Activities

• Active Directory#Connect to Active Directory
• Disconnect from Active Directory 
• Active Directory#Add Computer to Group
• Active Directory#Add Domain User to Local Group
• Active Directory#Add Group to Group
• Active Directory#Add User to Group
• Active Directory#Add User to Group Extended
• Change User Password
• Change User Password (non-encrypted)
• ClearADAttributeValue
• Computer Exists
• Create Computer
• Create Group
• Create User
• Create User With Password String
• Delete Entry
• Active Directory#Delete Entry Recursive
• Edit Account Expires
• Edit Computer Account Status
• Edit Entry
• Edit User Account Status
• Get Account Expires
• Get Entries by Filter
• Get Entry
• Get Entry Attributes
• Get Password Expiration Date
• Get User Account Status
• Get User Groups
• Get Users in Group
• Get Entry SID
• Group Exists
• Is Member
• Join Computer to Domain
• Move Entry
• Remove Computer from Group
• Remove Group from Group
• Remove User from Group
• User Exists

Connect to Active Directory

This activity connects to Active Directory.The Output of this activity should be used as input for all Connection parameters used for activities placed under Active Directory category.

Activity Parameters

The Connect to Active Directory activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

• AD Path (combo box control) (type: string): the Active Directory connection string, without "LDAP:\\\\" part. Here can be inserted, for example, the name of the Domain Controller server: "dc1.com"
• AD Site (combo box control) (type: string): Enter the AD site. The activity will connect to the Domain Controller belonging to this site only.
• Domain entry Path (text box editor type) (type: string): Enter Domain entry path "LDAP://domain.com". Only in conjuction with AD Site Filter parameter for cross domains. If left empty it will use the current domain entry path.
• Logon Provider (combo box control) (type: string): choose from the drop down list the logon provider. Flowster Studio provides the following options:
  • Default: Use the standard logon provider for the system. The default security provider is negotiate, unless you pass NULL for the domain name and the user name is not in UPN format. In this case the default provider is NTLM.
  • WinNT50: Use the negotiate logon provider. This value is not support for Windows NT 4 or earlier.
  • WinNT40: Use the NTLM logon provider
  • WinNT35: Use the Windows NT 3.5 logon provider
• Logon Type (combo box control) (type: string): choose from the drop down list the type of logon operation to perform.
  
  • Interactive: used for a logon at the console of a computer. An Interactive logon is logged when it is attempted to log on at a Windows computer’s local keyboard and screen
  • Network: occurs when there are accessed remote file shares or printers. Also, most logons to Internet Information Services (IIS) are classified as network logons, other than IIS logons that use the basic authentication protocol (those are logged as logon type Network Clear Text)
  • Batch: used for scheduled workflows. When the Windows Scheduler service starts a scheduled workflow, it first creates a new logon session for the workflow, so that it can run in the security context of the account that was specified when the workflow was created
  • Service: used for services and service accounts that log on to start a service. When a service starts, Windows first creates a logon session for the user account that is specified in the service configuration
  • Unlock: used whenever a Windows machine is unlocked
  • Network Clear Text: used when log on over a network and the password is sent in clear text. This happens, for example, when basic authentication is used to authenticate to an IIS server
  • New Credentials: used when running an application using the RunAs command and specify the /netonly switch. When you start a program with RunAs using /netonly, the program starts in a new logon session that has the same local identity (this is the identity of the currently logged on user), but uses different credentials (the ones specified in the runas command) for other network connections. Without /netonly, Windows runs the program on the local computer and on the network as the user specified in the runas command, and logs the logon event with type Interactive
• Password (password editor type) (type: string): the password for the provided username.
• Password Binding (text box editor type) (type: string): bind to a variable containing the encrypted password for the connection. (This parameter is used only when the user wants to send an encripted password from outside the workflow, for example Flowster Portal).
• Persistance Enable this parameter in order to serialize activities for persistance.
• Port (combo box control) (type: string): Enter the AD port on which you want to connect. Usually 636 for ssl and 389 non ssl.
• Root (combo box control) (type: string): the root type: 
  • LDAP: when the scope of a search is the domain or an organizational unit
  • GC: when the scope of a search is the forest
• Secure Connection (combo box control) (type: string): this can be used as input when you need a secure connection. You can either choose from the drop down list if the connection should be secured or you can bind this parameter to a Variable/Global Variable or IN argument. 
• Username (text box editor type) (type: string): the username to query and perform Active Directory operations. The accepted format is domain\username

The Read Only Output variable are the possible output values that the activity will provide:

• Connection (type: object): outputs an Active Directory Connection. This parameter should be used as input for all Connection parameters used for activities placed under Active Directory category.

Disconnect from Active Directory

This activity disconnects from Active Directory.

Activity Parameters

The Disconnect from Active Directory activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

• Connection (text box editor type) (type: object): the Active Directory Connection. The output parameter from Connect To Active Directory activity should be used as Input here.
  
  

Add Computer to Group

This activity adds a computer to specified group.

