This article provides information on how to use the out-of-the-box task library components within MSPComplete.
Tasks
- Add/Remove Users From Groups
- Copy User Group Memberships
- Create Distribution Groups
- Create Security Groups
- Create Users
- Delete Groups
- Delete Users
- Enable/Disable User Accounts
- Import Users Into MSPComplete via specified server
- Move Users
- Update Users' Attributes via User Identity
- Wait For Group Azure AD Replication
- Wait For Users To Replicate To Azure AD
Add/Remove Users From Groups
Adds or removes users from groups in the Active Directory.
Inputs
Usage option 1: Add or remove a user from one or more groups
-
Users
A single MSPComplete end-user object is required.
This is the user in Active Directory who will be added or removed from the groups.
The user object is required to have an 'OnPremisesSecurityIdentifier' extended property, which corresponds to the 'objectSID' or 'SID' property on the Active Directory user.
-
GroupIdentities
One or more strings separated by a newline, are required.
This identifies the groups which the user will be added/removed from.
The identity of the group can be:
-
A distinguished name
-
A GUID (the objectGUID property)
-
A security identifier (the objectSid property)
-
A SAM account name (the sAMAccountName property)
-
-
AddOrRemoveUser
A single string, required, valid values are 'add' and 'remove' (case-insensitive).
This specifies if the user will be added or removed from all of the groups.
Usage option 2: Add or remove one or more users from one group
-
Users
One or more MSPComplete end-user objects are required.
These are the users in Active Directory who will be added or removed from the groups.
The user objects are required to have an 'OnPremisesSecurityIdentifier' extended property, which corresponds to the 'objectSID' or 'SID' property on the Active Directory user.
-
GroupIdentities
A single string is required.
This identifies the group which the users will be added/removed from.
The identity of the group can be:
-
A distinguished name
-
A GUID (the objectGUID property)
-
A security identifier (the objectSid property)
-
A SAM account name (the sAMAccountName property)
-
-
AddOrRemoveUser
A single string, required, valid values are 'add' and 'remove' (case-insensitive).
This specifies if the users will be added or removed from the group.
Usage option 3: Add or remove users from groups
-
UsersCsv
A CSV string containing information about the users to be added/removed from groups.
Required columns:
- UserIdentity
A single string.
This identifies the user who will be added/removed from the group.
The identity of the user can be:
-
A distinguished name
-
A GUID (the objectGUID property)
-
A security identifier (the objectSid property)
-
A SAM account name (the sAMAccountName property)
-
- GroupIdentity
A single string.
This identifies the group which the user will be added/removed from.
The identity of the group can be:
-
A distinguished name
-
A GUID (the objectGUID property)
-
A security identifier (the objectSid property)
-
A SAM account name (the sAMAccountName property)
-
-
AddOrRemoveUser
A single string, required, valid values are 'add' and 'remove' (case-insensitive).
This specifies if the user will be added or removed from the group.
- UserIdentity
Outputs
-
ActiveDirectoryAddRemoveUsersFromGroupsCsv
A CSV string containing information about the users who were added/removed from the groups, as well as an additional column 'MembershipUpdated' to indicate if the users were successfully added/removed from the groups.
-
ActiveDirectoryAddRemoveUsersFromGroupsErrorMessages
A string containing all the error messages that were generated for this task.
Version: 2.0.2
Date: 9 April 2019
Copy User Group Memberships
Copies an Active Directory user's group memberships to other Active Directory users
The copied group memberships will be in addition to any existing memberships the other user may already have.
For example, copying group memberships from user 1 to user 2 will not remove any of user 2's existing group memberships.
Inputs
Usage option 1: Copy a user's group memberships to other users
-
ReferenceUser - required
A single MSPComplete end-user object.
The user will be used as the reference for group memberships.
If more than one end-user object is provided, only the first one will be used.
-
TargetUsers - required
One or more MSPComplete end-user objects.
The users will receive the same group memberships as the reference users.
Usage option 2: Copy users' group memberships to other users
-
UsersCsv - required
A CSV string containing the information about the reference and target users for copying the group memberships.
Required columns:
-
ReferenceUserIdentity
A single string.
The identity of the user is used as the reference for group memberships.
-
TargetUserIdentity
A single string.
The identity of the user who will receive the copy of the group memberships.
