEntry binding usage, see the Active Directory#Add Computer To Group activity) or written by hand. The accepted format should be written as in the given example: "LDAP://servername.dc1.com/CN=TestingGroup,OU=Groups,OU=__DEV-Testing,DC=dc1,DC=com".

The Read Only Output variable are the possible output values that the activity will provide:

Output (type: collection<collection<string>>): outputs a collection of Users and their AD paths.To use the elements of the collection, use Get Element From Collection activity.
Output Rows Count (type: int32): outputs Rows Count for retrieved users.

Execution: the activity will retrieve all the users which are members of the given group.

Group Exists

This activity checks in the Active Directory if specified group has an entry in 'Groups' class.

Activity Parameters

The Group Exists activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

Check Entry By (text box editor type) (type: string): specify Active Directory attribute; default value is set to 'sAMAccountName'. There can also be used other attributes, like for example Name or displayName
Value (text box editor type) (type: string): the value for selected attribute in Check Entry By parameter. Here can be provided the name of the group, for example, as seen in the screenshot

The Read Only Output variable are the possible output values that the activity will provide:

Output (type: boolean): outputs a boolean value to reflect if group exists or not in the specified AD path.

Execution: the activity will search after the given value (a sAMAccountName, a Name, a Display Name or othet values that the provided attribute can take) and if it finds the object, will return True, otherwise it will return False:

Is Member

This activity validates if user, group or computer-account is member of a specified Active Directory group.

Activity Parameters

The Is Member activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

Entry Path (text box editor type) (type: string): the entry for the user. The entry can be linked to a variable outputed by the GetEntry activity (for GetEntry binding usage, see the Add Computer To Group activity) or written by hand. The accepted format should be written as in the given example: "LDAP://srvname.dc1.com/CN=DemoUser1,OU=Users,OU=__DEV-Testing,DC=dc1,DC=com".
Group Path (text box editor type) (type: string): the entry for the group. The entry can be linked to a variable outputed by the GetEntry activity (for GetEntry binding usage, see the Add Computer To Group activity) or written by hand. The accepted format should be written as in the given example: "LDAP://srvname.dc1.com/CN=DemoGroup1,OU=Groups,OU=__DEV-Testing,DC=dc1,DC=com".

The Read Only Output variable are the possible output values that the activity will provide:

Output (type: boolean): outputs True if the Entry is member of the specified Group and False otherwise.

Execution: the activity will search if the given user (Entry Path parameter) is a member of the given group (Group Path parameter). If yes, it will return True, otherwise False:

Join Computer to Domain

This activity joins a computer to a specified domain.

Activity Parameters

The Join Computer to Domain activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

Account Create (combo box editor type): specifies if the activity will also create a Computer account into Active Directory for the given machine. If set to Yes, then the account will be created in the given Destination OU or in the default location (if Destination OU is empty). If set to No, the activity will only join the computer to the domain, without creating an account for it.
Destination OU (text box editor type) (type: string): the Active Directory organizational unit (OU) where the new computer account will be created. If this parameter is specified and if the Account Create flag is set to Yes, then the new computer account will be created in this AD location. If the field is left empty and the Account Create flag is set to Yes, the new computer account will be created in the AD's default Computers location.
Domain (text box editor type) (type: string): the domain where the given machine will be joined. For example, "dc1.com".
Domain Join if Joined (combo box editor type) : specifies if the machine will rejoin the given domain, if it is already joined. If set to No, the machine will not rejoin the domain (only if it is already joined) and the activity message will be "The machine is already joined to the domain".
Machine Name (text box editor type) (type: string): the name of the machine which will be joined to the given domain. If Account Create is set to Yes, then this will also be the name of the AD computer account.
Password (password box editor type) (type: string): the password for the user which will try adding the machine to the domain.
Password Binding (text box editor type) (type: string): bind to a variable containing the encrypted password for the connection. This parameter is used only when the user wants to send an encrypted password from outside the workflow, for example Flowster Studio Portal.
User Domain (text box editor type) (type: string): the domain of the user which will try to add the machine to the domain. For example "dc1.com", which is also the domain where the user is a member of.
Username (text box editor type) (type: string): the user which will try adding the machine to the domain. The user must have rights to perform this kind of operation.

The Read Only Output variable are the possible output values that the activity will provide:

Output (type: String): outputs the status of the operation.

Execution: the activity will try to add the given machine to the given domain, for example:

Move Entry

This activity moves a specified entry to a new location in Active Directory.

Activity Parameters

The Move Entry activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

Entry (text box editor type) (type: string): the entry for the user. The entry can be linked to a variable outputed by the GetEntry activity (for GetEntry binding usage, see the Active Directory#Add Computer To Group activity) or written by hand. The accepted format should be written as in the given example: "LDAP://srvname.dc1.com/CN=Demouser1,OU=Users,OU=__DEV-Testing,DC=dc1,DC=com".
Entry New Location (text box editor type) (type: string): the entry for the new location (in this example a group is given). The entry can be linked to a variable outputed by the GetEntry activity (for GetEntry binding usage, see the Add Computer To Group activity) or written by hand. The accepted format should be written as in the given example: "LDAP://srvname.dc1.com/OU=DemoUsers,DC=dc1,DC=com".

