Creating User Account in AD From A Workflow

David Post
Kilo Expert

‎02-17-2022 12:02 PM

We're looking to automate user creation in Active Directory, with more values than the OOB activity (flow designer, Microsoft AD spoke) allows. No problem, copied and edited the action and the underlying PowerShell script to match. Done and done.

But every account it creates is inactive, because I can't provide a Password2 object. More so - I have to use Workflow and not Flow Designer to do this. Hmmm. How do we proceed?

1) Go to the flow designer action and use 'Create Code Snippet". Copy that code to your clipboard.

2) Create a Run Script activity in your workflow, paste that code from your clipboard.

(function() {
	
	try {
		var inputs = {};
		inputs['ah_first_name'] = workflow.scratchpad.firstName; // String 
		inputs['ah_last_name'] = workflow.scratchpad.lastName; // String 
		inputs['ah_display_name'] = workflow.scratchpad.displayName; // String 
		inputs['ah_email_address'] = workflow.scratchpad.emailAddress; // String 
		inputs['ah_homedirlocation'] = workflow.scratchpad.homeDirLocation; // String 
		inputs['ah_user_name'] = workflow.scratchpad.userID; // String 
		inputs['ah_description'] = workflow.scratchpad.description; // String 
		inputs['ah_department'] = workflow.scratchpad.department; // String 
		inputs['ah_street_address'] = workflow.scratchpad.street; // String 
		inputs['ah_city'] = workflow.scratchpad.city; // String 
		inputs['ah_state'] = workflow.scratchpad.state; // String 
		inputs['ah_postal_code'] = workflow.scratchpad.postal_code; // String 
		inputs['ah_country'] = workflow.scratchpad.country; // Choice 
		inputs['ah_path'] = "OU=NonEmployees,DC=FoxDen,DC=local"; // String 
		inputs['password'] = newPassword;// Password (2 Way Encrypted) 
		inputs['ah_manager'] = workflow.scratchpad.manager; // String 
		inputs['ah_accountexpirationdate'] = current.variables.account_expiration; // Basic Date/Time 

		// Start Asynchronously: Uncomment to run in background. Code snippet will not have access to outputs.
		// sn_fd.FlowAPI.getRunner().action('sn_ad_spoke.create_cnb_user').inBackground().withInputs(inputs).run();
				
		// Execute Synchronously: Run in foreground. Code snippet has access to outputs.
		var result = sn_fd.FlowAPI.getRunner().action('sn_ad_spoke.create_cnb_user').inForeground().withInputs(inputs).run();
		var outputs = result.getOutputs();

		// Get Outputs:
		// Note: outputs can only be retrieved when executing synchronously.
		var Status = outputs['Status']; // Choice
		//Log action status
		workflow.info("Create user action status: " + Status);
		var ErrorMessage = outputs['Error Message']; // String
		// Log any Error messages
		if (ErrorMessage != null) {
			workflow.info("Error Message: " + ErrorMessage);
		}
		var UserGUID = outputs['User GUID']; // String
		//Log the User GUID
		workflow.info("New User GUID: " + UserGUID);
		
	} catch (ex) {
		var message = ex.getMessage();
		gs.error(message);
	}
	
})();

3) Populate the variables with values from the RITM (current.variables.variableName) or your scratchpad (workflow.scratchpad.variableName).

 

But for the user account to be active, we have to provide a password value - and in my instance, a date value! So in the same Run Script activity, I've placed this code above the function:

  var chars = "0123456789abcdefghijklmnopqrstuvwxyz!@#$%^&*()ABCDEFGHIJKLMNOPQRSTUVWXYZ";
  var passwordLength = 15;
  var plaintext = "";
  
  for (var i = 0; i <= passwordLength; i++) {
   var randomNumber = Math.floor(Math.random() * chars.length);
   plaintext += chars.substring(randomNumber, randomNumber +1);
  }
  
  var encr = new GlideEncrypter();

//Write the clear text password to the scratchpad
workflow.scratchpad.clearText = plaintext;
// Log the clear-text password in the Workflow Log
workflow.info("Set the initial password as: " + plaintext);

//Encrypt the password - may not work w/ AD - and write the encrypted value to the scratchpad.
// This may ALSO not work because it may be stringified when being set to the scratchpad.
var newPassword = encr.encrypt(plaintext);

Ideally, we've created an encrypted object, 'newPassword'. This part works just fine, here's a little screenshot from the workflow log:

find_real_file.png

Good and random. I also wanted to see what exactly the encrypted version looked like:

find_real_file.png

Hmmm. It's encrypted, so I guess it shouldn't look like anything understandable. But the variable 'newPassword' should be an encrypted object (even though the string we printed to the log isn't).

I have to assume that the date value we're passing from the catalog item is in a date format.

Everything (but the password part) works when we run this action in Flow Designer. User created with all of the attributes. I'm just struggling to create a Password2 type object in the Run Script action that I can pass into the Flow Designer action through the function. WHEW.

Preview file
5 KB
Preview file
4 KB
Preview file
4 KB
0 Helpfuls
  • 2,709 Views
7 REPLIES 7

Allen Andreas
Administrator
Administrator
In response to David Post

‎02-18-2022 07:51 AM

Hello,

As I had mentioned above, it was recommended to conduct the password piece of this, within flow designer. I'm glad going that route worked for you.

It's not very clear from your post why you're using workflow in the first place. The way your post is written (see my comments on another post of yours about extra commentary, etc. that creates confusion and makes your post super long to read) -- it would have appeared you did so because of the password issue or something.

It would be beneficial to do all of this in flow designer, if you can.

Or, do what you need to do in workflow, and then the password piece in flow designer, and combine.

Please mark reply as Helpful/Correct, if applicable. Thanks!

 


Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!
0 Helpfuls

David Post
Kilo Expert
In response to Allen Andreas

‎02-17-2022 12:49 PM

Tried changing the encryption method from:

var encr = new GlideEncrypter();

//Write the clear text password to the scratchpad
workflow.scratchpad.clearText = plaintext;
// Log the clear-text password in the Workflow Log
workflow.info("Set the initial password as: " + plaintext);

//Encrypt the password - may not work w/ AD - and write the encrypted value to the scratchpad.
// This may ALSO not work because it may be stringified when being set to the scratchpad.
var newPassword = encr.encrypt(plaintext);

to use gs.base64Encode:

workflow.scratchpad.clearText = plaintext;
// Log the clear-text password in the Workflow Log
workflow.info("Set the initial password as: " + plaintext);

//Encrypt the password - may not work w/ AD - and write the encrypted value to the scratchpad.
// This may ALSO not work because it may be stringified when being set to the scratchpad.
	var newPassword = gs.base64Encode(plaintext);

and while the value now shows as undefined in the Log, the only value being returned is from the 'catch' portion of the script, "The current operation ended in state: ERROR"

0 Helpfuls

David Post
Kilo Expert

‎02-17-2022 12:25 PM

Oh, some verification that the Flow Designer action works (excluding the Password part):

I think I have two issues:
1) creating a valid Password2 type object to pass into the Password field, and

2) properly calling the Flow Designer Action from the Run Script activity.

0 Helpfuls