Active Directory

Autom Mate's Active Directory integration enables automated user and group management, policy updates, and LDAP queries, streamlining identity and access tasks.

Introduction

This document provides detailed instructions on integrating Active Directory (AD) with Automate, a powerful workflow automation platform. It outlines the actions available within Automate for seamless interaction with various functionalities offered by Active Directory. It explains how Automate utilizes this integration to automate tasks, streamline processes, and enhance operational efficiency.


What is Active Directory?

Active Directory (AD) is Microsoft's directory service that provides a centralized location for network administration, authentication, and authorization. It serves as a repository for information about users, computers, and other resources within a network.

Key Features of Active Directory

  • User Management: Allows administrators to create, manage, and authenticate user accounts.

  • Group Policy: Enables the centralized management of security policies, software deployment, and system configurations.

  • LDAP Integration: Provides support for Lightweight Directory Access Protocol (LDAP) for accessing and managing directory services.


Autom Mate Integration with Active Directory

Automate offers a set of pre-built actions that empower users to automate tasks within their workflows by leveraging Active Directory's capabilities. These actions enable users to perform various operations, such as user management, group management, and LDAP queries.

Automate integrates seamlessly with Active Directory, enabling users to automate various administrative tasks and user management operations. This integration enhances efficiency and reduces manual efforts in managing Active Directory resources.

Examples of Automated Tasks

  • Creating new user accounts based on predefined templates.

  • Modifying group memberships for users based on role changes.

  • Updating user attributes such as email addresses or phone numbers.


Credentials

To use Active Directory actions within Autom Mate, you need to create a credential that connects securely to your Active Directory instance. This credential serves as a secure link, allowing Autom Mate to interact seamlessly with your Active Directory data. You can add your credentials on the Vault page.

1

Step 1 : Log in to Automate as an administrator.

2

Step 2 : Go to Vault page at left side of menu.

3

Step 3 : Navigate to the Custom Credentials settings section.

4

Step 4 : Enter the required information:

  • Username

  • Password

5

Step 5 : Save the credentials securely.


How to Use Actions

Here are the available actions for integrating Automate with Active Directory, along with explanations:

Add Group

Description and Purpose

The Add Group action in Autom Mate allows users to create new security or distribution groups within Active Directory. This feature enables organized management of users and resources by categorizing them into groups for streamlined access control and permissions management.

Usage Instructions

1

Enter the Group Name

Specify the name for the group you wish to create. This name will be used as a primary identifier for the group within Active Directory.

2

Provide the Distinguished Name (DN)

Input a unique Distinguished Name (DN) for the group. This serves as a unique identifier within the Active Directory structure.

3

Add a Group Description

Enter a brief description of the group, which can help in identifying the group’s purpose or function.

4

Select Group Scope

Choose one of the following scopes for the group:

  • Domain Local: Grants access within a single domain.

  • Global: Provides access to resources across multiple domains.

  • Universal: Extends access across multiple domains within a forest.

5

Specify the Group Type

Choose the type of group:

  • Security: Used for assigning security-related permissions.

  • Distribution: Used for email distribution lists.

Inputs

  • Group Name: The name to assign to the group being added to Active Directory.

  • Distinguished Name (DN): A unique identifier for the group within the directory.

  • Description: A short description explaining the purpose of the group.

  • Group Scope: Defines the group’s access scope. Options:

    • Domain Local,

    • Global,

    • Universal.

  • Group Type: Defines the type of group. Options:

    • Security,

    • Distribution.

Outputs

No outputs. This action simply performs the addition of a new group to Active Directory based on the specified parameters.

Add Object To Group

Description and Purpose

The Add Object to Group action allows users to add an object, such as a user or another group, to a specified group within Active Directory. This action facilitates organized user and resource management by enabling seamless associations within existing Active Directory groups.

Usage Instructions

1

Enter LDAP Path

LDAP Path: Provide the LDAP path of the object you wish to add to a group. This path uniquely identifies the object in Active Directory.

2

Specify Group Name

Group Name: Enter the name of the group within Active Directory to which you want to add the specified object.

3

Execute the Action

Run the action to add the specified object to the chosen group. This will update Active Directory with the new group membership.