Activity Parameters

The Add Computer to Group activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

• Computer (text box editor type) (type: string): the entry path of the computer, or bind this parameter with the output parameter of a Get Entry activity. If the Computer Entry Path will be manually inserted, the accepted format should be written like in the following example: "LDAP://ServerName.dc1.com/CN=TestingMachine,OU=Computers,OU=__DEV-Testing,DC=dc1,DC=com"
• Group (text box editor type) (type: string): the entry path of the group, or bind this parameter with the output parameter of a Get Entry activity. If the Group Entry Path will be manually inserted, the accepted format should be written like in the following example: "LDAP://ServerName.dc1.com/CN=TestingGroup,OU=Groups,OU=__DEV-Testing,DC=dc1,DC=com"
  
  
  

Execution: the activity will search if the provided entry paths are valid and if yes, it will add the indicated computer to the indicated group.

Using Get Entry activities: get Entry activities can be used in order to extract the needed entry paths from Active Directory. The steps below are describing a scenario of how to use both Get Entry and Add Computer to Group activity types:

• use a Get Entry activity to extract the Computer entry
  
  
  
  
• use another Get Entry activity to extract the Group entry path
  
  
  
  
• bind the obtained paths (stored in variables) to the Computer and Group fields from the Add Computer To Group activity:
  
  

Add Domain User to Local Group

This activity adds a domain user to a local group.

Activity Parameters

The Add Domain User to Local Group activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

• Domain (text box editor type) (type: string): the domain from where the user will be added into the local group (e.g. "dc1").
• Group Name (text box editor type) (type: string): the name of the local group where the domain user will be added (e.g. "FlowsterLocalGroup").
• User Name (text box editor type) (type: string): the sAMAccountName of the domain user which will be added to the local group (e.g. "demouser"). This is the Active Directory attribute after which the activity will retrieve the user.
  
  

Execution: the activity will search if the provided domain and the user with the given sAMAccountName exists. If yes, the it will add the domain user to given the local group.

Add Group to Group

This activity adds a group to another group.

Activity Parameters

The Add Group to Group activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

• Group (text box editor type) (type: string): the entry path of the group where the other group will be added, or bind this parameter with the output parameter of a Get Entry activity. If the Group Entry Path will be manually inserted, the accepted format should be written like in the following example: "LDAP://servername.dc1.com/CN=TestingGroup,OU=Groups,OU=__DEV-Testing,DC=dc1,DC=com"

• Group To Be Added (text box editor type) (type: string): the entry path of the group that will be added into another group, or bind this parameter with the output parameter of a Get Entry activity. If the Group Entry Path will be manually inserted, the accepted format should be written like in the following example: "LDAP://servername.dc1.com/CN=DemoGroup,OU=Groups,OU=__DEV-Testing,DC=dc1,DC=com"
  
  
  

Execution: the activity will search if the provided entry paths are valid and if yes, it will add the indicated group to the other group:

Using Get Entry activities: get Entry activities can be used in order to extract the needed entry paths from Active Directory. The steps below are describing a scenario of how to use both Get Entry and Add Group to Group activity types:

• use a Get Entry activity to extract the first Group entry (the group where the second group will be added):

• use another Get Entry activity to extract the second Group entry path (the group which will be added into the first group)
  
  
  
  
• bind the obtained paths (stored in variables) to the Group and Group To Be Added fields from the Add Group To Group activity:
  
  

Add User to Group

This activity adds specified user to specified group.

Activity Parameters

The Add User to Group activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

• Group (text box editor type) (type: string): the entry path of the group where the user will be added, or bind this parameter with the output parameter of a Get Entry activity. If the Group Entry Path will be manually inserted, the accepted format should be written like in the following example: "LDAP://servername.dc1.com/CN=TestingGroup,OU=Groups,OU=__DEV-Testing,DC=dc1,DC=com"

• User (text box editor type) (type: string): the entry path of the user that will be added to the group, or bind this parameter with the output parameter of a Get Entry activity. If the User Entry Path will be manually inserted, the accepted format should be written like in the following example: "LDAP://servername.dc1.com/CN=TestingUser,OU=Users,OU=__DEV-Testing,DC=dc1,DC=com"
  
  
  

Execution: the activity will search if the provided entry paths are valid and if yes, it will add the indicated user to the indicated group:

Using Get Entry activities: get Entry activities can be used in order to extract the needed entry paths from Active Directory. The steps below are describing a scenario of how to use both Get Entry and Add User to Group activity types:

• use a Get Entry activity to extract the Group entry (the group where the user will be added):
  
  
  
  
• use another Get Entry activity to extract the User entry path (the user which will be added into the group)
  
  
  
  
• bind the obtained paths (stored in variables) to the Group and Group To Be Added fields from the Add Group To Group activity:
  
  

Add User to Group Extended

This activity adds specified user to specified group.

Activity Parameters

The Add User to Group Extended activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

• Close AD Connection (text box editor type) (type: object): Close AD connection after success or failure.

• Connection (text box editor type) (type: object): the Active Directory Connection. The output parameter from Connect To Active Directory activity should be used as Input here.

• Group (text box editor type) (type: string): the entry path of the group where the user will be added, or bind this parameter with the output parameter of a Get Entry activity. If the Group Entry Path will be manually inserted, the accepted format should be written like in the following example: "LDAP://servername.dc1.com/CN=TestingGroup,OU=Groups,OU=__DEV-Testing,DC=dc1,DC=com"
• RetryCount (text box editor type) (type: object): Enter the amount of retries the activity does every {RetryDelay} in seconds, when the activity fails.
• RetryDelay (text box editor type) (type: object): The delay in seconds between each retry.
• User (text box editor type) (type: string): the entry path of the user that will be added to the group, or bind this parameter with the output parameter of a Get Entry activity. If the User Entry Path will be manually inserted, the accepted format should be written like in the following example: "LDAP://servername.dc1.com/CN=TestingUser,OU=Users,OU=__DEV-Testing,DC=dc1,DC=com"

The Read Only Output variable are the possible output values that the activity will provide:

• Error Code (type: string): The error code from the error that occured (if any).
• Error Message (type: string): The error message from the error that occured (if any).
• HRESULT Code (type: string): The HRESULT from the error that occured (if any)
• Output success status (type: boolean): Outputs whether the acrivity succeeded or not.
• Source (type: object): The source from the error that occured (if any).

