ABots - Active Directory User Management - On\Offboarding

18 Oct 2022

ABots - Active Directory User Management - On\Offboarding

Updated on 18 Oct 2022

Article summary

Did you find this summary helpful?

Thank you for your feedback

Once configured, the Active Directory User Management - On\Offboarding ABot can automatically run user management processes in your active directory in response to workflow tickets opened in SysAid. This saves time and for both the IT admin and the employee who needs the update in the active directory.

Skills Included

The Active Directory User Management - On\Offboarding ABot includes the following skills:

Create a User - Creates a user in the active directory
Create and clone a user - Clones an existing user in the Active Directory to create a new user.
Disable a User - Disables a user in the active directory
Remove a user - Removes a user from the active directory

Prerequisites

Before you setup this ABot, ensure that your ABots platform is up and running. See the SysAid ABot Guide for details.
For any Active Directory ABot, ensure that you have the Active Directory module for PowerShell installed.
Create a dedicated user in Active Directory to run your ABots.
- Add the user to the "Users" container only in Active Directory.
- Provision the user with "Domain Admin" permissions that allows the user to run actions as processes.

Import Skills

On the main My Apps page, in the Active Directory User Management - On\Offboarding ABot's icon, click .
Click the slider.
Click Import ABot Skills.
The skills are imported in the background.

Setup the Templates

Each skill that you import includes a built-in template, ready to launch the automated process when a ticket is submitted. To set up the template you need to select values in all of the mandatory parameter mapping fields. Each skill has a different set of fields that are detailed below, but all require the relevant credentials. The credentials you select must have access to the machine that you want to run the automated process from and the machine must have access to all of the relevant agents. See the ABot guide for information on how to prepare credentials so they can be selected in the parameter mapping for a skill.

You also will want to ensure that the template is available in the Automation panel so that the skill can be run from within another ticket.

To set up a template

In Settings > Service Desk Templates, locate the new template. It will have the same name as the imported skill.
Open the template.
In the Request Details tab, ensure that the Visible in automation panel check box is selected.
In the Launch ABot workflow tab, click . There may be a delay in loading the Parameter Mapping fields.
Select the fields you want for parameter mapping. See the Parameter mapping section for explanations of each field and which fields are mandatory for each skill.
Click OK.

Using the ABot

Once the ABot skills have been imported, and the templates have been set up, admins and end-users can easily use the ABot's skills to initialize and automatically run the common tasks.

To add an ABot process from any ticket

In the ticket form, click Automations.
From the Select an Automation Process drop-down list, select the ABot skill you want to run.
Click Launch.
In the window that opens, enter the information in the required fields.
Click Apply

To run an ABot using a template

Open a new request form.
From the template drop-down, select the template for the ABot skill you want to run.
Enter the information in the required fields.
Click Apply.

You can access a record for each process run by ABots in Settings > Automate Joe > Process Monitor.

Parameter Mapping

Each skill has it's own parameter mapping that needs to be set up in the workflow template that you want to run the skill. To set up the template, see the Setup the templates section above.

For any of the parameters

Select if you want the parameter to be populated from an SR field, an action item field, credential set, Automate Joe agent, group field, or a manual Velocity command.
In the Set Value column, select a field, or type input with the variable name of the field you want to populate.
Select Get Text if you want to output the field value's caption instead of the its key.
Click OK.

Naming Convention Parameters

Naming convention parameters allow you to select how various email addresses, user names, and names are generated. If non of the available conventions meet the needs for a user you want to create, you can customize the convention for that user.

See the table below for the full list of available conventions for each parameter and further details on how to enter a custom convention.

To enter a naming convention

Select Manual in the Data Source column.
Enter the number corresponding to the naming convention you want to use. See the table below for reference.
(Optional) To create a custom template:
1. Duplicate the template for this instance.
2. Open the Parameter Mapping for the new duplicate template you just created.
3. Enter 99 in the naming convention field.
4. Enter the exact name as you want it to be created in the field for that parameter. See the table below for reference.

To better understand the parameters for each skill, see the reference tables below that detail the mandatory parameters that must be populated for each skill.