-
Outputs
-
ActiveDirectoryCopyUserGroupMembershipsCsv
A CSV string containing the information about the reference and target users for copying the group memberships.
It contains an additional column 'CopiedGroupMemberships' which indicates if the group memberships were copied successfully from the reference to the target user.
-
ActiveDirectoryCopyUserGroupMembershipsErrorMessages
A string containing the error messages that were generated for the task.
Version: 1.0.0
Date: 2 May 2019
Create Distribution Groups
Creates distribution groups in Active Directory
Inputs
Usage option 1: Create a distribution group
-
DisplayName - required
A single string.
The display name of the group which will be created.
-
Scope - required
A single string.
The scope of the group.
Valid values are 'DomainLocal', 'Global', and 'Universal'.
-
Description - optional
A single string.
The description of the group.
-
Email - optional
A single string.
The email address of the group.
-
Owner - optional
A single string.
The user or group that will manage this new group.
Possible identifiers are:
-
A distinguished name.
-
A GUID (the objectGUID property).
-
A security identifier (the objectSid property)
-
A SAM account name (the sAMAccountName property)
-
-
Path - Optional
A single string.
The path of the Organizational Unit or container where the group will be created.
Usage option 2: Create multiple distribution groups specified by a CSV string
-
DistributionGroupsCsv
A CSV string containing information about the distribution groups will be created.
Required columns:
-
DisplayName
A single string.
The display name of the group which will be created.
-
Scope
The scope of the group.
Valid values are 'DomainLocal', 'Global', and 'Universal'.
Optional columns:
-
Description
A single string.
The description of the group.
-
Email
A single string.
The email address of the group.
-
Owner
A single string.
The user or group that will manage this new group.
Possible identifiers are:
-
A distinguished name.
-
A GUID (the objectGUID property).
-
A security identifier (the objectSid property)
-
A SAM account name (the sAMAccountName property)
-
-
Path
A single string.
The path of the Organizational Unit or container where the group will be created.
-
Outputs
-
ActiveDirectoryCreateDistributionGroupsCsv
A CSV string containing information about the distribution groups that were created, as well as an additional column 'CreatedDistributionGroup' to indicate if the group was created successfully.
-
ActiveDirectoryCreateDistributionGroupsErrorMessages
A string containing the error messages is generated over the course of the task.
Version: 1.0.0
Date: 3 April 2019
Create Security Groups
Creates security groups in Active Directory
Inputs
Usage option 1: Create a security group
-
DisplayName - required
A single string.
The display name of the group which will be created.
-
Scope - required
A single string.
The scope of the group.
Valid values are 'DomainLocal', 'Global' and 'Universal'.
-
Description - optional
A single string.
The description of the group.
-
Email - optional
A single string.
The email address of the group.
-
Owner - optional
A single string.
The user or group which will manage this new group.
Possible identifiers are:
-
A distinguished name
-
A GUID (the objectGUID property)
-
A security identifier (the objectSid property)
-
A SAM account name (the sAMAccountName property)
-
-
Path - Optional
A single string.
The path of the Organizational Unit or container where the group will be created.
Usage option 2: Create multiple security groups specified by a CSV string
-
SecurityGroupsCsv
A CSV string containing information about the security groups will be created.
Required columns:
-
DisplayName
A single string.
The display name of the group which will be created.
-
Scope
The scope of the group.
Valid values are 'DomainLocal', 'Global', and 'Universal'.
Optional columns:
-
Description
A single string.
The description of the group.
-
Email
A single string.
The email address of the group.
-
Owner
A single string.
The user or group that will manage this new group.
Possible identifiers are:
-
A distinguished name
-
A GUID (the objectGUID property)
-
A security identifier (the objectSid property)
-
A SAM account name (the sAMAccountName property)
-
-
Path
A single string.
The path of the Organizational Unit or container where the group will be created.
-
Outputs
-
ActiveDirectoryCreateSecurityGroupsCsv
A CSV string containing information about the security groups that were created, as well as an additional column 'CreatedSecurityGroup' to indicate if the group was created successfully.
-
ActiveDirectoryCreateSecurityGroupsErrorMessages
A string containing the error messages is generated over the course of the task.
Version: 1.0.0
Date: 9 April 2019
Create Users
Creates users in Active Directory.