Change User Password

This activity changes the password of a user account.

Activity Parameters

The Change User Password activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

• Entry (text box editor type) (type: string): the entry for the user. The entry can be linked to a variable outputed by the GetEntry activity or written by hand. The accepted format should be written as in the given example: "LDAP://servername.dc1.com/CN=TestingUser,OU=Users,OU=__DEV-Testing,DC=dc1,DC=com"
• Password (text box editor type) (type: string): the new password for the User.
• Password Binding (text box editor type) (type: string): bind to a variable containing the encrypted password for the User. (This parameter is used only when the user wants to send an encripted password from outside the workflow, for example Flowster Portal)

Using Get Entry activity: get Entry activities can be used in order to extract the needed entry paths from Active Directory. The steps below are describing a scenario of how to use both Get Entry and Change User Password activity types:

• use another Get Entry activity to extract the User entry path:
  
  
  
  
• bind the obtained path (stored in a variable) to the User field from the Change User Password activity:
  
  

Change User Password(non-encrypted)

This activity changes the password of a user account with non-encrypted Password String.

Activity Parameters

The Change User Password (non-encrypted) activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

• Entry (text box editor type) (type: string): the entry for the user. The entry can be linked to a variable outputed by the GetEntry activity or written by hand. The accepted format should be written as in the given example: "LDAP://servername.dc1.com/CN=TestingUser,OU=Users,OU=__DEV-Testing,DC=dc1,DC=com"
• Password Binding (text box editor type) (type: string): bind to a variable containing the non-encrypted password or input the string password. E.g. "Welcome2016". The variable can be defined in the Variables section and should be of type String.
  
  
  

Using Get Entry activity: get Entry activities can be used in order to extract the needed entry paths from Active Directory. The steps below are describing a scenario of how to use both Get Entry and Change User Password (non-encrypted) activity types:

• use another Get Entry activity to extract the User entry path:
  
  
  
  
• bind the obtained path (stored in a variable) to the User field from the Change User Password (non-encrypted) activity:
  
  

ClearADAttributeValue

This activity clears the value of a specified attribute for an Active Directory entry.

NOTE: An attribute to be cleared means to insert null value but strings with 0 length or attributes with null value are not valid attribute in AD, this means that when you set a value to "" , the property/attribute gets deleted.

Activity Parameters

The ClearADAttributeValue activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

• ClearAttribute (text box editor type) (type: string): the attribute that will be cleared/removed.
• Entry (text box editor type) (type: string): the entry path of the Active Directory entry, or bind this parameter with the output parameter of a Get Entry activity. If the Entry Path will be manually inserted, the accepted format should be written like in the following example: "LDAP://servername.dc1.com/CN=DemoUser,OU=DemoOU,DC=dc1,DC=com"

Using Get Entry activities: get Entry activities can be used in order to extract the needed entry paths from Active Directory. The steps below are describing a scenario of how to use both Get Entry and ClearADAttributeValue activity:

• use a Get Entry activity to extract the Entry path:

• bind the obtained path (stored in variable) to the Entry field from ClearADAttributeValue activity:

Computer Exists

This activity checks in the Active Directory if specified computer has an entry in 'Computer' class.

Activity Parameters

The Computer Exists activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

• Check Entry By (text box editor type)  (type: string): the activity will search into Active Directory for a computer type object with the specified value of this attribute. By default it is set to sAMAccountName, which is an AD attribute with unique values
• Value (text box editor type)  (type: string): the value for selected attribute in Check Entry By parameter. In the example above, the value for sAMAccountName (e.g. TestingMachine)

The Read Only Output variable are the possible output values that the activity will provide:

• Output  (type: boolean): outputs True or False to reflect if computer exists or not in the specified AD path.

Create Computer

This activity creates a new entry of class 'Computer' in Active Directory.

Activity Parameters

The Create Computer activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

• Attributes (text box editor type) (type: string): enter computer specific Attributes for the new created computer. Here can be inserted attributes that would not be created by default with the activity (optional attributes in AD).
• CN String (text box editor type) (type: string): the CN String value that will be associated with the Canonical Name of the object. For Example: 'CN=DemoComputer1' will create a computer with the Canonical Name: dc1.com/__DEV-Testing/Computers/DemoComputer1.
• CSV Attributes (text box editor type) (type: string): overrides the 'Attributes' parameter. The values must be entered with the format: "Attribute1Name,Attribute1Value;Attribute2Name,Attribute2Value". This field can be used in order to provide all the desired attributes and their values on a single field.
  
• Parent Entry (text box editor type) (type: string): the parent entry for the new created computer. The parent entry can be linked to a variable outputed by the GetEntry activity (for GetEntry binding usage, see the Add Computer To Group activity) or written by hand. The accepted format should be written as in the given example: "LDAP://servername.dc1.com/OU=Computers,OU=__DEV-Testing,DC=dc1,DC=com"
• sAMAccountName (text box editor type) (type: string): the sAMAccountName for the new computer.

