ABots - Active Directory User Management - On\Offboarding
    • 18 Oct 2022
    • PDF

    ABots - Active Directory User Management - On\Offboarding

    • PDF

    Article summary

    Once configured, the Active Directory User Management - On\Offboarding ABot can automatically run user management processes in your active directory in response to workflow tickets opened in SysAid. This saves time and for both the IT admin and the employee who needs the update in the active directory.

    Skills Included

    The Active Directory User Management - On\Offboarding ABot includes the following skills:

    • Create a User - Creates a user in the active directory
    • Create and clone a user - Clones an existing user in the Active Directory to create a new user.
    • Disable a User - Disables a user in the active directory
    • Remove a user - Removes a user from the active directory

    Prerequisites

    • Before you setup this ABot, ensure that your ABots platform is up and running. See the SysAid ABot Guide for details.
    • For any Active Directory ABot, ensure that you have the Active Directory module for PowerShell installed.
    • Create a dedicated user in Active Directory to run your ABots. 
      • Add the user to the "Users" container only in Active Directory. 
      • Provision the user with "Domain Admin" permissions that allows the user to run actions as processes.

    Import Skills

    1. On the main My Apps page, in the Active Directory User Management - On\Offboarding ABot's icon, click .
    2. Click the slider.
    3. Click Import ABot Skills.
       The skills are imported in the background.

    Setup the Templates

    Each skill that you import includes a built-in template, ready to launch the automated process when a ticket is submitted. To set up the template you need to select values in all of the mandatory parameter mapping fields. Each skill has a different set of fields that are detailed below, but all require the relevant credentials. The credentials you select must have access to the machine that you want to run the automated process from and the machine must have access to all of the relevant agents. See the ABot guide for information on how to prepare credentials so they can be selected in the parameter mapping for a skill.
     
    You also will want to ensure that the template is available in the Automation panel so that the skill can be run from within another ticket.

    To set up a template

    1. In Settings > Service Desk Templates, locate the new template. It will have the same name as the imported skill.
    2. Open the template.
    3. In the Request Details tab, ensure that the Visible in automation panel check box is selected.
    4. In the Launch ABot workflow tab, click . There may be a delay in loading the Parameter Mapping fields.
    5. Select the fields you want for parameter mapping. See the Parameter mapping section for explanations of each field and which fields are mandatory for each skill.
    6. Click OK.

    Using the ABot

    Once the ABot skills have been imported, and the templates have been set up, admins and end-users can easily use the ABot's skills to initialize and automatically run the common tasks. 

    To add an ABot process from any ticket

    1. In the ticket form, click Automations.
    2. From the Select an Automation Process drop-down list, select the ABot skill you want to run.
    3. Click Launch.
    4. In the window that opens, enter the information in the required fields.
    5. Click Apply

    To run an ABot using a template

    1. Open a new request form.
    2. From the template drop-down, select the template for the ABot skill you want to run.
    3. Enter the information in the required fields.
    4. Click Apply.

    You can access a record for each process run by ABots in Settings > Automate Joe > Process Monitor.

    Parameter Mapping

    Each skill has it's own parameter mapping that needs to be set up in the workflow template that you want to run the skill. To set up the template, see the Setup the templates section above.

    For any of the parameters

    1. Select if you want the parameter to be populated from an SR field, an action item field, credential set, Automate Joe agent, group field, or a manual Velocity command.
    2. In the Set Value column, select a field, or type input with the variable name of the field you want to populate.
    3. Select Get Text if you want to output the field value's caption instead of the its key.
    4. Click OK.

    Naming Convention Parameters

    Naming convention parameters allow you to select how various email addresses, user names, and names are generated. If non of the available conventions meet the needs for a user you want to create, you can customize the convention for that user. 

    See the table below for the full list of available conventions for each parameter and further details on how to enter a custom convention.

    To enter a naming convention

    1. Select Manual in the Data Source column.
    2. Enter the number corresponding to the naming convention you want to use. See the table below for reference.
    3. (Optional) To create a custom template:
      1. Duplicate the template for this instance.
      2. Open the Parameter Mapping for the new duplicate template you just created.
      3. Enter 99 in the naming convention field.
      4. Enter the exact name as you want it to be created in the field for that parameter. See the table below for reference.

