Powershell Custom Activity Write into AD

Hello,

I am looking to create a custom activity that can allow user to update certain custom attributes in Active Directory.

Inside the SDK documentation, I have noticed a UserAccountInfo class and AttributeInfo class.

Please enlighten me on how can I utilize them in custom activity.

Thank you

  • How you use these classes depend on what you want to do.

    If you pipe them to Get-Member, you will get a list of attributes and methods.

    Be use to also check out the $workflow object. It has some very useful methods and attributes.

    For example, $workflow.Userinfo.AccountInfo.Mail gives you the email address of the initiator of the Workflow.

    Terrance C

    Social Media and Community Professional
    #iWork4OneIdentity

  • In reply to Terrance.Crombie:

    Hi Terrance,

    Thank you for the suggestion.

    Currently I have wrote this in the custom activity

    function PostLoad($workflow, $activity)
    {
        #Edit this list to specify additional attributes that can contain phone numbers
        $ATTRS = [string[]] ("mobile", "mail")

        #Obtain user's AD Attributes' Values
        $user = $global.GetUserById($workflow.UserInfo.Domain, $workflow.UserInfo.Id, $ATTRS)

        if ($user -eq $null) {
            $workflow.CriticalError([QPM.Common.Scenarios.WorkflowErrorCode]::SystemError, "User not found")
        } else {
            #Populate textboxes with retrieved values
            $i = 0

            $ATTRS | %{
                $num = $user[$_]
                #retrieve and output attributes into individual textbox
                $num = $num.ToString()
                $activity.RunTime.Controls["elementID_$i"].Value = $num
                $i = $i + 1
            }
            if ($i -eq 0) {
                #No phone numbers could be used for authentication
                $workflow.CriticalError([QPM.Common.Scenarios.WorkflowErrorCode]::PhoneAuthenticationPhoneNumbersNotSet)
            }
        }
    }
    function PreExecuting($workflow, $activity)
    {
        #Add code to be executed after activity UI is shown, but before activity main part is executed here
        $workflow.UserInfo.AccountInfo.mobile = $activity.RunTime.Controls["elementID_0"].Value
        $workflow.UserInfo.AccountInfo.Mail = $activity.RunTime.Controls["elementID_1"].Value

    }

    I am able to retrieve the AD attribute's value:
    $activity.RunTime.Controls["elementID_$i"].Value = $workflow.UserInfo.AccountInfo.Mail

    But I am not able to update a new value into the AD attribute after I press "Next" in the GUI.

    this is the syntax I have used as shown in the above code: $workflow.UserInfo.AccountInfo.Mail = $activity.RunTime.Controls["elementID_1"].Value

    Will you be able to assist?

  • Thank you the reply.

    Have managed to update the attributes in AD by using the native powershell commands.

    Get-ADUser and Set-ADUser with correct parameters will be able to update the attributes in AD.
    (Do note that to user the commands, AD and ADLDS Tools feature is required to be installed on the instance which Password Manager is installed on)