Manage Active Directory

This action manages user and groups in Active Directory. You can use this action to manage Azure AD, SAM, AD DS and AD LDS/ADAM.

On premises, by default, the action is executed under the permissions of the currently logged in user and assumes Kerberos authentication and trust delegation between the front-end server and the directory server (domain controller in case of AD DS or any server running SAM/AD LDS/ADAM) will be required. You can also enable impersonation on the action to authenticate using the application pool account.

NOTE: all field values can use column value or expression to generate dynamic values at run-time.

1. Action type– type of action to perform
   1. Create user – creates a new user
   2. Update user - updates existing user
   3. Enable user – enables specified user
   4. Disable user – disables specified user
   5. Unlock user – unlocks locked specified user
   6. Reset password – changes specified user’s password
   7. Add to group – adds specified user to specified AD security group or distribution list
   8. Remove from group – removes specified user from specified AD security group or distribution list
   9. Create group – create AD security group or distribution list
   10. Delete group – deletes specified AD security group or distribution list
2.  Directory type– type of directory (does not apply to Office 365 app):
   1. SAM – local machine users
   2. Domain (AD DS) – Active Directory Domain Services
   3. Application Directory (AD LDS) – Active Directory Lightweight Directory Services
3. Directory name – distinguished name of domain or machine. If not provided, the domain of the currently user identity is used.
4. Organizational Unit – path to the target OU. If not provided, the default Users container is used. Does not apply to Office 365 app.
5. User name – user name for new or existing user to manage
6. Password – password for user creation or password reset
7. First name – given name for user creation
8. Last name – surname for user creation
9. Values to set – set values to additional properties when creating a user
10. Group name – group name for group creation or management
11. Group description – group description for group creation, optional
12. Group scope – scope of group, possible values include Local, Global or Universal. Global by default.
13. Is security group? – create security group or distribution list. Possible values include True and False (or any expression/column value returning Boolean data type). True by default. Does not apply to Office 365 app.

NOTE: In Office 365 app you can only manage the current Azure AD domain. You must be a Global Administrator and give consent to the app to manage Active Directory on your behalf. You provide consent in the pop-up message that will appear when you attempt to save the action.