Inputs

  • LDAP Path: The LDAP path that uniquely identifies the object to be added to the group.

  • Group Name: The name of the group within Active Directory where the object will be added.

Outputs

  • None


Add User To Group

Description and Purpose

The Add User to Group action allows users to add one or more users to a specified group within Active Directory. This action streamlines user management by ensuring that users are assigned to groups with appropriate access controls and permissions.

Usage Instructions

1

Provide Usernames

Users: Enter the username(s) of the user(s) you wish to add to the group. This can include multiple usernames if adding multiple users.

2

Specify Group Name

Group Name: Enter the name of the group within Active Directory to which the user(s) will be added.

3

Execute the Action

Run the action to add the specified user(s) to the chosen group. This action will update the group's membership to reflect the new additions.

Inputs

  • Users: The username(s) of the user(s) to be added to the group.

  • Group Name: The name of the group within Active Directory where the user(s) will be added.

Outputs

  • None


Connect

Description and Purpose

The Connect to Active Directory action establishes a secure connection with the Active Directory environment. This initial connection is essential to allow Autom Mate to perform subsequent actions, enabling interactions with the directory for tasks like user and group management.

Usage Instructions

1

Select Connection Type

Connection Type: Choose the type of connection you wish to establish, such as secure LDAP.

2

Enter LDAP Address

Address: Specify the LDAP address for the Active Directory connection, typically in the format ldap.example.com:389.

3

Provide Username and Password

  • User: Enter the username required to authenticate the LDAP connection.

  • Password: Input the associated password for the specified username.

4

Specify Base Path

Base Path: Enter the base path for the Active Directory structure. This is often structured as dc=automate,dc=com.

5

Execute the Action

Run the action to initiate the connection. Once established, the connection enables all subsequent Active Directory actions in the workflow.

Inputs

  • Connection Type: The type of connection to Active Directory (e.g., secure LDAP).

  • Address: The address for the LDAP connection to the Active Directory server.

  • User: The username used for authentication.

  • Password: The password for the user account.

  • Base Path: The base path of the Active Directory environment.

Outputs

  • None


Create Contact

Description and Purpose

The Create Contact action enables users to add new contact information for individuals or entities within Active Directory. This action is designed to streamline the process of creating contact records, ensuring that essential information such as names, email addresses, and department details are captured accurately.

Usage Instructions

1

Enter Contact's Basic Information

  • First Name: Input the first name of the contact.

  • Last Name: Provide the last name of the contact.

  • Display Name: Specify the display name, which represents how the contact will appear in Active Directory.

2

Enter Unique Identifier and Email

  • Distinguished Name (DN): Enter a unique Distinguished Name for the contact, which serves as an identifier within Active Directory.

  • Email: Provide the contact’s email address.

3

Add Additional Details

  • Description: Add a brief description for the contact, if desired.

  • Department: Specify the department where the contact works.

  • Title: Enter the job title or position of the contact.

4

Execute the Action

Run the action to create the contact in Active Directory. Upon successful execution, the contact will be listed in the specified directory.

Inputs

  • First Name: The contact’s first name.

  • Last Name: The contact’s last name.

  • Display Name: The contact’s display name as it will appear in Active Directory.

  • Distinguished Name (DN): The unique identifier for the contact.

  • Email: The contact’s email address.

  • Description: A brief description of the contact’s role or details.

  • Department: The department where the contact works.

  • Title: The job title of the contact.

Outputs

  • None


Create Object

Description and Purpose

The Create Object action allows users to add new objects, such as users or groups, to the Active Directory environment. This action is designed to help administrators easily expand their directory structure by adding entities with specific attributes, improving organization and management within Active Directory.

Usage Instructions

1

Define the Object Type

Object Type: Select the type of object to create within Active Directory (e.g., User, Group).

2

Specify the LDAP Path

LDAP Path: Enter the LDAP path where the new object will reside in the Active Directory structure.

3

Add Custom Attributes (Optional)

Custom Attributes: Provide any additional attributes or specifications required for the new object. This field allows for the customization of each object based on organizational needs.