    To better understand the parameters for each skill, see the reference tables below that detail the mandatory parameters that must be populated for each skill.

    Create a User

    ParameterDescription

    Required Parameters

    Execution Agent - Windows

    The Windows agent that the ABot uses to run the process.

    Execution Credentials - Windows

    The credentials set to access the service on which you the ABot will execute the automated process.

    Execution Agent - REST

    The REST agent that the ABot uses to run the process.

    Active Directory - Domain

    Your active directory domain

    First name

    The field that contains the first name of the user created by this process.

    Last name

    The field that contains the last name of the user created by this process.

    User common name convention

    The format for the user common name for the new user in Active Directory.

    Select Manual in the Data Source column and enter the number corresponding to the naming convention you want to use.

    If the field is left blank, the ABot uses the first naming convention by default.

    1 - {first_name}.{last_name} - for example: “Jennifer.Wilson”

    2 - {last_name}.{first_name} - for example: “Wilson.Jennifer”

    3 - {initial_first_name}{last_name} - for example: “JWilson”

    4 - {initial_last_name}{first_name} - for example: “WJennifer”

    5 - {3_initials_firstname}{3_initials_last_name} - for example: “JenWil”

    6 - {user_name_prefix}{employee_id} - for example: “Emp381”

    For a custom convention enter 99 in this field and enter the user common name in the format you want in the Username field.

    User display name convention

    The format for the user display name for the new user in Active Directory.

    Select Manual in the Data Source column and enter the number corresponding to the naming convention you want to use.

    If the field is left blank, the ABot uses the first naming convention by default.

    1 - {first_name} {last_name} - for example: “Jennifer Wilson”

    2 - {last_name}, {first_name} - for example: “Wilson, Jennifer”

    3 - {first_name} {middle_name} {last_name} - for example: “Jennifer Rebbecca Wilson”

    4 - {first_name} {first_initial_middle_name} {last_name} - for example: “Jennifer R Wilson”

    For a custom convention enter 99 in this field and enter the display name in the format you want in the Display name field.

    Email convention

    The format of the email address for the new user in Active Directory.

    Select Manual in the Data Source column and enter the number corresponding to the naming convention you want to use.

    If the field is left blank, the ABot uses the first naming convention by default.

    1 - {first_name}.{last_name}@{email_domain} - for example: “Jennifer.Wilson@Acme.com”

    2 - {last_name}.{first_name}@{email_domain} - for example: “Wilson.Jennifer@Acme.com”

    3 - {initial_first_name}{last_name}@{email_domain} - for example: “JWilson@Acme.com”

    4 - {initial_last_name}{first_name}@{email_domain} - for example: “WJennifer@Acme.com”

    5 - {3_initials_firstname}{3_initials_last_name}@{email_domain} - for example: “JenWil@Acme.com”

    6 - {user_name_prefix}{employee_id}@{email_domain} - for example: “Emp381@Acme.com”

    For a custom convention enter 99 in this field and enter the email address in the format you want in the Email address field.

    User Principal Name Convention

    The format for the user principal name for the new user in Active Directory.

    Select Manual in the Data Source column and enter the number corresponding to the naming convention you want to use.

    If the field is left blank, the ABot uses the first naming convention by default.

    1 - {first_name}.{last_name}@{ad_domain} - for example: “Jennifer.Wilson@Acme.com”

    2 - {last_name}.{first_name}@{ad_domain} - for example: “Wilson.Jennifer@Acme.com”

    3 - {initial_first_name}{last_name}@{ad_domain} - for example: “JWilson@Acme.com”

    4 - {initial_last_name}{first_name}@{ad_domain} - for example: “WJennifer@Acme.com”

    5 - {3_initials_firstname}{3_initials_last_name}@{ad_domain} - for example: “JenWil@Acme.com”

    6 - {user_name_prefix}{employee_id}@{ad_domain} - for example: “Emp381@Acme.com”

    For a custom convention enter 99 in this field and enter the user principle name in the format you want in the Username field. The principle name will be this name along with the name you entered in the 'Active Directory - Domain' field.

    SamAccountName Convention

    The format for the SamAccountName for the new user in Active Directory.

    Select Manual in the Data Source column and enter the number corresponding to the naming convention you want to use.

    If the field is left blank, the ABot uses the first naming convention by default.

