Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

Need workflow to automate kiosk user creation using PowerShell script in ServiceNow

raj12345
Tera Contributor

‎10-23-2025 06:54 AM

Need workflow to automate kiosk user creation using PowerShell script in ServiceNow

 

Body:

 

Hi everyone,

 

I’m working on a requirement to create and add a Kiosk user account for Thin Clients through a ServiceNow Catalog Item.

 

Here’s what I have so far:

 

The Catalog Task is named “Develop Catalog RITM task to run script to create and add a Kiosk user account for Thin Clients.”

 

The goal is to use a custom ServiceNow Workflow or Flow Designer that will trigger a PowerShell script to create these accounts automatically in Active Directory.

 

The user provides a Device Hostname (mandatory field), which will be used as the username (e.g., TC-123-Building).

 

The PowerShell script performs the following:

 

Creates a User AD object with details like SAMAccountName, DisplayName, UserPrincipalName, etc.

 

Adds the account to multiple AD groups (MWSGroup, Credant_EMS_ENABLED, Default SurfControl).

 

Creates the home directory and sets file screen, quota, etc.

 

Moves the computer account to a specific OU.

 

Logs all activities to a network path.

 

Now, I need to know the best approach to trigger or integrate this PowerShell script via ServiceNow — either:

 

Using Workflow / Flow Designer, or

 

Executing the PowerShell script via MID Server or Orchestration.

 

Has anyone implemented a similar setup or can share best practices for securely running PowerShell scripts from ServiceNow to manage AD accounts?

0 Helpfuls
  • 304 Views
1 REPLY 1

Hanna_G
Kilo Sage
Kilo Sage

‎10-23-2025 07:44 AM

Hi @raj12345 

 

Use Flow Designer on the RITM or its Catalog Task, and execute automation through a MID Server. Two options that I can think of:

Option A. IntegrationHub Spokes first (preferred)

  • Use the Active Directory spoke to:

    • Create user, set UPN/SAM, move to OU, add to groups.

  • Use the PowerShell step only for what AD Spoke cannot do (home folder, file screen, quota on the file server).

Option B. Pure PowerShell via MID

  • Install a Windows MID with the PowerShell capability.

  • In Flow Designer, add a PowerShell action that calls your script with inputs from the RITM (e.g. hostname as username).

  • Add pre-checks: does the user already exist, groups exist, path available, OU reachable. Make the flow retry/backoff.

Trigger and lifecycle

  • Start condition: on RITM approval or when the fulfilment task moves to Work in progress.

  • On success: update task, post log summary, set RITM to Closed Complete.

  • On failure: set task to On hold, attach the error output, notify the fulfiller.

Security and reliability

  • Run-as service account scoped to required AD/file server rights only.

  • Lock execution to allowed script paths on the MID, and whitelist target servers.

  • Add timeouts and error handling in the Flow.

Here are some useful docs: 
Product Documentation | ServiceNow
Product Documentation | ServiceNow