Several user properties can also be set for the user while creating it:
- Display name
- User principal name
- Password
- First name
- Initials
- Last name
- Email address
- Department
- Path
- Logon script path
- Change password at logon
Inputs
Usage option 1: Create a user in Active Directory
-
DisplayName - required
A single string.
This is the display name for the new user.
-
UserPrincipalName - required
A single string.
This is the user principal name for the new user.
-
Password - required
A single string.
This is the password for the new user.
-
FirstName - optional
A single string.
This is the first name for the new user.
-
Initials - optional
A single string.
This is the initials or middle name for the new user.
-
LastName - optional
A single string.
This is the last name for the new user.
-
EmailAddress - optional
A single string.
This is the email address for the new user.
-
Department - optional
A single string.
This is the department for the new user.
-
Path - optional
A single string.
This is the path of the Organizational Unit or container for the new user.
-
LogonScriptPath - optional
A single string.
This is the path to the user's logon script.
This value can either be a local absolute path or a Universal Naming Convention (UNC) path.
-
ChangePasswordAtLogon - optional
A single boolean variable.
This indicates whether the user password must be changed on the next login attempt.
Defaults to true.
Usage option 2: Create users in Active Directory
-
UsersCsv - required
A CSV string containing the information used to create the users.
-
Required columns:
-
DisplayName - required
A single string.
This is the display name for the new user.
-
UserPrincipalName - required
A single string.
This is the user principal name for the new user.
-
-
Optional columns:
-
FirstName - optional
A single string.
This is the first name for the new user.
-
Initials - optional
A single string.
This is the initials or middle name of the new user.
-
LastName - optional
A single string.
This is the last name for the new user.
-
EmailAddress - optional
A single string.
This is the email address for the new user.
-
Password - optional
A single string.
This is the password for the new user.
-
Department - optional
A single string.
This is the department for the new user.
-
Path - optional
A single string.
This is the path of the Organizational Unit or container for the new user.
-
LogonScriptPath - optional
A single string.
This is the path to the user's logon script.
This value can either be a local absolute path or a Universal Naming Convention (UNC) path.
-
ChangePasswordAtLogon - optional
A single string.
This indicates whether the user password must be changed on the next logon attempt.
Valid values are 'true' and 'false' (case insensitive)
Defaults to 'true'.
-
-
Outputs
-
ActiveDirectoryCreateUsersCsv
A CSV containing information about the users that were created, as well as additional columns 'UserCreated' to indicate if the user creation was successful, and 'UserObjectGuid' which is the ObjectGUID property of the created user.
-
ActiveDirectoryCreateUsersErrorMessages
A string containing all the error messages generated over the course of this task.
Version: 1.1.1
Date: 15 April 2019
Delete Groups
Deletes groups in Active Directory
Inputs
Usage option 1: Delete groups using a list of group identities
-
Identities - required
One or more strings are separated by a new line.
The identities of the groups are to be deleted.
Possible values for the identity are:
-
A distinguished name
-
A GUID (the objectGUID property)
-
A security identifier (the objectSid property)
-
A SAM account name (the sAMAccountName property)
-
Usage option 2: Delete groups using information in a CSV string
-
GroupsCsv - required
A CSV string containing the information about the groups to delete.
Required columns:
Identity
A single string.
The identity of the group is to be deleted.
Possible values for the identity are:
-
A distinguished name
-
A GUID (the objectGUID property)
-
A security identifier (the objectSid property)
-
A SAM account name (the sAMAccountName property)
-
Outputs
-
ActiveDirectoryDeleteGroupsCsv
A CSV string containing information about the groups that were deleted, as well as an additional column 'DeletedGroup' to indicate if the group was deleted successfully.
-
ActiveDirectoryDeleteGroupsErrorMessages
A string containing the error messages is generated over the course of the task.
Version: 1.0.0
Date: 4 April 2019
Delete Users
Deletes one or more users in the Active Directory
Inputs
-
Users
One or more MSPComplete end-user objects are required.
These users will be deleted from Active Directory.
The user objects need to have an 'OnPremisesSecurityIdentifier' extended property, which corresponds to the 'objectSID' or 'SID' property on the Active Directory user.
Outputs
-
ActiveDirectoryDeleteUsersErrorMessages
A string containing the error messages that were generated over the course of the task.
Version: 1.0.1
Date: 14 March 2019
Enable/Disable User Accounts
Enables or disables one or more user accounts in Active Directory
Inputs
Usage option 1: enables or disables one or more user accounts in Active Directory
-
Users
One or more MSPComplete end-user objects are required.