4

Execute the Action

Run the action to create the object in Active Directory. Upon successful execution, the object will be added at the specified LDAP path with the selected attributes.

Inputs

  • Object Type: Specifies the type of object to create (e.g., User, Group).

  • LDAP Path: The designated LDAP path within Active Directory where the new object will be stored.

  • Custom Attributes: Optional additional attributes to customize the new object’s details.

Outputs

  • None


Create User

Description and Purpose

The Create User action allows administrators to quickly add new user accounts to Active Directory. This action streamlines the user creation process by gathering essential user details and adding them to the directory with appropriate attributes. It ensures consistency in user data entry and speeds up the provisioning of new accounts.

Usage Instructions

1

Enter Basic User Details

  • Username: Specify the username for the new user.

  • Logon Name: Provide the logon name that the user will use to access Active Directory.

  • First Name: Enter the user’s first name.

  • Last Name: Specify the user’s last name.

2

Define Unique Identifiers

Distinguished Name (DN): Provide a unique identifier (Distinguished Name) for the new user in Active Directory.

3

Contact Information

Email: Input the email address associated with the new user.

4

Security and Access

  • Password: Set an initial password for the new user.

  • Is Disabled: Check this box if the user account should be disabled upon creation.

5

Organizational Details

  • Description: Add a brief description for the user account.

  • Department: Specify the department to which the user belongs.

  • Title: Enter the user’s job title.

6

Execute the Action

Run the action to create the new user in Active Directory with all specified details.

Inputs

  • Username: The chosen username for the new user.

  • Logon Name: The logon name the user will use to access their account.

  • First Name: The user’s first name.

  • Last Name: The user’s last name.

  • Distinguished Name (DN): A unique identifier for the new user.

  • Email: The email address associated with the user.

  • Password: Initial password for the user account.

  • Description: A brief summary or description for the account.

  • Department: The department to which the user belongs.

  • Title: The user’s job title.

  • Is Disabled: Whether the user account should initially be disabled.

Outputs

  • None


Delete Computer

Description and Purpose

The Delete Computer action removes a specified computer object from the Active Directory environment. This action is used when decommissioning or retiring a computer, ensuring that outdated or unused computer entries are cleared from Active Directory.

Usage Instructions

1

Enter Computer Details

Computer CN: Provide the Common Name (CN) of the computer object you want to delete from Active Directory. This unique identifier specifies the computer that will be removed.

2

Execute the Action

Run the action to delete the specified computer from Active Directory. The computer entry will be permanently removed from the directory.

Inputs

Computer CN: The Common Name (CN) of the computer to be deleted from Active Directory.

Outputs

  • None


Delete Object

Description and Purpose

The Delete Object action removes a specified object from the Active Directory structure. This action is valuable for managing directory hygiene, ensuring that obsolete or unnecessary objects, such as users, computers, or groups, are efficiently removed.

Usage Instructions

1

Specify Object Details

Distinguished Name (DN): Enter the unique Distinguished Name (DN) of the object you wish to delete from Active Directory. The DN serves as a unique identifier, pinpointing the exact object to be removed.

2

Execute the Action

Run the action to delete the specified object from Active Directory. Upon execution, the selected object will be permanently removed from the directory structure.

Inputs

  • Distinguished Name (DN): The unique identifier of the object targeted for deletion.

Outputs

  • None


Delete User

Description and Purpose

The Delete User action removes a specified user account from the Active Directory environment. This action is essential for maintaining directory accuracy by removing accounts that are no longer needed, ensuring security and compliance within the network.

Usage Instructions

1

Specify User Details

Username or Logon Name: Enter the unique username or logon name of the user account you wish to delete from Active Directory. This serves as the identifier for the account to be removed.

2

Execute the Action

Run the action to delete the specified user account. Once executed, the selected user account will be permanently removed from Active Directory.

Inputs

  • Username or Logon Name: The unique username or logon name of the user targeted for deletion.

Outputs

  • None


Disable User

Description and Purpose

The Disable User action deactivates a specified user account within Active Directory. Disabling a user account is a secure way to temporarily restrict access without permanently deleting the account, often used for offboarding or security compliance measures.