Create a User

Parameter	Description
Required Parameters
Execution Agent - Windows	The Windows agent that the ABot uses to run the process.
Execution Credentials - Windows	The credentials set to access the service on which you the ABot will execute the automated process.
Execution Agent - REST	The REST agent that the ABot uses to run the process.
Active Directory - Domain	Your active directory domain
First name	The field that contains the first name of the user created by this process.
Last name	The field that contains the last name of the user created by this process.
User common name convention	The format for the user common name for the new user in Active Directory. Select Manual in the Data Source column and enter the number corresponding to the naming convention you want to use. If the field is left blank, the ABot uses the first naming convention by default. 1 - {first_name}.{last_name} - for example: “Jennifer.Wilson” 2 - {last_name}.{first_name} - for example: “Wilson.Jennifer” 3 - {initial_first_name}{last_name} - for example: “JWilson” 4 - {initial_last_name}{first_name} - for example: “WJennifer” 5 - {3_initials_firstname}{3_initials_last_name} - for example: “JenWil” 6 - {user_name_prefix}{employee_id} - for example: “Emp381” For a custom convention enter 99 in this field and enter the user common name in the format you want in the Username field.
User display name convention	The format for the user display name for the new user in Active Directory. Select Manual in the Data Source column and enter the number corresponding to the naming convention you want to use. If the field is left blank, the ABot uses the first naming convention by default. 1 - {first_name} {last_name} - for example: “Jennifer Wilson” 2 - {last_name}, {first_name} - for example: “Wilson, Jennifer” 3 - {first_name} {middle_name} {last_name} - for example: “Jennifer Rebbecca Wilson” 4 - {first_name} {first_initial_middle_name} {last_name} - for example: “Jennifer R Wilson” For a custom convention enter 99 in this field and enter the display name in the format you want in the Display name field.
Email convention	The format of the email address for the new user in Active Directory. Select Manual in the Data Source column and enter the number corresponding to the naming convention you want to use. If the field is left blank, the ABot uses the first naming convention by default. 1 - {first_name}.{last_name}@{email_domain} - for example: “Jennifer.Wilson@Acme.com” 2 - {last_name}.{first_name}@{email_domain} - for example: “Wilson.Jennifer@Acme.com” 3 - {initial_first_name}{last_name}@{email_domain} - for example: “JWilson@Acme.com” 4 - {initial_last_name}{first_name}@{email_domain} - for example: “WJennifer@Acme.com” 5 - {3_initials_firstname}{3_initials_last_name}@{email_domain} - for example: “JenWil@Acme.com” 6 - {user_name_prefix}{employee_id}@{email_domain} - for example: “Emp381@Acme.com” For a custom convention enter 99 in this field and enter the email address in the format you want in the Email address field.
User Principal Name Convention	The format for the user principal name for the new user in Active Directory. Select Manual in the Data Source column and enter the number corresponding to the naming convention you want to use. If the field is left blank, the ABot uses the first naming convention by default. 1 - {first_name}.{last_name}@{ad_domain} - for example: “Jennifer.Wilson@Acme.com” 2 - {last_name}.{first_name}@{ad_domain} - for example: “Wilson.Jennifer@Acme.com” 3 - {initial_first_name}{last_name}@{ad_domain} - for example: “JWilson@Acme.com” 4 - {initial_last_name}{first_name}@{ad_domain} - for example: “WJennifer@Acme.com” 5 - {3_initials_firstname}{3_initials_last_name}@{ad_domain} - for example: “JenWil@Acme.com” 6 - {user_name_prefix}{employee_id}@{ad_domain} - for example: “Emp381@Acme.com” For a custom convention enter 99 in this field and enter the user principle name in the format you want in the Username field. The principle name will be this name along with the name you entered in the 'Active Directory - Domain' field.
SamAccountName Convention	The format for the SamAccountName for the new user in Active Directory. Select Manual in the Data Source column and enter the number corresponding to the naming convention you want to use. If the field is left blank, the ABot uses the first naming convention by default. 1 - {first_name}.{last_name} - for example: “Jennifer.Wilson” 2 - {last_name}.{first_name} - for example: “Wilson.Jennifer” 3 - {initial_first_name}{last_name} - for example: “JWilson” 4 - {initial_last_name}{first_name} - for example: “WJennifer” 5 - {3_initials_firstname}{3_initials_last_name} - for example: “JenWil” 6 - {user_name_prefix}{employee_id} - for example: “Emp381 For a custom convention enter 99 in this field and enter the SamAccount name in the format you want in the Username field.
Enabled (1/0)	Determines if the new user is enabled in SysAid. 0 - No 1 - Yes
Output parameters
Process exit code	Code that displays the result of the process run by the ABot. 0 - The process was successfully executed 1 - The process failed Select the field you where you want this information displayed.
Process last message	Message that states if the process was successful or not. Select the field you where you want this information displayed.
Created username	The username created for the new user in the Active Directory. Select the field you where you want this information displayed.
Created display name	The display name created for the new user in the Active Directory. Select the field you where you want this information displayed.
Created initial password	The value of the custom field that contains the initial password for the new user. Select the field you where you want this information displayed.
Created object guid	The unique reference ID for the new user in the Active Directory. Select the field you where you want this information displayed.

