Active Directory Tasks

This article provides information on how to use the out-of-the-box task library components within MSPComplete.

Tasks

Add/Remove Users From Groups

Adds or removes users from groups in the Active Directory.

Inputs

Usage option 1: Add or remove a user from one or more groups

  • Users

    A single MSPComplete end-user object is required.

    This is the user in Active Directory who will be added or removed from the groups.

    The user object is required to have an 'OnPremisesSecurityIdentifier' extended property, which corresponds to the 'objectSID' or 'SID' property on the Active Directory user.

  • GroupIdentities

    One or more strings separated by a newline, are required.

    This identifies the groups which the user will be added/removed from.

    The identity of the group can be:

    •  A distinguished name

    • A GUID (the objectGUID property)

    • A security identifier (the objectSid property)

    • A SAM account name (the sAMAccountName property)

  • AddOrRemoveUser

    A single string, required, valid values are 'add' and 'remove' (case-insensitive).

    This specifies if the user will be added or removed from all of the groups.

Usage option 2: Add or remove one or more users from one group

  • Users

    One or more MSPComplete end-user objects are required.

    These are the users in Active Directory who will be added or removed from the groups.

    The user objects are required to have an 'OnPremisesSecurityIdentifier' extended property, which corresponds to the 'objectSID' or 'SID' property on the Active Directory user.

  • GroupIdentities

    A single string is required.

    This identifies the group which the users will be added/removed from.

    The identity of the group can be:

    • A distinguished name

    • A GUID (the objectGUID property)

    • A security identifier (the objectSid property)

    • A SAM account name (the sAMAccountName property)

  • AddOrRemoveUser

    A single string, required, valid values are 'add' and 'remove' (case-insensitive).

    This specifies if the users will be added or removed from the group.

Usage option 3: Add or remove users from groups

  • UsersCsv

    A CSV string containing information about the users to be added/removed from groups.

    Required columns:

    • UserIdentity

      A single string.

      This identifies the user who will be added/removed from the group.

      The identity of the user can be:

      • A distinguished name

      • A GUID (the objectGUID property)

      • A security identifier (the objectSid property)

      • A SAM account name (the sAMAccountName property)

    • GroupIdentity

      A single string.

      This identifies the group which the user will be added/removed from.

      The identity of the group can be:

      • A distinguished name

      • A GUID (the objectGUID property)

      • A security identifier (the objectSid property)

      • A SAM account name (the sAMAccountName property)

    • AddOrRemoveUser

      A single string, required, valid values are 'add' and 'remove' (case-insensitive).

      This specifies if the user will be added or removed from the group.

Outputs

  • ActiveDirectoryAddRemoveUsersFromGroupsCsv

    A CSV string containing information about the users who were added/removed from the groups, as well as an additional column 'MembershipUpdated' to indicate if the users were successfully added/removed from the groups.

  • ActiveDirectoryAddRemoveUsersFromGroupsErrorMessages

    A string containing all the error messages that were generated for this task.

Version: 2.0.2

Date: 9 April 2019

Back to top


Copy User Group Memberships

Copies an Active Directory user's group memberships to other Active Directory users

The copied group memberships will be in addition to any existing memberships the other user may already have.

For example, copying group memberships from user 1 to user 2 will not remove any of user 2's existing group memberships.

Inputs

Usage option 1: Copy a user's group memberships to other users

  • ReferenceUser - required

    A single MSPComplete end-user object.

    The user will be used as the reference for group memberships.

    If more than one end-user object is provided, only the first one will be used.

  • TargetUsers - required

    One or more MSPComplete end-user objects.

    The users will receive the same group memberships as the reference users.

Usage option 2: Copy users' group memberships to other users

  • UsersCsv - required

    A CSV string containing the information about the reference and target users for copying the group memberships.

    Required columns:

    • ReferenceUserIdentity

      A single string.

      The identity of the user is used as the reference for group memberships.

    • TargetUserIdentity

      A single string.

      The identity of the user who will receive the copy of the group memberships.

Outputs

  • ActiveDirectoryCopyUserGroupMembershipsCsv

    A CSV string containing the information about the reference and target users for copying the group memberships.

    It contains an additional column 'CopiedGroupMemberships' which indicates if the group memberships were copied successfully from the reference to the target user.

  • ActiveDirectoryCopyUserGroupMembershipsErrorMessages

    A string containing the error messages that were generated for the task.