Usage Instructions

1

Specify User Details

Username or Logon Name: Input the username or logon name of the user account that needs to be disabled. This identifier allows Active Directory to locate and disable the correct account.

2

Execute the Action

Run the action to disable the specified user account. The account will no longer have access until re-enabled.

Inputs

  • Username or Logon Name: The unique username or logon name of the user account to be disabled.

Outputs

  • None


Disconnect

Description and Purpose

The Disconnect action terminates the active session with the Active Directory environment, effectively closing the connection to the Active Directory server. This is essential for secure session management, ensuring that connections are closed when not in use.

Usage Instructions

1

Execute the Action

Simply run the action. No additional inputs are required. This action will disconnect the current Active Directory session securely.

Inputs

  • None

Outputs

  • None


Enable User

Description and Purpose

The Enable User action allows administrators to reactivate a previously disabled user account within Active Directory, restoring the user's access and permissions. This action is essential for reinstating user accounts after a temporary deactivation or for troubleshooting access issues.

Usage Instructions

1

Enter User Details

Username or Logon Name: Input the username or logon name of the user account to enable.

2

Execute the Action

Run the action to enable the specified user account.

Inputs

  • Username or Logon Name: The username or logon name of the user to enable.

Outputs

  • None


LDAP Query

Description and Purpose

The LDAP Query action enables users to perform custom LDAP (Lightweight Directory Access Protocol) queries within Active Directory. This action is ideal for retrieving specific information from the directory based on defined search criteria, allowing for customized data extraction and reporting.

Usage Instructions

1

Enter LDAP Query Details

  • LDAP Query: Input the custom LDAP query to execute within Active Directory.

  • Attribute: Specify the attribute you want to retrieve from the query results.

  • Output Variable: Assign an output variable to store the query results for easy access and use in subsequent actions.

2

Execute the Action

Run the action to perform the LDAP query and retrieve the specified information.

Inputs

  • LDAP Query: The custom LDAP query to execute in Active Directory.

  • Attribute: The specific attribute to retrieve from the query results.

  • Output Variable: A designated variable to store the query results.

Outputs

  • Query Results: The output variable will store the results of the LDAP query, accessible for further processing or reporting within workflows.


Move Object

Description and Purpose

The Move Object action in Autom Mate's Active Directory integration is designed to facilitate the relocation of an existing object within the Active Directory (AD) structure. This action is beneficial for users managing AD environments where objects—such as users, groups, or computers—need to be reorganized or transferred between different organizational units (OUs) or other containers. By specifying the current location and the desired destination, this action enables efficient management of AD resources.

Usage Instructions

1

Specify the Object's Current Location

  • In the LDAP Path input field, enter the LDAP path of the object you wish to move.

  • The LDAP path uniquely identifies the current location of the object within the Active Directory hierarchy.

  • Example LDAP Path format: CN=John Doe,OU=Users,DC=company,DC=com

2

Define the Destination Location

  • In the Move to input field, specify the destination path within Active Directory where you would like to relocate the object.

  • The destination path should be structured according to AD’s hierarchy to ensure the object is moved to the correct OU or container.

  • Example Destination format: OU=Managers,DC=company,DC=com

3

Execute the Action

  • Run the action to move the object from its current location to the specified destination.

  • Ensure that the required permissions are in place to move the object within the AD structure.

Inputs

  • LDAP Path: The LDAP path representing the current location of the object in Active Directory.

  • Move to: The destination LDAP path within Active Directory where the object should be relocated.

Outputs

  • None: This action does not produce any direct output. After execution, you can verify the successful relocation by checking the new location of the object in Active Directory.


Password Reset

Description and Purpose

The Password Reset action in Autom Mate’s Active Directory integration enables administrators to reset the password for a user account within Active Directory. This action is essential for situations requiring a password update or recovery, providing a straightforward way to manage user access and account security.

Usage Instructions

1

Specify the Username or Logon Name

  • In the Account's Username or Logon Name input field, enter the username or logon name of the user whose password you want to reset.

  • Ensure that the username or logon name correctly matches the target user in Active Directory.

