Update!

This activity is now available on the Official Stable Feed:

Learn more about it here

As the next step in our IT Automation roadmap, we’re excited to announce our Active Directory Domain Services activities package is now available in public preview!

This next set of 30+ activities continues our journey to deliver activities that enable you to easily automate what we feel are the most critical IT actions, including the ability to create and update user accounts, manage group membership, AD object management, and access control and rights management in (RPA) workflows.

How to provide feedback

Have suggestions, questions, or issues? We want to hear it!

1. Simply go to the IT Automation category
2. And then click New Topic

Your feedback is instrumental as we plan our roadmap and future releases.

How to install

UiPath.ActiveDirectoryDomainServices.Activities package is available in Beta feed. Please follow the steps below to install the package in UiPath Studio:

• If you haven’t already, add the UiPath Beta feed to your Studio Manage Package window
• In the Beta feed, check ‘Include Prerelease’, search for “UiPath.ActiveDirectoryDomainServices.Activities”, and install the latest version.
  ** Important - We must reiterate, make sure you check the ‘Include Prerelease’ checkbox

The Active Directory Domain Services Activities should be visible now in UiPath Studio, as shown below:

image290×720 64.6 KB

Description

UiPath.ActiveDirectoryDomainServices.Activities package offers activities for Microsoft Active Directory Domain Services (AD DS).

Active Directory Domain Services provide a hierarchical data storage for objects in a network. This initial set of 35 activities enables you to easily automate important operations with Active Directory objects like users, groups, and computers.

Example Scenarios to Automate

These are some scenarios involving Active Directory Domain Services activities that can be automated via UiPath Studio processes with this Activity Pack:

Employees Onboarding

When a new employee is hired in a company, the HR department provides the input for a UiPath automation process which creates a corresponding new user account in Active Directory, generates a random password for it and sets it to expire after the first login, and adds the user account to a list of specified groups.

Employees Offboarding

When an employee leaves the company, the associated Active Directory user account is removed from the groups it belongs to and the user account is disabled.

Password Reset & User Account Unlock

These IT operations are happening daily in a company. Automating them will make the life of IT administrators easier. For example, employees can make requests to an IT Help Desk Chatbot which invokes a UiPath process to respond to their requests for password reset or user account unlock.

Active Directory Objects Management

Organize the Active Directory objects (users, computers, groups) by distributing them to specific Organizational Units based on the company’s policies, business rules.

Access Control & Rights Delegation

Manage access to miscellaneous resources via Active Directory group memberships.

Activities List

Common activities

Active Directory Scope – Connects to Active Directory and provides a scope for other Active Directory activities.
Get Object Distinguished Name – Retrieves the distinguished name of a given Active Directory object.
Get Objects by Filter – Retrieves the list of Active Directory objects based on an input filter.
Get Objects by LDAP Filter – Retrieves the list of Active Directory objects matching an LDAP (Lightweight Directory Access Protocol) filter.
Get Object Properties – Retrieves the properties of a given Active Directory object.
Update Object Properties – Updates the specified properties of an object.
Is Object Member Of Group – Checks whether a given object belongs to a group.
Move Object – Moves an object to a new location in Active Directory.

Users activities

Create User – Creates a new user account in Active Directory.
User Exists – Checks if a user account exists in Active Directory.
Delete User – Permanently deletes a user account from Active Directory.
Get User Status – Retrieves the lock and active status of a user account.
Set User Status – Sets the status of a user account.
Change User Password – Changes the password of a user account.
Get Password Expiration Date – Retrieves the password expiration date for the specified user.
Force Password Change – Forces the user to change password at the next login.
Get User Expiration Date – Retrieves the expiration date for a given user account.
Set User Expiration Date – Sets the expiration date for a given user account.
Add User to Group – Adds a user account to a group.
Remove User from Group – Removes a user account from a group.
Get User Groups – Retrieves the list of groups a user account is a member of.
Get Users in Group – Retrieves the list of user accounts belonging to the specified group.

Group activities

Create Group – Creates a new group in Active Directory.
Group Exists – Checks if a group exists in Active Directory.
Delete Group – Deletes a group from Active Directory.
Add Group to Group – Adds a group to another group.
Remove Group from Group – Removes a group from another group.

Computers activities

Create Computer – Creates a new computer in Active Directory.
Computer Exists – Checks if a computer exists in Active Directory.
Delete Computer – Deletes a computer from Active Directory.
Add Computer to Group – Adds a computer to the specified group.
Remove Computer from Group – Removes a computer from the specified group.
Get Computer Status – Retrieves the active status of a computer.
Set Computer Status – Sets the active status of a computer.
Join Computer to Domain – Adds a computer to the domain.
Unjoin Computer from Domain – Removes a computer from the domain.
Get Computers in Group – Retrieves the list of computers belonging to the specified group.

How to use

New Manager

A UiPath process that retrieves the list of all user accounts reporting to a former manager and replace her/him with a new manager. The process has two input parameters: FormerManager and NewManager . Their values shall be valid SAM Account Names.