Version: 1.0.0

Date: 2 May 2019

Back to top


Create Distribution Groups

Creates distribution groups in Active Directory

Inputs

Usage option 1: Create a distribution group

  • DisplayName - required

    A single string.

    The display name of the group which will be created.

  • Scope - required

    A single string.

    The scope of the group.

    Valid values are 'DomainLocal', 'Global', and 'Universal'.

  • Description - optional

    A single string.

    The description of the group.

  • Email - optional

    A single string.

    The email address of the group.

  • Owner - optional

    A single string.

    The user or group that will manage this new group.

    Possible identifiers are:

    • A distinguished name.

    • A GUID (the objectGUID property).

    • A security identifier (the objectSid property)

    • A SAM account name (the sAMAccountName property)

  • Path - Optional

    A single string.

    The path of the Organizational Unit or container where the group will be created.

Usage option 2: Create multiple distribution groups specified by a CSV string

  • DistributionGroupsCsv

    A CSV string containing information about the distribution groups will be created.

    Required columns:

    • DisplayName

      A single string.

      The display name of the group which will be created.

    • Scope

      The scope of the group.

      Valid values are 'DomainLocal', 'Global', and 'Universal'.

    Optional columns:

    • Description

      A single string.

      The description of the group.

    • Email

      A single string.

      The email address of the group.

    • Owner

      A single string.

      The user or group that will manage this new group.

      Possible identifiers are:

      • A distinguished name.

      • A GUID (the objectGUID property).

      • A security identifier (the objectSid property)

      • A SAM account name (the sAMAccountName property)

    • Path

      A single string.

      The path of the Organizational Unit or container where the group will be created.

Outputs

  • ActiveDirectoryCreateDistributionGroupsCsv

    A CSV string containing information about the distribution groups that were created, as well as an additional column 'CreatedDistributionGroup' to indicate if the group was created successfully.

  • ActiveDirectoryCreateDistributionGroupsErrorMessages

    A string containing the error messages is generated over the course of the task.

Version: 1.0.0

Date: 3 April 2019

Back to top


Create Security Groups

Creates security groups in Active Directory

Inputs

Usage option 1: Create a security group

  • DisplayName - required

    A single string.

    The display name of the group which will be created.

  • Scope - required

    A single string.

    The scope of the group.

    Valid values are 'DomainLocal', 'Global' and 'Universal'.

  • Description - optional

    A single string.

    The description of the group.

  • Email - optional

    A single string.

    The email address of the group.

  • Owner - optional

    A single string.

    The user or group which will manage this new group.

    Possible identifiers are:

    • A distinguished name

    • A GUID (the objectGUID property)

    • A security identifier (the objectSid property)

    • A SAM account name (the sAMAccountName property)

  • Path - Optional

    A single string.

    The path of the Organizational Unit or container where the group will be created.

Usage option 2: Create multiple security groups specified by a CSV string

  • SecurityGroupsCsv

    A CSV string containing information about the security groups will be created.

    Required columns:

    • DisplayName

      A single string.

      The display name of the group which will be created.

    • Scope

      The scope of the group.

      Valid values are 'DomainLocal', 'Global', and 'Universal'.

    Optional columns:

    • Description

      A single string.

      The description of the group.

    • Email

      A single string.

      The email address of the group.

    • Owner

      A single string.

      The user or group that will manage this new group.

      Possible identifiers are:

      • A distinguished name

      • A GUID (the objectGUID property)

      • A security identifier (the objectSid property)

      • A SAM account name (the sAMAccountName property)

    • Path

      A single string.

      The path of the Organizational Unit or container where the group will be created.

Outputs

  • ActiveDirectoryCreateSecurityGroupsCsv

    A CSV string containing information about the security groups that were created, as well as an additional column 'CreatedSecurityGroup' to indicate if the group was created successfully.

  • ActiveDirectoryCreateSecurityGroupsErrorMessages

    A string containing the error messages is generated over the course of the task.

Version: 1.0.0

Date: 9 April 2019

Back to top


Create Users

Creates users in Active Directory.

Several user properties can also be set for the user while creating it:

  • Display name
  • User principal name
  • Password
  • First name
  • Initials
  • Last name
  • Email address
  • Department
  • Path
  • Logon script path
  • Change password at logon

Inputs

Usage option 1: Create a user in Active Directory

  • DisplayName - required

    A single string.

    This is the display name for the new user.

  • UserPrincipalName - required

    A single string.

    This is the user principal name for the new user.

