Integrating LDAP and Workflow for Common Account Actions

All day this past Friday I was trying to get either the Active Directory components or the LDAP generated components to return some usable information on whether an account was locked out.  The only results I was able to get back was what I can only guess is some sort of riddle.

System.__ComObject

So, turns out that the solution for converting that into usable data was going to require way more effort than I was willing to give it, so I figured I may as well use my time for something more useful, like starting to learn C#.

The result of 2 days’ worth of effort finally paid off, and I’m able to pull a readable, usable value for an account’s lockout status.  I’m also able to set a password and unlock that account pretty easily.  Here’s some info on how to do it.


The Code (Script) Component

I’ve always shied away from this component, as I’m not and have never been a coder.  By the end of the day on Friday, however, it was starting to feel like I may not be able to find another way to accomplish the directive “find out if an account is locked in AD”.  So here we go!

2015-01-12_16-53-01

Search the toolbox for “code” and you’ll see some results in the “Unloaded Libraries” section.  Expand that folder, then expand the Scripting directory, and simply click on one of the Code components there to load in the library.

Pull the “Code (Script) Component” out onto the Workflow canvas.

For my test, I gave the component a simple Text input and a Text output.

2015-01-12_14-57-21

2015-01-12_14-57-34

Then, on the third page of the script wizard, select C# from the dropdown at the top, and punch in some code.  Note also that I’ve added the System.DirectorySevices.AccountManagement namespace to the top list.  Edit out whatever actions you don’t intend to apply to the account, and leave in the ones you do.  If you intend to perform an action against an account and you remove the “return” line, go back to page 2 and remove the output variable as well.

2015-01-12_14-58-44
Notice that the “Input parameters” field shows the input variable we configured during step 1. This input variable is referenced without quotes on the “UserPrincipal” line.

Code for copy/paste:


PrincipalContext ctx = new PrincipalContext(ContextType.Domain,
"intuitive.cb",
"CN=Users,DC=intuitive,DC=cb",
"andrewtest",
"Password1234$");
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, UnlockUser);

user.SetPassword("Password1234$!@"); //this'll set a password
user.UnlockAccount(); //this will unlock a user account
bool isLockedOut = user.IsAccountLockedOut(); //account lock status
return isLockedOut.ToString(); //write the status to the result as a string

Finally, on step 4, we can test the code with an input value.

2015-01-12_14-59-22

Downstream from this component, we can see any output values that were configured in the code component.

2015-01-12_17-13-14


It should be noted that I just started trying to figure out C# last Friday, so there’s no error handling going on in the code I’m using.  I imagine that as my knowledge of the language improves, I’ll return to this post to update the scripts.  As such, however, the code does seem to work.


Featured Components

Code (Script) Component


One thought on “Integrating LDAP and Workflow for Common Account Actions

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s