As the next step in our IT Automation roadmap, we’re excited to announce our Active Directory Domain Services activities package is now available in public preview!
This next set of 30+ activities continues our journey to deliver activities that enable you to easily automate what we feel are the most critical IT actions, including the ability to create and update user accounts, manage group membership, AD object management, and access control and rights management in (RPA) workflows.
Have suggestions, questions, or issues? We want to hear it!
- Simply go to the IT Automation category
- And then click New Topic
Your feedback is instrumental as we plan our roadmap and future releases.
UiPath.ActiveDirectoryDomainServices.Activities package is available in Beta feed. Please follow the steps below to install the package in UiPath Studio:
- If you haven’t already, add the UiPath Beta feed to your Studio Manage Package window
- In the Beta feed, check ‘Include Prerelease’, search for “UiPath.ActiveDirectoryDomainServices.Activities”, and install the latest version.
** Important - We must reiterate, make sure you check the ‘Include Prerelease’ checkbox
The Active Directory Domain Services Activities should be visible now in UiPath Studio, as shown below:
UiPath.ActiveDirectoryDomainServices.Activities package offers activities for Microsoft Active Directory Domain Services (AD DS).
Active Directory Domain Services provide a hierarchical data storage for objects in a network. This initial set of 35 activities enables you to easily automate important operations with Active Directory objects like users, groups, and computers.
These are some scenarios involving Active Directory Domain Services activities that can be automated via UiPath Studio processes with this Activity Pack:
When a new employee is hired in a company, the HR department provides the input for a UiPath automation process which creates a corresponding new user account in Active Directory, generates a random password for it and sets it to expire after the first login, and adds the user account to a list of specified groups.
When an employee leaves the company, the associated Active Directory user account is removed from the groups it belongs to and the user account is disabled.
Password Reset & User Account Unlock
These IT operations are happening daily in a company. Automating them will make the life of IT administrators easier. For example, employees can make requests to an IT Help Desk Chatbot which invokes a UiPath process to respond to their requests for password reset or user account unlock.
Active Directory Objects Management
Organize the Active Directory objects (users, computers, groups) by distributing them to specific Organizational Units based on the company’s policies, business rules.
Access Control & Rights Delegation
Manage access to miscellaneous resources via Active Directory group memberships.
Active Directory Scope – Connects to Active Directory and provides a scope for other Active Directory activities.
Get Object Distinguished Name – Retrieves the distinguished name of a given Active Directory object.
Get Objects by Filter – Retrieves the list of Active Directory objects based on an input filter.
Get Objects by LDAP Filter – Retrieves the list of Active Directory objects matching an LDAP (Lightweight Directory Access Protocol) filter.
Get Object Properties – Retrieves the properties of a given Active Directory object.
Update Object Properties – Updates the specified properties of an object.
Is Object Member Of Group – Checks whether a given object belongs to a group.
Move Object – Moves an object to a new location in Active Directory.
Create User – Creates a new user account in Active Directory.
User Exists – Checks if a user account exists in Active Directory.
Delete User – Permanently deletes a user account from Active Directory.
Get User Status – Retrieves the lock and active status of a user account.
Set User Status – Sets the status of a user account.
Change User Password – Changes the password of a user account.
Get Password Expiration Date – Retrieves the password expiration date for the specified user.
Force Password Change – Forces the user to change password at the next login.
Get User Expiration Date – Retrieves the expiration date for a given user account.
Set User Expiration Date – Sets the expiration date for a given user account.
Add User to Group – Adds a user account to a group.
Remove User from Group – Removes a user account from a group.
Get User Groups – Retrieves the list of groups a user account is a member of.
Get Users in Group – Retrieves the list of user accounts belonging to the specified group.
Create Group – Creates a new group in Active Directory.
Group Exists – Checks if a group exists in Active Directory.
Delete Group – Deletes a group from Active Directory.
Add Group to Group – Adds a group to another group.
Remove Group from Group – Removes a group from another group.
Create Computer – Creates a new computer in Active Directory.
Computer Exists – Checks if a computer exists in Active Directory.
Delete Computer – Deletes a computer from Active Directory.
Add Computer to Group – Adds a computer to the specified group.
Remove Computer from Group – Removes a computer from the specified group.
Get Computer Status – Retrieves the active status of a computer.
Set Computer Status – Sets the active status of a computer.
Join Computer to Domain – Adds a computer to the domain.
Unjoin Computer from Domain – Removes a computer from the domain.
Get Computers in Group – Retrieves the list of computers belonging to the specified group.
A UiPath process that retrieves the list of all user accounts reporting to a former manager and replace her/him with a new manager. The process has two input parameters: FormerManager and NewManager . Their values shall be valid SAM Account Names.
NewManager.zip (13.1 KB)
A UiPath process that moves a list of users from one AD group to another. The process has four input parameters: UserDepartment , UserTitle , GroupToLeave , and GroupToJoin . Example: UserDepartment = ”Development” , UserTitle = “senior” (i.e. the value of user account “title” attribute contains “senior”), GroupToLeave = “Developers” (group’s SAM Account Name), and GroupToJoin = “Senior Developers”.
MoveUsersToNewGroup.zip (13.4 KB)
A UiPath workflow that processes an Excel file containing a list of new employees. For each employee it does the following:
- Creates and enables a new AD user account by setting the following attributes: givenName, sn, telephoneNumber, physicalDeliveryOfficeName, department, title, and manager .
- Forces the user to change password at the next login.
- Adds the user to the specified AD groups.
EmployeeOnboarding.zip (29.8 KB)
A UiPath process that removes a specified user account from all the groups it belongs to and disables the account. The process has one input parameter called UserAccount . Its value shall be a valid SAM Account Name.
EmployeeOffboarding.zip (13.3 KB)
To exemplify, let’s go step by step through the process of creating the Employee Offboarding automation process:
- Let’s start by creating two Assets in Orchestrator. They will be used later in Active Directory Scope activity:
- AD_Server – the domain controller server.
- AD_AdminCredentials – the AD administrator user credentials.
Open UiPath Studio and start a new project of type Process. Name it EmployeeOffboarding and set its description to “Removes a specified user account from all groups it belongs to and disables the account.”
Add a new Sequence activity and retrieve the values of AD_Server and AD_AdminCredentials assets, using Get Asset and Get Credentials Orchestrator activities. The values of these assets are stored in adServer , adUsername , and adPassword variables.
Now we need to add an Active Directory Scope activity and set the values for the required input parameters:
- ActiveDirectoryServer (String) - The domain controller server, i.e. adServer.
- Username (String) - The name of the user that will perform Active Directory operations, i.e. adUsername.
Password (SecureString) - The password for the provided Username, i.e. adPassword.
Let’s create an In Argument for our process called UserAccount . Its value represents the SAM Account Name (sAMAccountName attribute) of the user account associated with the employee leaving the company.
Now we need AD Get Object Distinguished Name activity in order to retrieve the distinguished name for the given UserAccount. The result is assigned to userDistinguishedName variable.
Let’s use Get User Groups activity to retrieve the list of all groups the user account is member of. The result is a list of distinguished names and we store it in userGroups variable.
Now we are going to remove the user account from each group in userGroups list. To achieve this, we need For Each and Remove User From Group activities.
Finally, we use Set User Status activity to disable the user account so the employee can no longer log on. Alternatively, you can use Delete User activity to permanently remove the user account from AD.
That’s all folks! You can run the process from UiPath Studio or publish it in Orchestrator and create a Job in order to execute it. Enjoy