  • Password - required

    A single string.

    This is the password for the new user.

  • FirstName - optional

    A single string.

    This is the first name for the new user.

  • Initials - optional

    A single string.

    This is the initials or middle name for the new user.

  • LastName - optional

    A single string.

    This is the last name for the new user.

  • EmailAddress - optional

    A single string.

    This is the email address for the new user.

  • Department - optional

    A single string.

    This is the department for the new user.

  • Path - optional

    A single string.

    This is the path of the Organizational Unit or container for the new user.

  • LogonScriptPath - optional

    A single string.

    This is the path to the user's logon script.

    This value can either be a local absolute path or a Universal Naming Convention (UNC) path.

  • ChangePasswordAtLogon - optional

    A single boolean variable.

    This indicates whether the user password must be changed on the next login attempt.

    Defaults to true.

Usage option 2: Create users in Active Directory

  • UsersCsv - required

    A CSV string containing the information used to create the users.

    • Required columns:

      • DisplayName - required

        A single string.

        This is the display name for the new user.

      • UserPrincipalName - required

        A single string.

        This is the user principal name for the new user.

    • Optional columns:

      • FirstName - optional

        A single string.

        This is the first name for the new user.

      • Initials - optional

        A single string.

        This is the initials or middle name of the new user.

      • LastName - optional

        A single string.

        This is the last name for the new user.

      • EmailAddress - optional

        A single string.

        This is the email address for the new user.

      • Password - optional

        A single string.

        This is the password for the new user.

      • Department - optional

        A single string.

        This is the department for the new user.

      • Path - optional

        A single string.

        This is the path of the Organizational Unit or container for the new user.

      • LogonScriptPath - optional

        A single string.

        This is the path to the user's logon script.

        This value can either be a local absolute path or a Universal Naming Convention (UNC) path.

      • ChangePasswordAtLogon - optional

        A single string.

        This indicates whether the user password must be changed on the next logon attempt.

        Valid values are 'true' and 'false' (case insensitive)

        Defaults to 'true'.

Outputs

  • ActiveDirectoryCreateUsersCsv

    A CSV containing information about the users that were created, as well as additional columns 'UserCreated' to indicate if the user creation was successful, and 'UserObjectGuid' which is the ObjectGUID property of the created user.

  • ActiveDirectoryCreateUsersErrorMessages

    A string containing all the error messages generated over the course of this task.

Version: 1.1.1

Date: 15 April 2019

Back to top


Delete Groups

Deletes groups in Active Directory

Inputs

Usage option 1: Delete groups using a list of group identities

  • Identities - required

    One or more strings are separated by a new line.

    The identities of the groups are to be deleted.

    Possible values for the identity are:

    • A distinguished name

    • A GUID (the objectGUID property)

    • A security identifier (the objectSid property)

    • A SAM account name (the sAMAccountName property)

Usage option 2: Delete groups using information in a CSV string

  • GroupsCsv - required

    A CSV string containing the information about the groups to delete.

    Required columns:

    Identity

    A single string.

    The identity of the group is to be deleted.

    Possible values for the identity are:

    • A distinguished name

    • A GUID (the objectGUID property)

    • A security identifier (the objectSid property)

    • A SAM account name (the sAMAccountName property)

Outputs

  • ActiveDirectoryDeleteGroupsCsv

    A CSV string containing information about the groups that were deleted, as well as an additional column 'DeletedGroup' to indicate if the group was deleted successfully.

  • ActiveDirectoryDeleteGroupsErrorMessages

    A string containing the error messages is generated over the course of the task.

Version: 1.0.0

Date: 4 April 2019

Back to top


Delete Users

Deletes one or more users in the Active Directory

Inputs

  • Users

    One or more MSPComplete end-user objects are required.

    These users will be deleted from Active Directory.

    The user objects need to have an 'OnPremisesSecurityIdentifier' extended property, which corresponds to the 'objectSID' or 'SID' property on the Active Directory user.

Outputs

  • ActiveDirectoryDeleteUsersErrorMessages

    A string containing the error messages that were generated over the course of the task.

Version: 1.0.1

Date: 14 March 2019

Back to top


Enable/Disable User Accounts

Enables or disables one or more user accounts in Active Directory

Inputs

Usage option 1: enables or disables one or more user accounts in Active Directory

  • Users

    One or more MSPComplete end-user objects are required.

    The user objects need to have an 'OnPremisesSecurityIdentifier' extended property, which is the users' identities in the Active Directory.

