Create AD User with Orchestrator by just using “Run .Net Script” activity and AD PowerShell module

I sometimes get the question if it is possible to use a PowerShell module in the out-of-the box activities in Orchestrator. The answer to the question is – yes off course. Just remember to deploy the module to every Runbook server that is going to run the Runbook that is using the module.

I will below show an example where I am creating an AD user by using the “Run .Net Script” activity in Orchestrator together with the “Active Directory module for Windows PowerShell” in Server 2008 R2.

This is a very easy Runbook that only will create an AD User.

Create AD User with Orchestrator by just using Run Net Script activity and AD PowerShell module1

The “Run .Net Script” activity looks like this.

Create AD User with Orchestrator by just using Run Net Script activity and AD PowerShell module2

Remember that the Runbook will execute under the Orchestrator Service account and therefore it will need rights to create the user, in this example. In the “Run .Net Scripts” activity it is not possible to execute the activity under an account other than the Runbook Service account.

Therefore I would recommend, when creating a user by PowerShell, to use an Orchestrator Integration Pack that can execute PowerShell with a user account that only have access to create AD users.

3 Responses to Create AD User with Orchestrator by just using “Run .Net Script” activity and AD PowerShell module

  1. Jérémy February 10, 2015 at 17:57 #

    Hello,

    First of all, sorry for my english :p
    i have troubles with Orchestrator. I want add an user to multiple groups. But I don’t want use the object “Get group” * the number of group.
    So I will use the object “Run .Net Script” with the language Powershell.

    I want to do a test with ONE group :

    Import-Module ActiveDirectory

    Add-ADGroupMember -Identity “Groupe 1” -Member “jparmage”

    jparmage is the samAccount.

    But my main problem is this error :

    The term ‘Add-ADGroupMember’ is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.

    I have the feature “Remote Server Administration Tools > Role Administration Tools > AD DS and AD LDS Tools > Active Directory Module for Windows Powershell” on my computer which using Runbook design and in my server which hosting System Center Orchestrator.
    I can create an user. My Runbook Designer is communicating with my AD…

    Can you help me please ?

    • Jonathan March 20, 2015 at 07:55 #

      Hi Jérémy,
      Not sure why you have a problem with this but can you try to connect to an other server and try to execute the command on.
      Ex. with “PSSession”.
      /Jonathan

      • Robert March 21, 2016 at 17:31 #

        try calling a separate PowerShell session from within the script.
        I don’t know if it is best practice but it works for me.

        i.e.
        $result = PowerShell {
        If (!(Get-Module ActiveDirectory)) {Import-module ActiveDirectory -force}
        Add-ADGroupMember -Identity “Group 1” – Member “jparmage”
        }

        you can then use your $result in published data or the rest of the script.

Leave a Reply