Create and Clone a User

Parameter	Description
Required Parameters
Execution Agent - Windows	The Windows agent that the ABot uses to run the process.
Execution Credentials - Windows	The credentials set to access the service on which you the ABot will execute the automated process.
Execution Agent - REST	The REST agent that the ABot uses to run the process.
Active Directory - Domain	Your active directory domain
First name	The field that contains the first name of the user created by this process.
Last name	The field that contains the last name of the user created by this process.
Clone from user	The field that contains the Active Directory user you want to clone for this process.
User common name convention	The format for the user common name for the new user in Active Directory. Select Manual in the Data Source column and enter the number corresponding to the naming convention you want to use. If the field is left blank, the ABot uses the first naming convention by default. 1 - {first_name}.{last_name} - for example: “Jennifer.Wilson” 2 - {last_name}.{first_name} - for example: “Wilson.Jennifer” 3 - {initial_first_name}{last_name} - for example: “JWilson” 4 - {initial_last_name}{first_name} - for example: “WJennifer” 5 - {3_initials_firstname}{3_initials_last_name} - for example: “JenWil” 6 - {user_name_prefix}{employee_id} - for example: “Emp381” For a custom convention enter 99 in this field and enter the user common name in the format you want in the Username field.
User display name convention	The format for the user display name for the new user in Active Directory. Select Manual in the Data Source column and enter the number corresponding to the naming convention you want to use. If the field is left blank, the ABot uses the first naming convention by default. 1 - {first_name} {last_name} - for example: “Jennifer Wilson” 2 - {last_name}, {first_name} - for example: “Wilson, Jennifer” 3 - {first_name} {middle_name} {last_name} - for example: “Jennifer Rebbecca Wilson” 4 - {first_name} {first_initial_middle_name} {last_name} - for example: “Jennifer R Wilson” For a custom convention enter 99 in this field and enter the display name in the format you want in the Display name field.
Email address convention	The format of the email address for the new user in Active Directory. Select Manual in the Data Source column and enter the number corresponding to the naming convention you want to use. If the field is left blank, the ABot uses the first naming convention by default. 1 - {first_name}.{last_name}@{email_domain} - for example: “Jennifer.Wilson@Acme.com” 2 - {last_name}.{first_name}@{email_domain} - for example: “Wilson.Jennifer@Acme.com” 3 - {initial_first_name}{last_name}@{email_domain} - for example: “JWilson@Acme.com” 4 - {initial_last_name}{first_name}@{email_domain} - for example: “WJennifer@Acme.com” 5 - {3_initials_firstname}{3_initials_last_name}@{email_domain} - for example: “JenWil@Acme.com” 6 - {user_name_prefix}{employee_id}@{email_domain} - for example: “Emp381@Acme.com” For a custom convention enter 99 in this field and enter the email address in the format you want in the Email address field.
User Principal Name Convention	The format for the user principal name for the new user in Active Directory. Select Manual in the Data Source column and enter the number corresponding to the naming convention you want to use. If the field is left blank, the ABot uses the first naming convention by default. 1 - {first_name}.{last_name}@{ad_domain} - for example: “Jennifer.Wilson@Acme.com” 2 - {last_name}.{first_name}@{ad_domain} - for example: “Wilson.Jennifer@Acme.com” 3 - {initial_first_name}{last_name}@{ad_domain} - for example: “JWilson@Acme.com” 4 - {initial_last_name}{first_name}@{ad_domain} - for example: “WJennifer@Acme.com” 5 - {3_initials_firstname}{3_initials_last_name}@{ad_domain} - for example: “JenWil@Acme.com” 6 - {user_name_prefix}{employee_id}@{ad_domain} - for example: “Emp381@Acme.com” For a custom convention enter 99 in this field and enter the user principle name in the format you want in the Username field. The principle name will be this name along with the name you entered in the 'Active Directory - Domain' field.
User SamAccountName Convention	The format for the SamAccountName for the new user in Active Directory. Select Manual in the Data Source column and enter the number corresponding to the naming convention you want to use. If the field is left blank, the ABot uses the first naming convention by default. 1 - {first_name}.{last_name} - for example: “Jennifer.Wilson” 2 - {last_name}.{first_name} - for example: “Wilson.Jennifer” 3 - {initial_first_name}{last_name} - for example: “JWilson” 4 - {initial_last_name}{first_name} - for example: “WJennifer” 5 - {3_initials_firstname}{3_initials_last_name} - for example: “JenWil” 6 - {user_name_prefix}{employee_id} - for example: “Emp381 For a custom convention enter 99 in this field and enter the SamAccount name in the format you want in the Username field.
Enable user(1/0)	Determines if the new user is enabled in SysAid. 0 - No 1 - Yes
Job title	The field that contains the job title of the user created by this process.
Output parameters
Process exit code	Code that displays the result of the process run by the ABot. 0 - The process was successfully executed 1 - The process failed Select the field you where you want this information displayed.
Process last message	Message that states if the process was successful or not. Select the field you where you want this information displayed.
Created username	The username created for the new user in the Active Directory. Select the field you where you want this information displayed.
Created display name	The display name created for the new user in the Active Directory. Select the field you where you want this information displayed.
Created initial password	The value of the custom field that contains the initial password for the new user. Select the field you where you want this information displayed.
Created object guid	The unique reference ID for the new user in the Active Directory. Select the field you where you want this information displayed.