The Read Only Output variable are the possible output values that the activity will provide:

• Entry Path (type: string): outputs the path of the new created computer.

Create Group

This activity creates a new entry of class 'Group' in Active Directory.

Activity Parameters

The Create Group activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

• Attributes (text box editor type) (type: string): enter group specific Attributes for the new created group. Here can be inserted attributes that would not be created by default with the activity (optional attributes in AD). For example, it can be inserted the displayName attribute. In the Collection editor window, when adding a new member, at Name insert the attribute's name (e.g. displayName) and at Value insert the value that the attribute should take.
• CN String (text box editor type) (type: string): the CN String value of the place where the group will be created. For Example: 'CN=TEST'. This value will be associated with the CN attribute.
• CSV Attributes (text box editor type) (type: string): overrides the 'Attributes' parameter. The values must be entered with the format: "Attribute1Name,Attribute1Value;Attribute2Name,Attribute2Value". This field can be used in order to provide all the desired attributes and their values on a single field. The example presented in the screenshot can be translated as "displayName,TestingGroup".
  
• Group Type (combo box control) (type: string): choose the type of the group you want to create. Flowster Studio provides the following options:
  • Local Security Group
  • Global Security Group
  • Builtin Group
  • Universal Security Group
  • Global Distribution Group
  • Local Distribution group
  • Universal Distribution group
• Parent Entry (text box editor type) (type: string): the parent entry for the new created group. The parent entry can be linked to a variable outputed by the GetEntry activity (for GetEntry binding usage, see the Add Computer To Group activity) or written by hand. The accepted format should be written as in the given example: "LDAP://servername.dc1.com/OU=Groups,OU=__DEV-Testing,DC=dc1,DC=com".
• sAMAccountName (text box editor type) (type: string): the sAMAccountName for the new group.

The Read Only Output variable are the possible output values that the activity will provide:

• Entry Path (type: string): outputs the path of the new created group.

Create User

This activity creates a new entry of class 'User' in Active Directory.

Activity Parameters

The Create User activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

• Attributes (text box editor type) (type: string): enter user specific Attributes for the new created user. Here can be inserted attributes that would not be created by default with the activity (optional attributes in AD). For example, it can be inserted the displayName attribute. In the Collection editor window, when adding a new member, at Name insert the attribute's name (e.g. displayName) and at Value insert the value that the attribute should take:
• CN String (text box editor type) (type: string): the CN String value of the place where the user will be created. For Example: 'CN=TEST'. This value will be associated with the CN attribute.
• CSV Attributes (text box editor type) (type: string): overrides the 'Attributes' parameter. The values must be entered with the format: "Attribute1Name,Attribute1Value;Attribute2Name,Attribute2Value". This field can be used in order to provide all the desired attributes and their values on a single field. The example presented in the screenshot can be translated as "displayName,TestingUser;mail,TstUser@flowster.de;company,Flowster Solutions".
• Parent Entry (text box editor type) (type: string): the parent entry for the new created user. The parent entry can be linked to a variable outputed by the GetEntry activity (for GetEntry binding usage, see the Add Computer To Group activity) or written by hand. The accepted format should be written as in the given example: "LDAP://servername.dc1.com/OU=Users,OU=__DEV-Testing,DC=dc1,DC=com".
• Password (text box editor type) (type: string): the password for the User.
• Password Binding (text box editor type) (type: string): bind to a variable containing the encrypted password for the User. (This parameter is used only when the user wants to send an encripted password from outside the workflow, for example Flowster Portal)
• sAMAccountName (text box editor type) (type: string): the sAMAccountName for the new user.

The Read Only Output variable are the possible output values that the activity will provide:

• Entry Path (type: string): outputs the path of the new created user.

Delete Entry

This activity deletes specified entry from Active Directory.

Activity Parameters

The Delete Entry activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

• Entry (combo box control) (type: string): the entry for the account, in this case the entry for an user account. The entry can be linked to a variable outputed by the GetEntry activity (for GetEntry binding usage, see the Add Computer To Group activity) or written by hand. The accepted format should be written as in the given example: "LDAP://servername.dc1.com/CN=DemoUser_1,OU=Users,DC=dc1,DC=com"

Delete Entry Recursive

This activity deletes specified entry from Active Directory including all sub objects.

Activity Parameters

The Delete Entry Recursive activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

• Entry (combo box control) (type: string): the entry for the account, in this case the entry for an user account. The entry can be linked to a variable outputed by the GetEntry activity (for GetEntry binding usage, see the Add Computer To Group activity) or written by hand. The accepted format should be written as in the given example: "LDAP://servername.dc1.com/CN=DemoUser_1,OU=Users,DC=dc1,DC=com"

Edit Account Expires

This activity sets the value of the "accountExpires" property for an Active Directory account.

Activity Parameters

The Edit Account Expires activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

• Date (text box editor type) (type: string): the value for the date and time when the account should expire. The value must be inserted as a string, following the format given inside the Date Format parameter (e.g. 07/01/2017 10:10:10, which means that the account will expire on January 7, 2017 at 10:00:00)
• Date Format (text box editor type) (type: string): the format of the date and time when the account will expire. If no value is provided, the the activity will take the System's defaults.
• Entry (text box editor type) (type: string): the entry for the account, in this case the entry for an user account. The entry can be linked to a variable outputed by the GetEntry activity or written by hand. The accepted format should be written as in the given example: "LDAP://servername.dc1.com/CN=DemoUser1,OU=Users,OU=__DEV-Testing,DC=dc1,DC=com".

