Manage users
The action is used to create and edit domain users in Active Directory.
In order for the action to be executed, activate the modification of objects under Active Directory Actions Configuration and configure the connection parameters for the action to be authorized.
The action's configuration window has two tabs: General and Properties.
General
The tab allows you to manage an AD domain account.
1. Select operation
Select the operation to be performed on the domain account:
- Edit user,
- Create user,
- Delete user.
The selected operation type determines the availability of other fields of the tab.
2. User password
The section allows you to Change the password for an AD domain account in the case of editing a user, and to Set default password or Save generated password in one of the process form fields when a new user is added.
If you create a user and fail to check the option Set default password, the relevant password will be generated automatically.
3. Account data
Data of the domain account in the context of which the action will be executed:
- User login – account name, format: domain\Username,
- Organizational unit DN – organizational unit in which the account is created, format: domain\Organizationalunitname...,
- Common name – display name of the created account.
Sample parameters of an AD domain account:
- User login: WEBCON\j.smith
- Organizational unit DN: OU=Board,DC=webcon,DC=en
- Common name: John Smith
4. Account availability
Define whether, as a result of the action, the account availability will remain Unchanged, or the account will be Locked or Unlocked.
5. Synchronization mode
After updating user or group data, it is necessary to carry out an independent synchronization operation. Data synchronization may take up to a few seconds, and the user’s data will not be available in the system until it is complete.
Available synchronization modes:
- Synchronously – wait until synchronization finished – the action will be considered complete after user data is synchronized. It is recommended to use this mode when there are sequential actions after this one that will need the updated data.
This mode will cause the user data to be added or updated outside of the transaction in which a sequence of actions are executed. If one of the sequential actions in the transaction returns an error, the withdrawal of the transaction will not cause user data changes to be reversed. Updated user data will remain in the system. - Asynchronously – do not wait until synchronization finished – the action will invoke a user synchronization but will not wait for it to complete. The synchronization will be carried out as the last operation after the transaction completes successfully. If one of the sequential actions in the transaction returns an error, the withdrawal of the transaction will also cause user data to not be entered into the system.
6. Variables editor
Dynamically generated tree containing all variables that may be used in the current location of Designer Studio. Information on how to use variables in WEBCON BPS, as well as a list of variables can be found here.
Properties
The tab allows you to edit the properties of the domain account.
When the box Edit user data is checked, the window displays a table that contains the user Property names and their equivalents in the form of Active Directory attributes (Active Directory code), as well as a New value column where you should enter the ID of the form field that will be a new domain user's property.
A description of additional Active Directory attributes can be found in the article Using the "Domain users" data source on our technical blog.