The user objects need to have an 'OnPremisesSecurityIdentifier' extended property, which is the users' identities in the Active Directory.
-
EnableOrDisableAccount
A single string, required, valid values are 'enable' and 'disable' (case-insensitive).
This specifies if the user will be enabled or disabled.
Usage option 2: enables or disables one or more user accounts in Active Directory via CSV
-
UsersCsv
A CSV string containing information about the users to enable or disable.
Required columns:
-
Identity
A single string.
This identifies the user which will be enabled or disabled.
The identity of the user can be:
-
A distinguished name
-
A GUID (the objectGUID property)
-
A security identifier (the objectSid property)
-
A SAM account name (the sAMAccountName property)
-
-
EnableOrDisableAccount
A single string, required, valid values are 'enable' and 'disable' (case-insensitive).
This specifies if the user will be enabled or disabled.
-
Outputs
-
ActiveDirectoryEnableDisableUserAccountsCsv
A CSV string containing information about the users who were enabled or disabled, as well as an additional column 'UserUpdated' to indicate if the users were successfully enabled or disabled.
-
ActiveDirectoryEnableDisableUserAccountsErrorMessages
A string containing all the error messages that were generated over the course of this task.
Version: 1.0.1
Date: 14 March 2019
Import Users Into MSPComplete via a specified server
Imports all users from Active Directory into MSPComplete.
The users will be imported into the current MSPComplete customer in context.
Inputs
-
Filter - optional
A single string.
This filter will select which of the users retrieved from Active Directory will be imported into MSPComplete. Defaults to "*".
For more information on how to use this, type "Get-Help about_ActiveDirectory_Filter" or see https://docs.microsoft.com/en-us/powershell/module/addsadministration/get-aduser?view=win10-ps.
-
Server - optional
A single string.
This is the server to execute the AD command on. If no server is provided, it will execute the command on the default server.
-
CreateUsers - optional
A single boolean value.
Selects whether a user should be created in MSPComplete if it does not exist in MSPComplete, but if it exists in Active Directory. Defaults to true.
-
UpdateUsers - optional
A single boolean value.
Selects whether a user should be updated in MSPComplete to match the user in Active Directory if it exists in both MSPComplete and Active Directory. Defaults to true.
-
DeleteUsers - optional
A single boolean value.
Selects whether users should be deleted from MSPComplete if it exists in MSPComplete, but not in Active Directory. Defaults to false.
Outputs
-
ActiveDirectoryImportUsersIntoMSPCompleteErrorMessages
A string containing the error messages that were generated over the course of this task.
Version: 2.0.0
Date: 18 June 2019
Move Users
Moves Active Directory users to different containers or domains
Inputs
Usage option 1: Move users to a container or domain
-
Users
One or more MSPComplete end-user objects are required.
The users will be moved to the specified container or domain.
The user objects need to have an 'OnPremisesSecurityIdentifier' extended property, which corresponds to the 'objectSID' or 'SID' property on the Active Directory user.
-
TargetPath
A single string.
The path to the target container or domain where the users will be moved.
Usage option 2: Move users to different containers or domains using an input CSV string
-
UsersCsv
A CSV string containing the information about the users to be moved.
Required columns:
-
Identity
A single string.
This identifies the user which will be moved.
The identity of the user can be:
-
A distinguished name
-
A GUID (the objectGUID property)
-
A security identifier (the objectSid property)
-
A SAM account name (the sAMAccountName property)
-
-
TargetPath
A single string.
The path to the target container or domain where the user will be moved.
-
Outputs
-
ActiveDirectoryMoveUsersCsv
A CSV string containing the information about the users who were moved.
The additional column 'MoveUsersOperationApplied' indicates if the action to move the user was successfully executed by this task.
The additional column 'MoveUsersStateAchieved' indicates if, at the end of the task, the user was moved.
The additional column 'MoveUsersMessages' contains the warning and/or error messages that were generated while moving the user.
-
ActiveDirectoryMoveUsersErrorMessages
A string containing all the error messages that were generated over the course of this task.
Version: 1.0.0
Date: 29 May 2019
Update Users' Attributes via User Identity
Updates attributes within users in Active Directory.