Using Get Entry activity: get Entry activities can be used in order to extract the needed entry paths from Active Directory. The steps below are describing a scenario of how to use both Get Entry and Edit Account Expires activity types:

• use another Get Entry activity to extract the User entry path:
  
  
  
  
• bind the obtained path (stored in a variable) to the User field from the Edit Account Status activity:
  
  

Edit Computer Account Status

This activity allows Enable/Disable for an Active Directory computer account.

Activity Parameters

The Edit Computer Account Status activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

• Action (combo box control) (type: string): choose to Enable/Disable the specified computer account.
• Entry (text box editor type) (type: string): the entry for the account, in this case the entry for a computer account. The entry can be linked to a variable outputed by the GetEntry activity (for GetEntry binding usage, see the Add Computer To Group activity) or written by hand. The accepted format should be written as in the given example: "LDAP://servername.dc1.com/CN=DemoComputer1,OU=Computers,OU=__DEV-Testing,DC=dc1,DC=com".

The Read Only Output variable are the possible output values that the activity will provide:

• Output Status (type: boolean): outputs the result status. If the operation succeeded then TRUE, otherwise FALSE.

Execution: the activity will search for the given computer entry and if it is a valid one, will perform the specified operation (disable or enable):

Edit Entry

This activity edits specified attribute(s) values of a specified input entry.

Activity Parameters

The Edit Entry activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

• Attribute (text box editor type) (type: string): the attribute for which the value(s) will be edited. Here should be inserted the name exactly as seen in Active Directory (e.g. displayName)
• Attributes (text box editor type) (type: string): the attributes as a collection for the AD entry that you want to edit. This parameter can be used in case of multiple attributes that will be edited. Attributes will be added as a list, with their Names and new Values
• CSV Attributes (text box editor type) (type: string): overrides the 'Attributes' parameter. The values must be entered with the format: "AttributeName1,Attribute1Value;Attribute2Name,Attribute2Value". This parameter can be used instead of the Attributes one if there is desired to write all attributes and their values as a single string
  
• Date Format (text box editor type) (type: string): if 'Value Type' is 'DateTime', enter the date format string. For example: dd.MM.yyyy; if no value is entered, the system defaults are used.
• Entry (text box editor type) (type: string): the entry for the account, in this case the entry for an user account. The entry can be linked to a variable outputed by the GetEntry activity (for GetEntry binding usage, see the Add Computer To Group activity) or written by hand. The accepted format should be written as in the given example: "LDAP://servername.dc1.com/CN=DemoUser1,OU=Users,OU=__DEV-Testing,DC=dc1,DC=com".
• Value Type (combo box control) (type: string): choose Data type for the edited value. In our example String will be needed
• Value(s) (text box editor type) (type: IEnumerable<string>): enter new value(s) for the attribute (the one provided in the Attribute field), separated by ','. Being of type IEnumerable<of string>, the value(s) should be written between {}
  
  • Examples of values:
    • simple string: {"Demo Test"}
    • multiple values: {"Demo Test","Demo Name","Demo Value"}
    • simple string with comma in it: {"Demo, Test"}
    • multiple values with comma inside of the string: {"Demo, Test","Demo, Name"","Demo, Value"}

Edit User Account Status

This activity allows Enable/Disable or Lock/Unlock for an Active Directory user account.

Activity Parameters

The Edit User Account Status activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

• Action (combo box control) (type: string): choose to Enable/Disable or Lock/Unlock the specified user account.
• Attempts (text box editor type) (type: string): the number of allowed bad password attempts.
• Entry (text box editor type) (type: string): the entry for the account, in this case the entry for an user account. The entry can be linked to a variable outputed by the GetEntry activity (for GetEntry binding usage, see the Add Computer To Group activity) or written by hand. The accepted format should be written as in the given example: "LDAP://servername.dc1.com/CN=DemoUser1,OU=Users,OU=__DEV-Testing,DC=dc1,DC=com".

The Read Only Output variable are the possible output values that the activity will provide:

• Output Status (type: boolean): outputs the result status. If the operation succeeded then TRUE, otherwise FALSE.
• Output Statusmessage (type: string): outputs the status message from the trackingdata about the change.

Execution: the activity will check the provided entry and if found, will perform the selected operation on it (enable, disable, lick, unlock):

Get Account Expires

This activity returns the value stored on the accountExpires attribute.

Activity Parameters

The Get Account Expires activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

• Entry (text box editor type) (type: string): the entry for the account, in this case the entry for an user account. The entry can be linked to a variable outputed by the GetEntry activity (for GetEntry binding usage, see the Add Computer To Group activity) or written by hand. The accepted format should be written as in the given example: "LDAP://servername.dc1.com/CN=DemoUser1,OU=Users,OU=__DEV-Testing,DC=dc1,DC=com".

The Read Only Output variable are the possible output values that the activity will provide:

• Output (type: string): outputs the value of the 'accountExpires' attribute as string.
• Output FileTime (type: Int64): outputs the value of the 'accountExpires' attribute converted to FileTime. In order to work with this output value the activity 'ConvertFileTimeToDateTime' can be used.