  • Example Username format: jdoe or John.Doe

2

Set the Password Change Requirement (Optional)

  • In the Require Password Change input field, set this flag to indicate whether the user should be prompted to change their password upon their next login.

  • This option is beneficial for enforcing security policies, ensuring the user updates their password immediately after a reset.

  • Example values: True or False

3

Execute the Action

  • Run the action to reset the user’s password.

  • After execution, the specified user will have their password reset and will follow any additional requirements set, such as being prompted to change their password at next login.

Inputs

  • Account's Username or Logon Name: The unique username or logon name identifying the user in Active Directory whose password is to be reset.

  • Require Password Change: Optional flag to specify whether the user should be required to change their password upon next login (True or False).

Outputs

None: This action does not produce any direct output. To confirm, check the user’s login status or require verification from the user following the password reset.


Remove Object From Group

Description and Purpose

The Remove Object From Group action in Autom Mate’s Active Directory integration enables administrators to remove a specific object, such as a user or another group, from an existing group within Active Directory. This action is vital for managing group memberships, ensuring that objects are only associated with relevant groups to maintain organized and secure access controls.

Usage Instructions

1

Enter the Object's LDAP Path

  • In the LDAP Path input field, specify the LDAP path for the object you want to remove from the group.

  • This LDAP path uniquely identifies the object in Active Directory and directs the action to the correct entity.

  • Example format: CN=John Doe,OU=Users,DC=example,DC=com

2

Specify the Group Name

  • In the Group Name input field, enter the name of the group from which you want to remove the object.

  • Ensure the group name accurately corresponds to the target group in Active Directory.

  • Example group name: Marketing Team

3

Execute the Action

  • Run the action to remove the specified object from the designated group.

  • After execution, the object will no longer be associated with the specified group in Active Directory.

Inputs

  • LDAP Path: The unique LDAP path of the object you intend to remove from the group.

  • Group Name: The name of the group from which the object will be removed.

Outputs

  • None: This action does not produce any direct output. Verify the removal by checking the object's membership status in the specified group within Active Directory.


Remove User From Group

Description and Purpose

The Remove User From Group action in Autom Mate’s Active Directory integration enables administrators to remove specific user(s) from a designated group within Active Directory. This action is essential for maintaining accurate group memberships, ensuring that only relevant users have access to group-specific resources.

Usage Instructions

1

Enter the Username(s)

  • In the Username input field, specify the username(s) of the user(s) you wish to remove from the group.

  • This field accepts one or multiple usernames, depending on how many users need to be removed from the group.

  • Example format: jdoe or a list like jdoe, asmith

2

Specify the Group Name

  • In the Group Name input field, enter the name of the group from which you want to remove the user(s).

  • Ensure the group name matches the target group in Active Directory accurately.

  • Example group name: Sales Team

3

Execute the Action

  • Run the action to remove the specified user(s) from the designated group.

  • Once completed, the specified user(s) will no longer be associated with the group in Active Directory.

Inputs

  • Username: The username(s) of the user(s) to be removed from the group.

  • Group Name: The name of the group from which the user(s) will be removed.

Outputs

None: This action does not produce a direct output. You can verify the removal by checking the group membership of the user(s) within the specified group in Active Directory.


Unlock User

Description and Purpose

The Unlock User action within Autom Mate’s Active Directory integration allows administrators to unlock a locked user account, restoring access to the user in Active Directory. This action is useful when a user has been locked out due to multiple failed logins attempts or other security settings.

Usage Instructions

1

Enter the Username or Logon Name

  • In the Username or Logon Name input field, provide the exact username or logon name of the user account that needs to be unlocked.

  • Example: jdoe or john.doe

2

Execute the Action

  • Run the action to initiate the unlocking process.

  • Once executed, the specified user’s account will be unlocked, and the user will regain access according to their assigned permissions.

Inputs

  • Username or Logon Name: The username or logon name of the user account to be unlocked.

Outputs

  • None: This action does not produce a direct output. The success of the action can be verified by attempting to log in with the user account or by viewing the account status in Active Directory.


Update Contact

Description and Purpose

The Update Contact action allows administrators to modify contact details within Active Directory. This action is essential for maintaining up-to-date information for individuals or entities in the directory, ensuring accuracy in the organizational directory.