  • EnableOrDisableAccount

    A single string, required, valid values are 'enable' and 'disable' (case-insensitive).

    This specifies if the user will be enabled or disabled.

Usage option 2: enables or disables one or more user accounts in Active Directory via CSV

  • UsersCsv

    A CSV string containing information about the users to enable or disable.

    Required columns:

    • Identity

      A single string.

      This identifies the user which will be enabled or disabled.

      The identity of the user can be:

      • A distinguished name

      • A GUID (the objectGUID property)

      • A security identifier (the objectSid property)

      • A SAM account name (the sAMAccountName property)

    • EnableOrDisableAccount

      A single string, required, valid values are 'enable' and 'disable' (case-insensitive).

      This specifies if the user will be enabled or disabled.

Outputs

  • ActiveDirectoryEnableDisableUserAccountsCsv

    A CSV string containing information about the users who were enabled or disabled, as well as an additional column 'UserUpdated' to indicate if the users were successfully enabled or disabled.

  • ActiveDirectoryEnableDisableUserAccountsErrorMessages

    A string containing all the error messages that were generated over the course of this task.

Version: 1.0.1

Date: 14 March 2019

Back to top


Import Users Into MSPComplete via a specified server

Imports all users from Active Directory into MSPComplete.

The users will be imported into the current MSPComplete customer in context.

Inputs

  • Filter - optional

    A single string.

    This filter will select which of the users retrieved from Active Directory will be imported into MSPComplete. Defaults to "*".

    For more information on how to use this, type "Get-Help about_ActiveDirectory_Filter" or see https://docs.microsoft.com/en-us/powershell/module/addsadministration/get-aduser?view=win10-ps

  • Server - optional

    A single string.

    This is the server to execute the AD command on. If no server is provided, it will execute the command on the default server.

  • CreateUsers - optional

    A single boolean value.

    Selects whether a user should be created in MSPComplete if it does not exist in MSPComplete, but if it exists in Active Directory. Defaults to true.

  • UpdateUsers - optional

    A single boolean value.

    Selects whether a user should be updated in MSPComplete to match the user in Active Directory if it exists in both MSPComplete and Active Directory. Defaults to true.

  • DeleteUsers - optional

    A single boolean value.

    Selects whether users should be deleted from MSPComplete if it exists in MSPComplete, but not in Active Directory. Defaults to false.

Outputs

  • ActiveDirectoryImportUsersIntoMSPCompleteErrorMessages

    A string containing the error messages that were generated over the course of this task.

Version: 2.0.0

Date: 18 June 2019

Back to top


Move Users

Moves Active Directory users to different containers or domains

Inputs

Usage option 1: Move users to a container or domain

  • Users

    One or more MSPComplete end-user objects are required.

    The users will be moved to the specified container or domain.

    The user objects need to have an 'OnPremisesSecurityIdentifier' extended property, which corresponds to the 'objectSID' or 'SID' property on the Active Directory user.

  • TargetPath

    A single string.

    The path to the target container or domain where the users will be moved.

Usage option 2: Move users to different containers or domains using an input CSV string

  • UsersCsv

    A CSV string containing the information about the users to be moved.

    Required columns:

    • Identity

      A single string.

      This identifies the user which will be moved.

      The identity of the user can be:

      • A distinguished name

      • A GUID (the objectGUID property)

      • A security identifier (the objectSid property)

      • A SAM account name (the sAMAccountName property)

    • TargetPath

      A single string.

      The path to the target container or domain where the user will be moved.

Outputs

  • ActiveDirectoryMoveUsersCsv

    A CSV string containing the information about the users who were moved.

    The additional column 'MoveUsersOperationApplied' indicates if the action to move the user was successfully executed by this task.

    The additional column 'MoveUsersStateAchieved' indicates if, at the end of the task, the user was moved.

    The additional column 'MoveUsersMessages' contains the warning and/or error messages that were generated while moving the user.

  • ActiveDirectoryMoveUsersErrorMessages

    A string containing all the error messages that were generated over the course of this task.

Version: 1.0.0

Date: 29 May 2019

Back to top


Update Users' Attributes via User Identity

Updates attributes within users in Active Directory.

This task is able to:

  • Add values to existing user attributes
  • Clear existing user attribute values
  • Remove values from user attributes
  • Replace the existing set of user attribute values with new values

Inputs

Usage option 1: Update an attribute within a user

  • User

    A single MSPComplete end-user object is required.