Get Entries by Filter

This activity retrieves a collection of Active Directory entries (paths) based on the input filters.

Activity Parameters

The Get Entries by Filter activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

• Filter By (combo box control) (type: string): the property name by which you want to filter the results (ex: name, sAMAccountName). Flowster Studio provides the following options:
  • sAMAccountName
  • Name
  • Display Name
  • OU
  • CN
  • Distinguished Name
• Filter Value (text box editor type) (type: string): the value (for the 'Filter by' parameter) by which you want to filter the results. If there is desired to be returned all the results, the leave the field empty (as seen in the screenshot above)
• Location (text box editor type) (type: string): the Active Directory path from where you want to retrieve the entries. The accepted format should be written as in the given example: "LDAP://servername.dc1.com/OU=Groups,OU=__DEV-Testing,DC=dc1,DC=com".
• Object Class (combo box control) (type: string): choose the class of the entries you want to retrieve. Flowster Studio provides the following options:
  • User
  • Group
  • Computer
  • OU
• Output Fields (text box editor type) (type: string): enter the names of the fields to be returned on the output. Multiple fields are allowed, split by ';'. For example: "sAMAccountName;name"

The Read Only Output variable are the possible output values that the activity will provide:

• Output (type: collection<collection<collection<string>>>): returns a collection of entries (their paths and attributes).To use the elements of the collection, use Get Element From Collection activity.
• Output Rows (type: int32): outputs the number of rows retrieved.

Execution: the activity will check the provided location path and if found, will return the objects stored within (groups, user, computers or OUs, depends on the used filter).

In order to extract the values from the output collection (in our case the output is a Collection(Of Collection(Of Collection(Of String))) ), several For Each and Get Element From Collection activities should be used:

The first For Each is used to extract a first collection from the output collection, the variable being of type Collection<Of Collection<Of Collection<Of String>>>. The extracted Collection<Of Collection<Of String>> will be assigned to the Iterator variable.

The second For Each is used to extract a second collection from the Iterator collection, the Iterator being of type Collection<Of Collection<Of String>>. The extracted Collection<<Of String> will be assigned to the Iterator1 variable.

The Get Element From Collection activity will take the Iterator1 as the Collection Input, extracting the String's value from it.

Get Entry

This activity gets specified entry from Active Directory.

Activity Parameters

The Get Entry activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

• Get Entry By (combo box control) (type: string): select the Active Directory attribute. Flowster Studio provides the following options:
  • sAMAccountName
  • Name
  • Display Name
  • Distinguished Name
  • OU
  • CN
• Value (text box editor type) (type: string): the value for selected attribute.

The Read Only Output variable are the possible output values that the activity will provide:

• Output (type: object): outputs entry object from Active Directory, in the System.DirectoryServices.DirectoryEntry format

• Output Entry Path : outputs the resulted entry path. This output will be used by the most of the Active Directory activities as an entry value:

Get Entry Attributes

This activity gets specified entry and retrieves a collection containing the attributes and their corresponding values.

Activity Parameters

The Get Entry Attributes activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

• Entry (text box editor type) (type: string):  the entry for the account, in this case the entry for an user account. The entry can be linked to a variable outputed by the GetEntry activity (for GetEntry binding usage, see the Add Computer To Group activity) or written by hand. The accepted format should be written as in the given example: "LDAP://servername.dc1.com/CN=DemoUser1,OU=Users,OU=__DEV-Testing,DC=dc1,DC=com"
• Selected Attribute (text box editor type) (type: string): specify an attribute for which you want a separate output. This parameter is used when it is desired for the activity to return only the value(s) for a single attribute (e.g. sAMAccountName)

The Read Only Output variable are the possible output values that the activity will provide:

• Output (Collection<Collection<String>>): outputs a collection of Groups and their AD paths.To use the elements of the collection, use Get Element From Collection activity.
• Output Rows Count: output Rows Count.
• Selected Attribute Multiple Output: outputs a collection of values of the specified 'Selected Attribute' parameter, for example for attribute 'objectClass'. To use the elements of the collection, use Get Element From Collection activity.
• Selected Attribute Single Output: outputs a single value (first) of the specified 'Selected Attribute' parameter.

Execution: the activity will check the provided entry path and if found, will return the values for all attributes (if the Selected Attribute field is empty) or just for a single attribute (if the Selected Attribute parameter contains a value):

In order to extract the values from the output collection (in our case the output is a Collection(Of Collection(Of String)) ), For Each and Get Element From Collection activities should be used:

The For Each is used to extract a single collection from the output collection, the output collection being of type Collection<Of Collection<Of String>>. The extracted Collection<<Of String> will be assigned to the Iterator variable.

The Get Element From Collection activity will take the Iterator as the Collection Input, extracting the String's value from it.

Get Password Expiration Date

This activity returns the password expiration date.

Activity Parameters

The Get Password Expiration Date activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

• Entry (text box editor type) (type: string): the entry for the account, in this case the entry for an user account. The entry can be linked to a variable outputed by the GetEntry (for GetEntry binding usage, see the Add Computer To Group activity) activity or written by hand. The accepted format should be written as in the given example: "LDAP://servername.dc1.com/CN=DemoUser1,OU=Users,OU=__DEV-Testing,DC=dc1,DC=com"

The Read Only Output variable are the possible output values that the activity will provide:

• Output Date (type: Nullable<DateTime>): outputs the expiration date for the specified period. If NULL is returned then the user password never expires. 
• Output Days (type: int32): outputs the number of days until/since the expiration date. If it is negative it means that the password is already expired.

