We're looking to automate user creation in Active Directory, with more values than the OOB activity (flow designer, Microsoft AD spoke) allows. No problem, copied and edited the action and the underlying PowerShell script to match. Done and done.
But every account it creates is inactive, because I can't provide a Password2 object. More so - I have to use Workflow and not Flow Designer to do this. Hmmm. How do we proceed?
1) Go to the flow designer action and use 'Create Code Snippet". Copy that code to your clipboard.
2) Create a Run Script activity in your workflow, paste that code from your clipboard.
(function() {
try {
var inputs = {};
inputs['ah_first_name'] = workflow.scratchpad.firstName; // String
inputs['ah_last_name'] = workflow.scratchpad.lastName; // String
inputs['ah_display_name'] = workflow.scratchpad.displayName; // String
inputs['ah_email_address'] = workflow.scratchpad.emailAddress; // String
inputs['ah_homedirlocation'] = workflow.scratchpad.homeDirLocation; // String
inputs['ah_user_name'] = workflow.scratchpad.userID; // String
inputs['ah_description'] = workflow.scratchpad.description; // String
inputs['ah_department'] = workflow.scratchpad.department; // String
inputs['ah_street_address'] = workflow.scratchpad.street; // String
inputs['ah_city'] = workflow.scratchpad.city; // String
inputs['ah_state'] = workflow.scratchpad.state; // String
inputs['ah_postal_code'] = workflow.scratchpad.postal_code; // String
inputs['ah_country'] = workflow.scratchpad.country; // Choice
inputs['ah_path'] = "OU=NonEmployees,DC=FoxDen,DC=local"; // String
inputs['password'] = newPassword;// Password (2 Way Encrypted)
inputs['ah_manager'] = workflow.scratchpad.manager; // String
inputs['ah_accountexpirationdate'] = current.variables.account_expiration; // Basic Date/Time
// Start Asynchronously: Uncomment to run in background. Code snippet will not have access to outputs.
// sn_fd.FlowAPI.getRunner().action('sn_ad_spoke.create_cnb_user').inBackground().withInputs(inputs).run();
// Execute Synchronously: Run in foreground. Code snippet has access to outputs.
var result = sn_fd.FlowAPI.getRunner().action('sn_ad_spoke.create_cnb_user').inForeground().withInputs(inputs).run();
var outputs = result.getOutputs();
// Get Outputs:
// Note: outputs can only be retrieved when executing synchronously.
var Status = outputs['Status']; // Choice
//Log action status
workflow.info("Create user action status: " + Status);
var ErrorMessage = outputs['Error Message']; // String
// Log any Error messages
if (ErrorMessage != null) {
workflow.info("Error Message: " + ErrorMessage);
}
var UserGUID = outputs['User GUID']; // String
//Log the User GUID
workflow.info("New User GUID: " + UserGUID);
} catch (ex) {
var message = ex.getMessage();
gs.error(message);
}
})();3) Populate the variables with values from the RITM (current.variables.variableName) or your scratchpad (workflow.scratchpad.variableName).
But for the user account to be active, we have to provide a password value - and in my instance, a date value! So in the same Run Script activity, I've placed this code above the function:
var chars = "0123456789abcdefghijklmnopqrstuvwxyz!@#$%^&*()ABCDEFGHIJKLMNOPQRSTUVWXYZ";
var passwordLength = 15;
var plaintext = "";
for (var i = 0; i <= passwordLength; i++) {
var randomNumber = Math.floor(Math.random() * chars.length);
plaintext += chars.substring(randomNumber, randomNumber +1);
}
var encr = new GlideEncrypter();
//Write the clear text password to the scratchpad
workflow.scratchpad.clearText = plaintext;
// Log the clear-text password in the Workflow Log
workflow.info("Set the initial password as: " + plaintext);
//Encrypt the password - may not work w/ AD - and write the encrypted value to the scratchpad.
// This may ALSO not work because it may be stringified when being set to the scratchpad.
var newPassword = encr.encrypt(plaintext);Ideally, we've created an encrypted object, 'newPassword'. This part works just fine, here's a little screenshot from the workflow log:
Good and random. I also wanted to see what exactly the encrypted version looked like:
Hmmm. It's encrypted, so I guess it shouldn't look like anything understandable. But the variable 'newPassword' should be an encrypted object (even though the string we printed to the log isn't).
I have to assume that the date value we're passing from the catalog item is in a date format.
Everything (but the password part) works when we run this action in Flow Designer. User created with all of the attributes. I'm just struggling to create a Password2 type object in the Run Script action that I can pass into the Flow Designer action through the function. WHEW.
Allen - from the Flow designer action (excluding the password 2 variable because I'm not sure how to make it in there, either):
we successfully create user records with all of the defined variables (but the record is inactive because we didn't provide a password)
I think I'm looking at two issues:
1) launching the flow designer action from the run script
2) creating and passing a Password2 type object