    1 - {first_name}.{last_name} - for example: “Jennifer.Wilson”

    2 - {last_name}.{first_name} - for example: “Wilson.Jennifer”

    3 - {initial_first_name}{last_name} - for example: “JWilson”

    4 - {initial_last_name}{first_name} - for example: “WJennifer”

    5 - {3_initials_firstname}{3_initials_last_name} - for example: “JenWil”

    6 - {user_name_prefix}{employee_id} - for example: “Emp381

    For a custom convention enter 99 in this field and enter the SamAccount name in the format you want in the Username field.

    Enabled (1/0)

    Determines if the new user is enabled in SysAid.
     
     0 - No
     1 - Yes

    Output parameters

    Process exit code

    Code that displays the result of the process run by the ABot.
     
     0 - The process was successfully executed
     1 - The process failed

    Select the field you where you want this information displayed.

    Process last message

    Message that states if the process was successful or not.

    Select the field you where you want this information displayed.

    Created username

    The username created for the new user in the Active Directory.

    Select the field you where you want this information displayed.

    Created display name

    The display name created for the new user in the Active Directory.

    Select the field you where you want this information displayed.

    Created initial password

    The value of the custom field that contains the initial password for the new user.

    Select the field you where you want this information displayed.

    Created object guid

    The unique reference ID for the new user in the Active Directory.

    Select the field you where you want this information displayed.

    Create and Clone a User

    ParameterDescription

    Required Parameters

    Execution Agent - Windows

    The Windows agent that the ABot uses to run the process.

    Execution Credentials - Windows

    The credentials set to access the service on which you the ABot will execute the automated process.

    Execution Agent - REST

    The REST agent that the ABot uses to run the process.

    Active Directory - Domain

    Your active directory domain

    First name

    The field that contains the first name of the user created by this process.

    Last name

    The field that contains the last name of the user created by this process.

    Clone from user

    The field that contains the Active Directory user you want to clone for this process.

    User common name convention

    The format for the user common name for the new user in Active Directory.

    Select Manual in the Data Source column and enter the number corresponding to the naming convention you want to use.

    If the field is left blank, the ABot uses the first naming convention by default.

    1 - {first_name}.{last_name} - for example: “Jennifer.Wilson”

    2 - {last_name}.{first_name} - for example: “Wilson.Jennifer”

    3 - {initial_first_name}{last_name} - for example: “JWilson”

    4 - {initial_last_name}{first_name} - for example: “WJennifer”

    5 - {3_initials_firstname}{3_initials_last_name} - for example: “JenWil”

    6 - {user_name_prefix}{employee_id} - for example: “Emp381”

    For a custom convention enter 99 in this field and enter the user common name in the format you want in the Username field.

    User display name convention

    The format for the user display name for the new user in Active Directory.

    Select Manual in the Data Source column and enter the number corresponding to the naming convention you want to use.

    If the field is left blank, the ABot uses the first naming convention by default.

    1 - {first_name} {last_name} - for example: “Jennifer Wilson”

    2 - {last_name}, {first_name} - for example: “Wilson, Jennifer”

    3 - {first_name} {middle_name} {last_name} - for example: “Jennifer Rebbecca Wilson”

    4 - {first_name} {first_initial_middle_name} {last_name} - for example: “Jennifer R Wilson”

    For a custom convention enter 99 in this field and enter the display name in the format you want in the Display name field.

    Email address convention

    The format of the email address for the new user in Active Directory.

    Select Manual in the Data Source column and enter the number corresponding to the naming convention you want to use.

    If the field is left blank, the ABot uses the first naming convention by default.

    1 - {first_name}.{last_name}@{email_domain} - for example: “Jennifer.Wilson@Acme.com”

    2 - {last_name}.{first_name}@{email_domain} - for example: “Wilson.Jennifer@Acme.com”

    3 - {initial_first_name}{last_name}@{email_domain} - for example: “JWilson@Acme.com”

    4 - {initial_last_name}{first_name}@{email_domain} - for example: “WJennifer@Acme.com”

    5 - {3_initials_firstname}{3_initials_last_name}@{email_domain} - for example: “JenWil@Acme.com”

    6 - {user_name_prefix}{employee_id}@{email_domain} - for example: “Emp381@Acme.com”

    For a custom convention enter 99 in this field and enter the email address in the format you want in the Email address field.

