WELCOME TO THE COMMUNITY
find what you are looking for or ask a new question
Home > Knowledge Base > Workflows > Active Directory management actions

Active Directory management actions

17.06.2025

0

0
Workflows
#active directory # manage users # user groups

Dotyczy wersji: 2020 R1 i powyżej; autor: Konrad Wojtycza, Dawid Golonka, Lily Adamowicz

 

The WEBCON BPS system is natively integrated with the Active Directory (AD) service. Basic functionality of WEBCON BPS includes actions that allow managing AD resources directly from workflows. This article covers actions that enable the management of users and groups.

The application created for the purpose of this article consists of several processes that provide comprehensive management of the AD catalog.

 

Manage users

The diagram below illustrates the user management workflow:

 

The workflow allows for creating new accounts, making changes, deleting, and disabling existing accounts. All these operations are triggered using the Manage users action.

 

Creating account

This workflow enables the creation of a new AD user. The form on the first step requires entering the details of the person for whom the account is to be created:

 

The Manage users action is triggered on the Create path. The configuration of this action is shown in the screenshot below:

 

  • In the Select operation section, it is possible to choose the operation mode, i.e., user edition, creation, or deletion.
  • In the Create user mode, the User password section is used to set a new password which can be either entered manually or generated by the system and saved in the selected form field.
  • The Account data section is used to provide information related to the account being created. In the example analyzed, the User login and Common name fields hold the values taken from the form, while the Organizational unit DN is generated by a business rule. The data entry format is shown in the examples below.
  • The Account availability section allows you to lock/unlock the account. After updating user data, the synchronization operation is required. In this section, you can choose the synchronization mode: synchronous or asynchronous.

 

 

In the Properties tab, you can provide basic account information. In the presented example, the data is transferred from the form. After completing the path transition, the account will be created:

 

Editing account

The workflow for account management also allows for editing the account. The action that applies changes to the account is triggered on the Save changes transition path. The following screenshot shows the action configuration:

 

Choose the Edit user option in the Select operation section and specify the user login of the account to be edited in the Account data section. The Properties tab should keep the configuration set when creating a new account. As a result, the data edited on the form will be applied to the configuration of the existing AD account.

 

 

On the user card, the employee's position has been changed in the workflow:

 

After transiting the path, the account will be updated with the following changes:

 

Locking/unlocking account

The Manage users action allows for locking and unlocking AD accounts. From a configuration standpoint, this setup simply involves toggling a switch in the Account availability section and providing the User login in the Account data section.

 

 

Deleting account

To delete an account, go to the configuration of the Manage users action, select the delete account operation, and provide the login of the user whose account is to be removed.

 

 

In the example presented, this action is executed along the Delete path – once this path is transited, the account will be removed from the AD structure.

 

Manage groups

The second of the created workflows enables Active Directory group management.

 

 

The user can create a group, modify it, or delete. All of these actions are performed using the Manage groups action. Additionally, the paths that enable creating groups and saving changes also include an action for adding users to groups.

The form on the first step looks as follows:

 

The top section of the form relates to the group being created. The key fields for the group creation action are: Display name, Group login, Organizational Unit, and Email address.

 

Creating group

The screenshot below presents the Manage groups action configuration window with the setup used to create a new group:

 

The action mode is selected in the first section Select operation. In the Group data section, you need to provide the Group login and the Organizational unit DN. In this example, the DN is generated using a business rule based on values from the form. The next section is used to select the group type. You can set three parameters for the group: Display name, Mail, and Description. In the final section, you can configure how the group’s SID is stored in a selected form field.

The screenshot below shows the view of the list of groups synchronized with the system. The newly created group, "TEST_02," appears on this list:

 

Adding users to group/removing users from group

The action configured on the same path allows adding users to a group:

 

Setting up the action itself involves specifying the operation type, providing the user login(s) and the group name. The configuration of the action used to remove a user from a group differs only in the selection made in the Select operation section.

In the example presented, the action of adding users to the group is performed on the same path where the group was created. As shown in fig. 13, the user Kazimierz Kowalski should be a member of the "TEST_02" group:

 

By checking the account information for Kazimierz Kowalski, you can see that he is a member of the "TEST_02" group. This shows that the user addition action was completed successfully.

 

Deleting group

After selecting the group deletion mode in the Manage groups action, the fields available in the configuration window will change accordingly. To delete a group, you need to provide either its login or a value in the "domainSID” format. The action is executed on the Delete path coming out from the Management step. Once the path is transited and the action is executed, the group is removed from the system.

 

 

Summary

Actions for managing the Active Directory service within the WEBCON BPS system enable you to build a custom platform for comprehensive domain administration. These types of actions can also be effectively used in other processes—whether newly created or existing—such as setting up accounts, adding users to groups during new employee onboarding, or removing access and accounts for employees leaving the organization.

Menu
Czerwone Maki 87
30-392 Krakow, Poland
office@webcon.com
+48 12 443 13 90
Did you know that with WEBCON you can automate virtually any process? Even baking cookies 🍪
 
Speaking of cookies: we use the ones that are essential for our website to function properly, as well as additional ones that help us customize our content to your preferences. If you don’t mind cookies, click Accept. If you want to learn more, explore settings.
Settings