Introduction
The Actions component of Ultimate Forms provides a quick and easy way of adding automation to SharePoint. And the most important part is that you are able to do it without being an accomplished workflow developer. The component allows you to create, modify and manage SharePoint items and documents. Additionally, you can connect to and interact with a variety of 3rd party applications.
Our customers use this component for a wide variety of business solutions in SharePoint. It makes it easy to introduce business rules and automation without the steep learning curve of traditional workflow solutions.
Today I would like to focus on one particular action type: Manage Active Directory. This action allows you to:
- Create users in Entra ID / Active Directory
- Update users in Entra ID / Active Directory
- Enable/disable users
- Reset passwords
- Add/remove users to security groups and distribution lists
- Create security groups and distributions lists
- Delete security groups and distribution lists
Prerequisites
Ultimate Forms
If you still don't have Ultimate Forms in your environment, you can easily install a 30-day trial. All you need is to have SharePoint (either in Microsoft 365 or on premises). Make sure you possess sufficient permissions to install or ask someone to do it for you.
Permissions
If you are on Microsoft 365, the permissions request will appear as a pop-up window. You will see it when you first save your Manage Active Directory action. The pop-up will request a Graph API permission to manage Entra ID (formerly known as Azure Active Directory). Ensure you grant the permission, as otherwise the action will fail to execute.
If you are on premises, your SharePoint application pool accounts needs additional permissions. Grant it management right on an organizational unit (OU) within your Active Directory. The permission will allow the application pool account to create and update users.
SharePoint List
A list in SharePoint we are going to use to create and update our users. I chose to use a standard Contacts list as it already contains most of the columns I need. I added the following columns only: Username and Password. But of course, you can use any list and just add columns to it.
Demos
Our example today will help use to accomplish two things:
- Create a new user in AD when we add a new item to the SharePoint list.
- Reset existing user's password when someone updates the list item with a new password.
We are going to be doing that by adding a set of actions for our SharePoint list. Start by clicking on Design button on our list's toolbar, then clicking on Actions.
Create User Action
Our first action is going to be Create User (type: Manage Active Directory). This action will automatically run on Item is added. In general, actions can run:
- On various events (adding, updating or deleting items)
- On timer (such as 2 days before Due Date)
- Manually with a click of a button.
Under Action Settings select "Create User" as action type, enter your Active Directory connection information. In Microsoft 365, the information consists only of your domain (such as example.com). On premises, you need to enter directory type, name and OU path).
Next map the list columns to the Active Directory user properties. Use the value picker by clicking on the input field to select columns rather than typing them in.
Next save the action to add it to the system. Now every time you add an item to the list, the system will create a new user in Entra ID / Active Directory.
Clear Password
But wait, the password is clearly visible to anyone with access to the list, not much of a security system.
But we can rectify this shortcoming with ease. And we accomplish that by adding another action. This additional action will clear the password field value as soon as we have used it. We'll be using Update list item type of action for that:
Generally, actions run in the same order as they appear in the Actions section. But note that all actions in the same batch see the item exactly as it was before actions started running. As the result of this fact, the order makes no difference in this particular case.
Reset Password Action
And the last thing we want to implement is the ability to reset password. Add another Manage Active Directory action and set it to run on Item is modified.
In the Action Settings select Reset Password action type and map the necessary fields:
One more thing is needed here and that's a condition to only run this action when users actually enter the new password:
Testing It Out
Now let's test it! Enter user data into the list:
Save and check your Active Directory. Presto! A new user has been added:
Now edit the user in the SharePoint list and enter a new password. The action will execute and update the user with a new password.
Conclusion
In summary, we covered just a fraction of what the Actions component is capable of. We designed it specifically for non-technical users who still want to maximize their SharePoint investment!