    User Principal Name Convention

    The format for the user principal name for the new user in Active Directory.

    Select Manual in the Data Source column and enter the number corresponding to the naming convention you want to use.

    If the field is left blank, the ABot uses the first naming convention by default.

    1 - {first_name}.{last_name}@{ad_domain} - for example: “Jennifer.Wilson@Acme.com”

    2 - {last_name}.{first_name}@{ad_domain} - for example: “Wilson.Jennifer@Acme.com”

    3 - {initial_first_name}{last_name}@{ad_domain} - for example: “JWilson@Acme.com”

    4 - {initial_last_name}{first_name}@{ad_domain} - for example: “WJennifer@Acme.com”

    5 - {3_initials_firstname}{3_initials_last_name}@{ad_domain} - for example: “JenWil@Acme.com”

    6 - {user_name_prefix}{employee_id}@{ad_domain} - for example: “Emp381@Acme.com”

    For a custom convention enter 99 in this field and enter the user principle name in the format you want in the Username field. The principle name will be this name along with the name you entered in the 'Active Directory - Domain' field.

    User SamAccountName Convention

    The format for the SamAccountName for the new user in Active Directory.

    Select Manual in the Data Source column and enter the number corresponding to the naming convention you want to use.

    If the field is left blank, the ABot uses the first naming convention by default.

    1 - {first_name}.{last_name} - for example: “Jennifer.Wilson”

    2 - {last_name}.{first_name} - for example: “Wilson.Jennifer”

    3 - {initial_first_name}{last_name} - for example: “JWilson”

    4 - {initial_last_name}{first_name} - for example: “WJennifer”

    5 - {3_initials_firstname}{3_initials_last_name} - for example: “JenWil”

    6 - {user_name_prefix}{employee_id} - for example: “Emp381

    For a custom convention enter 99 in this field and enter the SamAccount name in the format you want in the Username field.

    Enable user(1/0)

    Determines if the new user is enabled in SysAid.
     
     0 - No
     1 - Yes

    Job title

    The field that contains the job title of the user created by this process.

    Output parameters

    Process exit code

    Code that displays the result of the process run by the ABot.

     0 - The process was successfully executed
     1 - The process failed

    Select the field you where you want this information displayed.

    Process last message

    Message that states if the process was successful or not.

    Select the field you where you want this information displayed.

    Created username

    The username created for the new user in the Active Directory.

    Select the field you where you want this information displayed.

    Created display name

    The display name created for the new user in the Active Directory.

    Select the field you where you want this information displayed.

    Created initial password

    The value of the custom field that contains the initial password for the new user.

    Select the field you where you want this information displayed.

    Created object guid

    The unique reference ID for the new user in the Active Directory.

    Select the field you where you want this information displayed.

    Disable a User

    ParameterDescription

    Required Parameters

    Execution Agent - Windows

    The Windows agent that the ABot uses to run the process.

    Execution Credentials - Windows

    The credentials set to access the service on which you the ABot will execute the automated process.

    Execution Agent - REST

    The REST agent that the ABot uses to run the process.

    User to disable

    The field that contains the Active Directory user disabled by this process.

    Output parameters

    Process exit code

    Code that displays the result of the process run by the ABot.
     
     0 - The process was successfully executed
     1 - The process failed

    Select the field you where you want this information displayed.

    Process last message

    Message that states if the process was successful or not.

    Select the field you where you want this information displayed.

    Remove a user 

    ParameterDescription

    Required Parameters

    Execution Agent - Windows

    The Windows agent that the ABot uses to run the process.

    Execution Credentials - Windows

    The credentials set to access the service on which you the ABot will execute the automated process.

    Execution Agent - REST

    The REST agent that the ABot uses to run the process.

    Users to remove

    The field that contains the Active Directory user removed by this process.

    Organizational Unit

    The field that contains the OUs that you want to move the users to.

    Output parameters

    Process exit code

    Code that displays the result of the process run by the ABot.
     
     0 - The process was successfully executed
     1 - The process failed

    Select the field you where you want this information displayed.

    Process last message

    Message that states if the process was successful or not.

    Select the field you where you want this information displayed.

    Other ABots

    For information about other available ABots, see any of the following help pages: