Split Permissions in Flow Designer

oliverstark · 14 hours ago

Hi everyone,

I am working on a Flow Designer process where I need to perform some Active Directory actions, but I do not have access to the Microsoft AD v2 Spoke.

Specifically, after an AD user is created, I need to:

Locate the user in Active Directory using their samAccountName
Move the user to a specific OU
Add the user to an AD security group (for M365 licensing)

I understand this should be possible by running a PowerShell script via a MID Server, but I am looking for guidance on the recommended and supported way to do this in Flow Designer, including:

Which Flow Designer action should be used to run PowerShell on a MID Server
How to pass inputs (for example samAccountName) from the flow into the script
How credentials should be handled for the AD service account

If anyone has implemented a similar pattern or can point me to the correct approach, examples, or documentation, it would be very helpful.

Thanks in advance.

Shreya Shah · an hour ago

hi @oliverstark -

1. With the new licensing for all products announced recently they come with Workflow Data Fabric included, you should figure out a way to get the Microsoft Active Directory v2 Spoke by talking to the platform owner if you have access to them or not.

2. Meanwhile, if you do not have access to it in production, you should have access to it in sub-prod without a license requirement. Take a look at how the actions are built in the spoke and the associated PowerShell script. Use them as inspiration for creating your own actions.

3. Alternate approach is to take a look at PowerShell Step, and use this step within your action to achieve the output. You can more details here.