NewManager.zip (13.1 KB)

Move Users to New Group

A UiPath process that moves a list of users from one AD group to another. The process has four input parameters: UserDepartment , UserTitle , GroupToLeave , and GroupToJoin . Example: UserDepartment = ”Development” , UserTitle = “senior” (i.e. the value of user account “title” attribute contains “senior”), GroupToLeave = “Developers” (group’s SAM Account Name), and GroupToJoin = “Senior Developers”.

MoveUsersToNewGroup.zip (13.4 KB)

Employees Onboarding

A UiPath workflow that processes an Excel file containing a list of new employees. For each employee it does the following:

• Creates and enables a new AD user account by setting the following attributes: givenName, sn, telephoneNumber, physicalDeliveryOfficeName, department, title, and manager .
• Forces the user to change password at the next login.
• Adds the user to the specified AD groups.

EmployeeOnboarding.zip (29.8 KB)

Employee Offboarding

A UiPath process that removes a specified user account from all the groups it belongs to and disables the account. The process has one input parameter called UserAccount . Its value shall be a valid SAM Account Name.

EmployeeOffboarding.zip (13.3 KB)

To exemplify, let’s go step by step through the process of creating the Employee Offboarding automation process:

1. Let’s start by creating two Assets in Orchestrator. They will be used later in Active Directory Scope activity:

• AD_Server – the domain controller server.
• AD_AdminCredentials – the AD administrator user credentials.

2. Open UiPath Studio and start a new project of type Process. Name it EmployeeOffboarding and set its description to “Removes a specified user account from all groups it belongs to and disables the account.”
   

   

   Step21163×657 35.6 KB

3. Add a new Sequence activity and retrieve the values of AD_Server and AD_AdminCredentials assets, using Get Asset and Get Credentials Orchestrator activities. The values of these assets are stored in adServer , adUsername , and adPassword variables.
   

   

   Step31551×888 82.4 KB

4. Now we need to add an Active Directory Scope activity and set the values for the required input parameters:

• ActiveDirectoryServer (String) - The domain controller server, i.e. adServer.
• Username (String) - The name of the user that will perform Active Directory operations, i.e. adUsername.
• Password (SecureString) - The password for the provided Username, i.e. adPassword.
  
  

  Step41546×894 80.7 KB

5. Let’s create an In Argument for our process called UserAccount . Its value represents the SAM Account Name (sAMAccountName attribute) of the user account associated with the employee leaving the company.

6. Now we need AD Get Object Distinguished Name activity in order to retrieve the distinguished name for the given UserAccount. The result is assigned to userDistinguishedName variable.
   

   

   Step61549×889 78.2 KB

7. Let’s use Get User Groups activity to retrieve the list of all groups the user account is member of. The result is a list of distinguished names and we store it in userGroups variable.
   

   

   Step71546×884 86.5 KB

8. Now we are going to remove the user account from each group in userGroups list. To achieve this, we need For Each and Remove User From Group activities.
   

   

   Step81540×1004 95 KB

9. Finally, we use Set User Status activity to disable the user account so the employee can no longer log on. Alternatively, you can use Delete User activity to permanently remove the user account from AD.
   

   

   Step91555×1004 94.2 KB

That’s all folks! You can run the process from UiPath Studio or publish it in Orchestrator and create a Job in order to execute it. Enjoy

This is really awesome…I was looking for the same a while ago and now I have it…These activities help developers and organisations a lot in simplifying their Employee service processes. Kudos to the UiPath product team for filling the most needed gap

Thank you for your kind words, Vinay
Enjoy and let me know your feedback!

7 posts were split to a new topic: IT Automation Samples and Learning

1. Can I get a password from a domain account?
2. Is it possible to get the date when the password was last changed?
3. To change the password for the user, do I need to know the password from the domain controller?

Can I download the activities and install it on my no-internet desktop? and what is the minimum requirement of UiPath studio? Mine is 2019.4.3.

Amazing

I’ve just returned from vacation, sorry you need to wait that long for an answer.

1. There is no activity which retrieves the password of a user account.
2. You can use Get Object Properties activity to return the value of “pwdLastSet” attribute.
3. In order to change the password for a user you need to have admin rights, i.e. you must provide the admin credentials to “Active Directory Scope” activity.

Thank you for your reply, ovidiuponoran. Can you give me the URL?

On a machine with UiPath Studio where you have Internet access, follow the steps described in “How to install” section in order to install the nuget package. Then, copy the local nuget package (.nupkg file) on the machine where you don’t have Internet access, in a “User defined package source” folder that you create in Manage Packages UI.

Hi @ovidiuponoran,
Excellent activities and your explanation with examples great .

Thank you
Balamurugan.S

Thanks for your feedback, @balupad14

What should i give as a input to location for new user creation?

@gharish23,

What should i give as a input to location for new user creation?

Hi @gharish23

Usually you shall provide for location the distinguished name of the Organizational Unit (OU) to which the user will belong to.

Is this still in Beta?

@rohangroombridge No, it is on Official since 27.08.2012. The latest version on the Official feed is now 1.0.2 from 04.11.2019.