Execution: the activity will move the user into the new location. In the screenshot below, there can be seen the user in the new location, in Active Directory.

Remove Computer from Group

This activity removes specified computer from specified group.

Activity Parameters

The Remove Computer from Group activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

Computer (text box editor type) (type: string): the entry for the computer. The entry can be linked to a variable outputed by the GetEntry activity (for GetEntry binding usage, see the Add Computer To Group activity) or written by hand. The accepted format should be written as in the given example: "LDAP://srvname.dc1.com/CN=DemoComputer1,OU=Computers,OU=__DEV-Testing,DC=dc1,DC=com".
Group (text box editor type) (type: string): the entry for the group where the computer is a member of. The entry can be linked to a variable outputed by the GetEntry activity (for GetEntry binding usage, see the Add Computer To Group activity) or written by hand. The accepted format should be written as in the given example: "LDAP://srvname.dc1.com/CN=DemoGroups,OU=__DEV-Testing,DC=dc1,DC=com".

Execution: the activity will remove the given computer from the given group. The output will display both the computer and the group AD paths and their DN (distinguished names)

Remove Group from Group

This activity removes group from specified group.

Activity Parameters

The Remove Group from Group activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

Group (text box editor type) (type: string): the entry path of the group where the other group is a member of, or bind this parameter with the output parameter of a Get Entry activity (for GetEntry binding usage, see the Add Computer To Group activity). If the Group Entry Path will be manually inserted, the accepted format should be written like in the following example: "LDAP://srvname.dc1.com/CN=DemoGroups,OU=__DEV-Testing,DC=dc1,DC=com".

Group To Be Removed (text box editor type) (type: string): the entry path of the group that will be removed from the group, or bind this parameter with the output parameter of a Get Entry activity (for GetEntry binding usage, see the Add Computer To Group activity). If the Group Entry Path will be manually inserted, the accepted format should be written like in the following example: "LDAP://srvname.dc1.com/CN=DemoGroup1,OU=DemoGroups,OU=__DEV-Testing,DC=dc1,DC=com".

Execution: the activity will search if the provided entry paths are valid and if yes, it will remove the indicated group from the other group. The output will display both the groups AD paths and their DN (distinguished names)

Remove User from Group

This activity removes specified user from specified group.

Activity Parameters

The Remove User from Group activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

Group (text box editor type) (type: string): the entry path of the group where the user is a member of, or bind this parameter with the output parameter of a Get Entry activity (for GetEntry binding usage, see the Add Computer To Group activity). If the Group Entry Path will be manually inserted, the accepted format should be written like in the following example: "LDAP://srvname.dc1.com/CN=DemoGroups,OU=Groups,OU=__DEV-Testing,DC=dc1,DC=com".

User (text box editor type) (type: string): the entry path of the user that will be removed from the group, or bind this parameter with the output parameter of a Get Entry activity (for GetEntry binding usage, see the Add Computer To Group activity). If the Group Entry Path will be manually inserted, the accepted format should be written like in the following example: "LDAP://srvname.dc1.com/CN=DemoUser1,OU=Users,OU=__DEV-Testing,DC=dc1,DC=com".

Execution: the activity will search if the provided entry paths are valid and if yes, it will remove the indicated user from the other group. The output will display both the user and the group AD paths and their DN (distinguished names).

Rename Entry

This activity gives new value(s) to an AD attribute that needs to be renamed (for example, the name attribute needs a different method for assigning a new value that edit).

Activity Parameters

The Rename Entry activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

Get Entry By (combo box control) (type: string): select the Active Directory attribute. Flowster Studio provides the following options:
- sAMAccountName
- Name
- Display Name
- Distinguished Name
- OU
- CN
New Name (text box editor type) (type: string): the new value for selected attribute.
Value (text box editor type) (type: string): the value for selected attribute. In this case, here can be inserted the old value for the selected attribute

The Read Only Output variable are the possible output values that the activity will provide:

Output (type: object): outputs entry object from Active Directory, in the System.DirectoryServices.DirectoryEntry format
Output Entry Path : outputs the resulted entry path. This output can be used by the most of the Active Directory activities as an entry value:

User Exists

This activity checks in the Active Directory if specified user has an entry in 'User' Class..

Activity Parameters

The User Exists activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

Check Entry By (text box editor type) (type: string): specify Active Directory attribute; default value is set to 'sAMAccountName'.
Value (text box editor type) (type: string): the value for selected attribute in Check Entry By parameter. In this case, the sAMAccountName of the user can be given. If displayName is selected in the Check Entry By field, then here the display name value will be inserted

The Read Only Output variable are the possible output values that the activity will provide:

Output (type: boolean): outputs a boolean value to reflect if user exists or not in the specified AD path.

Execution: the activity will search the Active Directory for the given input and if found, it will return True, otherwise False:

Browser not supported