This action manages user and groups in Active Directory. You can use this action to manage Azure AD, SAM, AD DS and AD LDS/ADAM.
On premises, by default, the action is executed under the permissions of the currently logged in user and assumes Kerberos authentication and trust delegation between the front-end server and the directory server (domain controller in case of AD DS or any server running SAM/AD LDS/ADAM) will be required. You can also enable impersonation on the action to authenticate using the application pool account.
NOTE: all field values can use column value or expression to generate dynamic values at run-time.
- Action type– type of action to perform
- Create user – creates a new user
- Update user - updates existing user
- Enable user – enables specified user
- Disable user – disables specified user
- Unlock user – unlocks locked specified user
- Reset password – changes specified user’s password
- Add to group – adds specified user to specified AD security group or distribution list
- Remove from group – removes specified user from specified AD security group or distribution list
- Create group – create AD security group or distribution list
- Delete group – deletes specified AD security group or distribution list
- Directory type– type of directory (does not apply to Office 365 app):
- SAM – local machine users
- Domain (AD DS) – Active Directory Domain Services
- Application Directory (AD LDS) – Active Directory Lightweight Directory Services
- Directory name – distinguished name of domain or machine. If not provided, the domain of the currently user identity is used.
- Organizational Unit – path to the target OU. If not provided, the default Users container is used. Does not apply to Office 365 app.
- User name – user name for new or existing user to manage
- Password – password for user creation or password reset
- First name – given name for user creation
- Last name – surname for user creation
- Values to set – set values to additional properties when creating a user
- Group name – group name for group creation or management
- Group description – group description for group creation, optional
- Group scope – scope of group, possible values include Local, Global or Universal. Global by default.
- Is security group? – create security group or distribution list. Possible values include True and False (or any expression/column value returning Boolean data type). True by default. Does not apply to Office 365 app.
NOTE: In Office 365 app you can only manage the current Azure AD domain. You must be a Global Administrator and give consent to the app to manage Active Directory on your behalf. You provide consent in the pop-up message that will appear when you attempt to save the action.