This task is able to:
- Add values to existing user attributes
- Clear existing user attribute values
- Remove values from user attributes
- Replace the existing set of user attribute values with new values
Inputs
Usage option 1: Update an attribute within a user
-
User
A single MSPComplete end-user object is required.
This is the user in Active Directory who will receive the attribute update.
The user object is required to have an 'OnPremisesSecurityIdentifier' extended property, which corresponds to the 'objectSID' or 'SID' property on the Active Directory user.
-
AttributeName
A single string is required.
This specifies the name of the attribute to be updated within the user.
-
AttributeValues
One or more strings separated by a newline are required.
This specifies the values which are used to update the user attribute.
This is optional if the value for Action is 'Clear'.
-
Action
A single string is required.
Valid values are 'Add', 'Clear', 'Remove', and 'Replace'.
-
Add: Adds the values specified in AttributeValues to the existing attribute values.
-
Clear: Clears the existing attribute values.
-
Remove: Remove the values specified in AttributeValues from the existing attribute values.
-
Replace: Replace the existing attribute values with the values specified in AttributeValues.
-
Usage option 2: Update attributes within users via CSV
-
AttributesCsv
Required columns:
-
UserIdentity
A single string is required.
This identifies the user in the Active Directory. The identity can be
-
A distinguished name
-
A GUID (objectGUID)
-
A security identifier (objectSid)
-
A SAM account name (sAMAccountName)
-
-
AttributeName
A single string is required.
This specifies the name of the attribute to be updated within the user.
-
AttributeValues
One or more strings separated by a comma and enclosed in double quotes are required.
Example: "value1,value2"
This specifies the values which are used to update the user attribute.
This is optional if the value for Action is 'Clear'.
-
Action
A single string is required.
Valid values are 'Add', 'Clear', 'Remove', and 'Replace'.
-
Add: Adds the values specified in AttributeValues to the existing attribute values.
-
Clear: Clears the existing attribute values.
-
Remove: Remove the values specified in AttributeValues from the existing attribute values.
-
Replace: Replace the existing attribute values with the values specified in AttributeValues
-
-
Outputs
-
ActiveDirectoryUpdateUsersAttributesCsv
A CSV string containing information about the user attributes that were updated, as well as an additional column 'AttributeUpdated' to indicate if the attribute was updated successfully.
-
ActiveDirectoryUpdateUsersAttributesErrorMessages
A string containing all the error messages that were generated over the course of this task.
Version: 2.0.1
Date: 14 March 2019
Wait For Group Azure AD Replication
Waits for an Active Directory group to be replicated to Azure AD
Inputs
-
Office365AdministrativeCredentials
An MSPComplete endpoint object containing the Office 365 administrative credentials, is required.
-
Identity
A single string is required.
This specifies the group that is currently being waited upon for replication.
The identity of the group can be:
-
A distinguished name
-
A GUID (the objectGUID property)
-
A security identifier (the objectSid property)
-
A SAM account name (the sAMAccountName property)
-
-
MaximumWaitTimeMinutes
A single string, optional, defaults to "15"
This specifies the maximum amount of time this task will wait for the group to be replicated, in minutes.
Outputs
-
None
Version: 1.0.2
Date: 14 March 2019
Wait for Users to Replicate to Azure AD
Waits for Active Directory users to be replicated to Azure AD.
It triggers an ADSync Delta sync between Active Directory and Azure AD before waiting for the users to replicate.
Inputs
-
Office365AdministrativeCredentials - required
A single MSPComplete endpoint object.
The Office 365 administrative credentials for the Azure AD tenant.
-
Identities - required
One or more strings are separated by a new line.
The identities of the Active Directory users will be waited upon for replication to Azure AD.
The identity of a user can be:
-
A distinguished name
-
A GUID (the objectGUID property)
-
A security identifier (the objectSid property)
-
A SAM account name (the sAMAccountName property)
-
-
MaximumWaitTimeMinutes - optional
A single string.
The maximum amount of time this task will wait for all of the users to be replicated, in minutes.
Defaults to "15".
Outputs
-
ActiveDirectoryWaitForUsersToReplicateToAzureADCsv
A CSV string containing the information about the users that were waited upon for replication to Azure AD, as well as an additional column 'UserReplicated' to indicate if the user successfully replicated to Azure AD.
-
ActiveDirectoryWaitForUsersToReplicateToAzureADErrorMessages
A string containing the error messages that were generated over the course of this task.