    This is the user in Active Directory who will receive the attribute update.

    The user object is required to have an 'OnPremisesSecurityIdentifier' extended property, which corresponds to the 'objectSID' or 'SID' property on the Active Directory user.

  • AttributeName

    A single string is required.

    This specifies the name of the attribute to be updated within the user.

  • AttributeValues

    One or more strings separated by a newline are required.

    This specifies the values which are used to update the user attribute.

    This is optional if the value for Action is 'Clear'.

  • Action

    A single string is required.

    Valid values are 'Add', 'Clear', 'Remove', and 'Replace'.

    • Add: Adds the values specified in AttributeValues to the existing attribute values.

    • Clear: Clears the existing attribute values.

    • Remove: Remove the values specified in AttributeValues from the existing attribute values.

    • Replace: Replace the existing attribute values with the values specified in AttributeValues.

Usage option 2: Update attributes within users via CSV

  • AttributesCsv

    Required columns:

    • UserIdentity

      A single string is required.

      This identifies the user in the Active Directory. The identity can be

      • A distinguished name

      • A GUID (objectGUID)

      • A security identifier (objectSid)

      • A SAM account name (sAMAccountName)

    • AttributeName

      A single string is required.

      This specifies the name of the attribute to be updated within the user.

    • AttributeValues

      One or more strings separated by a comma and enclosed in double quotes are required.

      Example: "value1,value2"

      This specifies the values which are used to update the user attribute.

      This is optional if the value for Action is 'Clear'.

    • Action

      A single string is required.

      Valid values are 'Add', 'Clear', 'Remove', and 'Replace'.

       

      • Add: Adds the values specified in AttributeValues to the existing attribute values.

      • Clear: Clears the existing attribute values.

      • Remove: Remove the values specified in AttributeValues from the existing attribute values.

      • Replace: Replace the existing attribute values with the values specified in AttributeValues

Outputs

  • ActiveDirectoryUpdateUsersAttributesCsv

    A CSV string containing information about the user attributes that were updated, as well as an additional column 'AttributeUpdated' to indicate if the attribute was updated successfully.

  • ActiveDirectoryUpdateUsersAttributesErrorMessages

    A string containing all the error messages that were generated over the course of this task.

Version: 2.0.1

Date: 14 March 2019

Back to top


Wait For Group Azure AD Replication

Waits for an Active Directory group to be replicated to Azure AD

Inputs

  • Office365AdministrativeCredentials

    An MSPComplete endpoint object containing the Office 365 administrative credentials, is required.

  • Identity

    A single string is required.

    This specifies the group that is currently being waited upon for replication.

    The identity of the group can be:

    • A distinguished name

    • A GUID (the objectGUID property)

    • A security identifier (the objectSid property)

    • A SAM account name (the sAMAccountName property)

  • MaximumWaitTimeMinutes

    A single string, optional, defaults to "15"

    This specifies the maximum amount of time this task will wait for the group to be replicated, in minutes.

Outputs

  • None

Version: 1.0.2

Date: 14 March 2019

Back to top


Wait for Users to Replicate to Azure AD

Waits for Active Directory users to be replicated to Azure AD.

It triggers an ADSync Delta sync between Active Directory and Azure AD before waiting for the users to replicate.

Inputs

  • Office365AdministrativeCredentials - required

    A single MSPComplete endpoint object.

    The Office 365 administrative credentials for the Azure AD tenant.

  • Identities - required

    One or more strings are separated by a new line.

    The identities of the Active Directory users will be waited upon for replication to Azure AD.

    The identity of a user can be:

    • A distinguished name

    • A GUID (the objectGUID property)

    • A security identifier (the objectSid property)

    • A SAM account name (the sAMAccountName property)

  • MaximumWaitTimeMinutes - optional

    A single string.

    The maximum amount of time this task will wait for all of the users to be replicated, in minutes.

    Defaults to "15".

Outputs

  • ActiveDirectoryWaitForUsersToReplicateToAzureADCsv

    A CSV string containing the information about the users that were waited upon for replication to Azure AD, as well as an additional column 'UserReplicated' to indicate if the user successfully replicated to Azure AD.

  • ActiveDirectoryWaitForUsersToReplicateToAzureADErrorMessages

    A string containing the error messages that were generated over the course of this task.

Version: 1.0.1

Date: 14 May 2019

Back to top

Was this article helpful?
0 out of 0 found this helpful