Sample Workflow – Create User Account in ActiveDirectory
This example shows how a new Active Directory User Account can be created as part of a machine’s provisioning process. For example a breakglass account etc.
The solution contains the following files:
- ClearAsCloud.ActiveDirectory.Activities.dll – this contains the actual C# code in which to create a new user (I added group aswell) into ActiveDirectory. This file needs to be loaded into the repository using the CloudUtil.exe command.
- CreateADUserWorkflow.xaml – the actual workflow that will run in the repository and will perform the required business logic, in this case take some incoming virtualmachine properties and use pass them to the custom activities.
- External-CreateADUserWorkflow.xml – this is the file that instructs the VCAC Application Server to run the CreateADUserWorkflow workflow. This needs to be added to the system.
Custom Code Activities
Custom code activities can be used to run c# code, instead of out of the box VCO, powershell etc. A code activity takes inputs like this:
Example input property:
[RequiredArgument]
public InArgument DataContext { get; set; }
ManagementModelEntities is the ODATA/RESTFul connection into the DCAC Database, this is created by default in the workflow and can be used within an activity to query or update the database.
The CreateUser Code Activity
//———————————————————————–
// This code is experimental only and not endorsed by VMware
//———————————————————————–
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Activities;
using System.DirectoryServices.AccountManagement;
namespace ClearAsCloud.ActiveDirectory.Activities
{
public sealed class CreateUser : CodeActivity
{
// Create the Input Arguments the Activity requires
[RequiredArgument]
public InArgument UserName { get; set; }
[RequiredArgument]
public OutArgument Password { get; set; }
[RequiredArgument]
public InArgument OrganisationalUnit { get; set; }
[RequiredArgument]
public InArgument Domain { get; set; }
// The main body of the code, this method is automatically created when a CodeActivity type is used in VisualStudio
protected override void Execute(CodeActivityContext context)
{
//Store the Workflow Input arguments as local variables
string user = context.GetValue(this.UserName);
string password = context.GetValue(this.Password);
string ou = context.GetValue(this.OrganisationalUnit);
string domain = context.GetValue(this.Domain);
//Execute DotNet 3.5 ActiveDirectory logic to create a new user
try
{
//Setup the Context
PrincipalContext adCtx = new PrincipalContext(ContextType.Domain, domain, ou);
//Find a user account in AD
UserPrincipal userPrincipal = ActiveDirectoryHelper.FindOne(new UserPrincipal(adCtx) { SamAccountName = user });
if (userPrincipal == null || string.IsNullOrEmpty(userPrincipal.SamAccountName))
{
userPrincipal = new UserPrincipal(adCtx, user, password, true);
ActiveDirectoryHelper.Create(userPrincipal);
}
}
catch (Exception ex)
{
throw new ApplicationException(string.Format(“Failed to create user {0}”, user) ,ex);
}
}
}
}
March 26, 2013 at 11:05 am
This is great. Thanks Tom very much for this great article.
The final piece of the puzzle is the External-CreateADUserWorkflow.xml file which needs to be added into DCAC Server\External Workflows\xmldb
The XML file tells the system when the workflow should be triggered
< plugin fullName="DynamicOps.External.RepositoryWorkflows.InvokeRepositoryWorkflow" priority="10" >
< MasterWFStateCriteria > MachineProvisioned < /MasterWFStateCriteria >
< MasterWFTypeFullNameCriteria >*< /MasterWFTypeFullNameCriteria >
< ExecuteWhen >PreActivityExecution< /ExecuteWhen >
< AssemblyPath >[ExternalWorkflowsDirectory]\DynamicOps.External.RepositoryWorkflows.dll< /AssemblyPath >
< AllPropertiesExist >
< Property >InsertUser< /Property >
< /AllPropertiesExist >
< WorkflowArguments >
< NameValue name="WorkflowName" > CreateADUserWorkflow< /NameValue >
< NameValue name="WorkflowTimeout" >01:00:00< /NameValue >
< NameValue name="FailureState" >UnprovisionMachine< /NameValue >
< /WorkflowArguments >
< /plugin >
(Remove the extra spaces in the XML elements)
This workflow will run if the Custom Property called InsertUser is available
Thanks Tom for teaching this to me.
LikeLike