Get Entry SID

This activity returns the SID object and a string equivalent of an AD Entry.

Activity Parameters

The Get Entry SID activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

• Entry (text box editor type) (type: string): the entry for the account, in this case the entry for an user account. The entry can be linked to a variable outputed by the GetEntry activity (for GetEntry binding usage, see the Add Computer To Group activity) or written by hand. The accepted format should be written as in the given example: "LDAP://servername.dc1.com/CN=Demouser1,OU=Users,OU=__DEV-Testing,DC=dc1,DC=com".

The Read Only Output variable are the possible output values that the activity will provide:

• SID (type: string): SID string of the specified AD Entry.
• SID Object (type: byte[ ]): an array of byte representing the SID Object.

Execution: the activity will check the provided entry path and if found, will return the SID object in object and string formats:

Get User Account Status

This activity returns information about an entry, regarding the account status,password,account expiration date, email.

Activity Parameters

The Get User Account Status activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

• Entry (text box editor type) (type: string): the entry for the account, in this case the entry for an user account. The entry can be linked to a variable outputed by the GetEntry activity (for GetEntry binding usage, see the Add Computer To Group activity) or written by hand. The accepted format should be written as in the given example: "LDAP://servername.dc1.com/CN=DemoUser1,OU=Users,OU=__DEV-Testing,DC=dc1,DC=com".

The Read Only Output variable are the possible output values that the activity will provide:

• Output (type: collection<string>): outputs a collection of attributes and their values for the specified entry.
• Output Status  (type: boolean): outputs the result status. If the operation succeeded then TRUE, otherwise FALSE.

Execution: the activity will retrieve all statuses for the given entry:

Get User Groups

This activity retrieves a collection containing the groups the user is a member of.

Activity Parameters

The Get User Groups activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

• Entry (text box editor type) (type: string): the entry for the account, in this case the entry for an user account. The entry can be linked to a variable outputed by the GetEntry activity (for GetEntry binding usage, see the Add Computer To Group activity) or written by hand. The accepted format should be written as in the given example: "LDAP://servername.dc1.com/CN=DemoUser1,OU=Users,OU=__DEV-Testing,DC=dc1,DC=com".

The Read Only Output variable are the possible output values that the activity will provide:

• Output  (type: collection<collection<string>>): outputs a collection of Groups and their AD paths. To use the elements of the collection, use Get Element From Collection activity.
• Output Rows Count (type: int32): outputs Rows Count of the returned values.

Get Users in Group

This activity retrieves a collection containing the users of a specified group.

Activity Parameters

The Get Users in Group activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

• Attributes (text box editor type) (type: string): the attributes to retrieve for found users, in addition to the 'Path' attribute, which is retrieved by default. The attributes must be separated by ','. For example: name,distinguishedName,sAMAccount.
• Group Name (text box editor type) (type: string): the group name. This value can be used when no path is given for the group
• Group Path (text box editor type) (type: string): the entry for the group. The entry can be linked to a variable outputed by the GetEntry activity (for GetEntry binding usage, see the Active Directory#Add Computer To Group activity) or written by hand. The accepted format should be written as in the given example: "LDAP://servername.dc1.com/CN=TestingGroup,OU=Groups,OU=__DEV-Testing,DC=dc1,DC=com".
  
  
  

The Read Only Output variable are the possible output values that the activity will provide:

• Output  (type: collection<collection<string>>): outputs a collection of Users and their AD paths.To use the elements of the collection, use Get Element From Collection activity.
• Output Rows Count  (type: int32): outputs Rows Count for retrieved users.

Execution: the activity will retrieve all the users which are members of the given group.

Group Exists

This activity checks in the Active Directory if specified group has an entry in 'Groups' class.

Activity Parameters

The Group Exists activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

• Check Entry By (text box editor type) (type: string): specify Active Directory attribute; default value is set to 'sAMAccountName'. There can also be used other attributes, like for example Name or displayName
• Value (text box editor type) (type: string): the value for selected attribute in Check Entry By parameter. Here can be provided the name of the group, for example, as seen in the screenshot

The Read Only Output variable are the possible output values that the activity will provide:

• Output  (type: boolean): outputs a boolean value to reflect if group exists or not in the specified AD path.

Is Member

This activity validates if user, group or computer-account is member of a specified Active Directory group.

Activity Parameters

The Is Member activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

• Entry Path (text box editor type) (type: string): the entry for the user. The entry can be linked to a variable outputed by the GetEntry activity (for GetEntry binding usage, see the Add Computer To Group activity) or written by hand. The accepted format should be written as in the given example: "LDAP://srvname.dc1.com/CN=DemoUser1,OU=Users,OU=__DEV-Testing,DC=dc1,DC=com".
• Group Path (text box editor type) (type: string): the entry for the group. The entry can be linked to a variable outputed by the GetEntry activity (for GetEntry binding usage, see the Add Computer To Group activity) or written by hand. The accepted format should be written as in the given example: "LDAP://srvname.dc1.com/CN=DemoGroup1,OU=Groups,OU=__DEV-Testing,DC=dc1,DC=com".

The Read Only Output variable are the possible output values that the activity will provide:

• Output  (type: boolean): outputs True if the Entry is member of the specified Group and False otherwise.