Usage Instructions

1

Enter the Distinguished Name (DN)

  • In the Distinguished Name (DN) input field, provide the unique identifier for the contact that you wish to update.

  • Example: CN=John Doe,OU=Contacts,DC=example,DC=com

2

Provide Updated Contact Information

Fill in any fields you need to update:

  • First Name: Input the updated first name of the contact.

  • Last Name: Input the updated last name of the contact.

  • Display Name: Provide the updated display name that will appear in Active Directory.

  • Email: Enter the updated email address for the contact.

  • Description: Provide an updated description or additional information about the contact.

  • Department: Specify the updated department to which the contact belongs.

  • Title: Enter the updated job title of the contact.

  • Custom Attributes: If there are specific custom attributes relevant to this contact, enter those details here.

3

Execute the Action

  • Run the action to apply the updates to the specified contact in Active Directory.

  • The changes will be saved, and the contact’s details will reflect the new information.

Inputs

  • Distinguished Name (DN): The unique identifier for the contact to update.

  • First Name: The updated first name of the contact.

  • Last Name: The updated last name of the contact.

  • Display Name: The updated display name of the contact.

  • Email: The updated email address of the contact.

  • Description: The updated description for the contact.

  • Department: The updated department for the contact.

  • Title: The updated job title of the contact.

  • Custom Attributes: Any additional custom attributes to modify for the contact.

Outputs

  • None: This action does not produce a direct output. To verify the update, you can review the contact details in Active Directory.


Update Object

Description and Purpose

The Update Object action allows administrators to modify attributes and properties of an existing object within Active Directory. This action is essential for keeping the directory data accurate and up-to-date, enabling efficient management of various Active Directory entities, such as users, computers, or groups.

Usage Instructions

1

Enter the LDAP Path of the Object

  • In the LDAP Path input field, specify the LDAP path of the object you wish to update.

  • Example: CN=John Doe,OU=Users,DC=example,DC=com

2

Specify Attributes to Update

  • Provide the specific Attributes that need modification. List each attribute with its updated value, ensuring accuracy to reflect the desired changes in Active Directory.

  • Example:

3

Execute the Action

  • Run the action to apply the attribute updates to the specified object in Active Directory.

  • The changes will be saved in Active Directory and can be reviewed in the object's profile.

Inputs

  • LDAP Path: The unique LDAP path of the object to update in Active Directory.

  • Attributes: The list of attributes to modify for the object, along with their new values.

Outputs

  • None: This action does not return a direct output. To confirm the update, review the object’s details in Active Directory.


Update User

Description and Purpose

The Update User action enables administrators to update a user account's information within Active Directory. This action is essential for maintaining accurate user details, managing account permissions, and ensuring up-to-date contact information for each user.

Usage Instructions

1

Specify the Username or Logon Name

  • In the Username or Logon Name input field, provide the unique username or logon name associated with the user account to be updated.

  • Example: jdoe

2

Provide Updated User Information

Enter updated details for the following fields as necessary:

  • First Name: The updated first name of the user.

  • Last Name: The updated last name of the user.

  • Display Name: The name displayed for the user in Active Directory.

  • Email: The updated email address of the user.

  • Description: A brief description or additional information about the user.

  • Department: The department within the organization associated with the user.

  • Title: The user’s job title within the organization.

  • Custom Attributes: Any additional custom attributes for the user, as needed.

3

Execute the Action

Run the action to apply the changes. The updates will be saved in Active Directory, and the user’s profile will reflect the updated information.

Inputs

  • Username or Logon Name: The unique username or logon name of the user to be updated.

  • First Name: The updated first name of the user.

  • Last Name: The updated last name of the user.

  • Display Name: The name displayed in Active Directory.

  • Email: The updated email address of the user.

  • Description: A brief description of the user.

  • Department: The updated department name.

  • Title: The job title for the user.

  • Custom Attributes: Any additional custom attributes for the user.

Outputs

  • None: This action does not provide a direct output. To confirm the updates, review the user’s profile in Active Directory.


Additional Tips

Last updated