Disable a User

Parameter	Description
Required Parameters
Execution Agent - Windows	The Windows agent that the ABot uses to run the process.
Execution Credentials - Windows	The credentials set to access the service on which you the ABot will execute the automated process.
Execution Agent - REST	The REST agent that the ABot uses to run the process.
User to disable	The field that contains the Active Directory user disabled by this process.
Output parameters
Process exit code	Code that displays the result of the process run by the ABot. 0 - The process was successfully executed 1 - The process failed Select the field you where you want this information displayed.
Process last message	Message that states if the process was successful or not. Select the field you where you want this information displayed.

Remove a user

Parameter	Description
Required Parameters
Execution Agent - Windows	The Windows agent that the ABot uses to run the process.
Execution Credentials - Windows	The credentials set to access the service on which you the ABot will execute the automated process.
Execution Agent - REST	The REST agent that the ABot uses to run the process.
Users to remove	The field that contains the Active Directory user removed by this process.
Organizational Unit	The field that contains the OUs that you want to move the users to.
Output parameters
Process exit code	Code that displays the result of the process run by the ABot. 0 - The process was successfully executed 1 - The process failed Select the field you where you want this information displayed.
Process last message	Message that states if the process was successful or not. Select the field you where you want this information displayed.

Other ABots

For information about other available ABots, see any of the following help pages:

What's Next

ABots - Azure User Management -On/Offboarding

Table of contents

Skills Included
Prerequisites
Import Skills
Setup the Templates
Using the ABot
Parameter Mapping
Other ABots