Move Entry

This activity moves a specified entry to a new location in Active Directory.

Activity Parameters

The Move Entry activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

• Entry (text box editor type) (type: string): the entry for the user. The entry can be linked to a variable outputed by the GetEntry activity (for GetEntry binding usage, see the Active Directory#Add Computer To Group activity) or written by hand. The accepted format should be written as in the given example: "LDAP://srvname.dc1.com/CN=Demouser1,OU=Users,OU=__DEV-Testing,DC=dc1,DC=com".
• Entry New Location (text box editor type) (type: string): the entry for the new location (in this example a group is given). The entry can be linked to a variable outputed by the GetEntry activity (for GetEntry binding usage, see the Add Computer To Group activity) or written by hand. The accepted format should be written as in the given example: "LDAP://srvname.dc1.com/OU=DemoUsers,DC=dc1,DC=com".

Remove Computer from Group

This activity removes specified computer from specified group.

Activity Parameters

The Remove Computer from Group activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

• Computer (text box editor type) (type: string): the entry for the computer. The entry can be linked to a variable outputed by the GetEntry activity (for GetEntry binding usage, see the Add Computer To Group activity) or written by hand. The accepted format should be written as in the given example: "LDAP://srvname.dc1.com/CN=DemoComputer1,OU=Computers,OU=__DEV-Testing,DC=dc1,DC=com".
• Group (text box editor type) (type: string): the entry for the group where the computer is a member of. The entry can be linked to a variable outputed by the GetEntry activity (for GetEntry binding usage, see the Add Computer To Group activity) or written by hand. The accepted format should be written as in the given example: "LDAP://srvname.dc1.com/CN=DemoGroups,OU=__DEV-Testing,DC=dc1,DC=com".

Remove Group from Group

This activity removes group from specified group.

Activity Parameters

The Remove Group from Group activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

• Group (text box editor type) (type: string): the entry path of the group where the other group is a member of, or bind this parameter with the output parameter of a Get Entry activity (for GetEntry binding usage, see the Add Computer To Group activity). If the Group Entry Path will be manually inserted, the accepted format should be written like in the following example: "LDAP://srvname.dc1.com/CN=DemoGroups,OU=__DEV-Testing,DC=dc1,DC=com".

• Group To Be Removed (text box editor type) (type: string): the entry path of the group that will be removed from the group, or bind this parameter with the output parameter of a Get Entry activity (for GetEntry binding usage, see the Add Computer To Group activity). If the Group Entry Path will be manually inserted, the accepted format should be written like in the following example: "LDAP://srvname.dc1.com/CN=DemoGroup1,OU=DemoGroups,OU=__DEV-Testing,DC=dc1,DC=com".

Execution: the activity will search if the provided entry paths are valid and if yes, it will remove the indicated group from the other group. The output will display both the groups AD paths and their DN (distinguished names)

Remove User from Group

This activity removes specified user from specified group.

Activity Parameters

The Remove User from Group activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

• Group (text box editor type) (type: string): the entry path of the group where the user is a member of, or bind this parameter with the output parameter of a Get Entry activity (for GetEntry binding usage, see the Add Computer To Group activity). If the Group Entry Path will be manually inserted, the accepted format should be written like in the following example: "LDAP://srvname.dc1.com/CN=DemoGroups,OU=Groups,OU=__DEV-Testing,DC=dc1,DC=com".

• User (text box editor type) (type: string): the entry path of the user that will be removed from the group, or bind this parameter with the output parameter of a Get Entry activity (for GetEntry binding usage, see the Add Computer To Group activity). If the Group Entry Path will be manually inserted, the accepted format should be written like in the following example: "LDAP://srvname.dc1.com/CN=DemoUser1,OU=Users,OU=__DEV-Testing,DC=dc1,DC=com".

Execution: the activity will search if the provided entry paths are valid and if yes, it will remove the indicated user from the other group. The output will display both the user and the group AD paths and their DN (distinguished names).

Rename Entry

This activity gives new value(s) to an AD attribute that needs to be renamed (for example, the name attribute needs a different method for assigning a new value that edit).

Activity Parameters

The Rename Entry activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

• Get Entry By (combo box control) (type: string): select the Active Directory attribute. Flowster Studio provides the following options:
  • sAMAccountName
  • Name
  • Display Name
  • Distinguished Name
  • OU
  • CN
• New Name (text box editor type) (type: string): the new value for selected attribute.
  
• Value (text box editor type) (type: string): the value for selected attribute. In this case, here can be inserted the old value for the selected attribute

The Read Only Output variable are the possible output values that the activity will provide:

• Output (type: object): outputs entry object from Active Directory, in the System.DirectoryServices.DirectoryEntry format

• Output Entry Path : outputs the resulted entry path. This output can be used by the most of the Active Directory activities as an entry value:

User Exists

This activity checks in the Active Directory if specified user has an entry in 'User' Class..

Activity Parameters

The User Exists activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

• Check Entry By (text box editor type) (type: string): specify Active Directory attribute; default value is set to 'sAMAccountName'.
• Value (text box editor type) (type: string): the value for selected attribute in Check Entry By parameter. In this case, the sAMAccountName of the user can be given. If displayName is selected in the Check Entry By field, then here the display name value will be inserted

The Read Only Output variable are the possible output values that the activity will provide:

• Output  (type: boolean): outputs a boolean value to reflect if user exists or not in the specified AD path.