Orchestrator Runbook for creating a new mail enabled user

In this guide I will be explaining the process I have used to create a new user, allocate it to the correct OU, and define settings such as login script. The runbook looks like this:

NewUserRunbook

 

 

 

 

 

 

 

First drag an Initiate Data unit from the runbook control section. I renamed this to “User Info”. You can use whatever fields you want here, but the ones I used are as below:

UserInfo

 

 

 

 

 

 

 

 

 

 

 

These will be linked to later in the runbook. Click finish and then drag and link a generate random text control from the utilities section.

GeneratePassword

 

 

 

 

 

 

 

 

 

 

 

Set this up according to your complexity requirements, I did this as above. The next step is to create a some variables. Drag a run .net script control from the system section, and link it to the password step. I used a basic PowerShell script to allocate a SamName from the first name and last name. You can edit this according to your organisations specifications, but my organisation uses first initial, last name, so this script is geared to that. It also truncates the SamName so that it doesn’t exceed the 20 character maximum.

This is the script:

$Fname = "First Name"
$Lname = "Last name"
$Phone = "Phone Number"
$Title = "Title"
$Department = "Department"
$Sam=$FName.substring(0,1)+$LName
$max=$Sam.Length
if ($max -gt 20) {$max=20}
$Sam=$Sam.Substring(0,$max)
$Alias=$Sam

Where there are descriptions between the quote marks, these need to be replaced with subscriptions to the corresponding data from the User Info step. To do this, delete the description and then right click between the quote marks, and choose subscribe > publish data. From the drop down choose UserInfo and then select the corresponding piece of data. This will end up looking something like this:

VariablesScript

 

 

 

 

 

 

 

 

 

 

 

I tried scripting more information such as address details, OU and profile data, but I found that for some reason Orchestrator was pulling the wrong data for the variable, so I decided to use a different approach. However, if you are interested in how I did this, please let me know and I will update the post.

Next we need to publish these variables so that we can use them for the create user step. Click on the Published Data tab, and then click on add. This presents the box below:

VariablePublishedData

 

 

 

 

 

 

 

 

 

 

 

 

This small script only needs to have department and SamName published, but depending on what you script, you can publish anything you need here. Notice that the variable name does not have the $ at the beginning.

For the next step bring a create user control from the Active Directory section. Link this to the variables control, and then right click on the link, and choose properties. This is where you can insert a condition based on the department variable so that users in that department get a specific set of properties.

LinkProperties

 

 

 

 

 

 

 

 

 

 

 

 

You can specify the details for the new user, and the rest of the process, and then copy those controls, and paste them in again, link them with a different condition and then change anything that needs to be different in the create user control for the new branch.

Open the Create User control and on the properties tab, specify the AD connection of the domain you want the user added to (you can use this to create one runbook that creates users across multiple domains based entirely on their department!). There are instructions for connecting to AD here.

Click on Optional Properties, and choose the ones that are relevant to your organisation. I went with:

adprops

 

 

 

 

 

 

 

 

 

Here is how I configured each of the fields. Words within {} are subscriptions from previous controls:

Common Name: “{last name from userinfo}\, {first name from userinfo}”

I should point out this is for last name, first name, and that the \ is required for powershell to recognise the comma. The quotes are also required.

City: Enter the City
Company: Enter the Company
Department: {Department from userinfo}
Description: Whatever you want, however I used {Title from userinfo}
Display Name: “{last name from userinfo}\, {first name from userinfo}”
First Name: {First Name from userinfo}
Home Directory: \\servername\sharename\{SamName from variables}
Home Drive: Map your drive letter here if you use this.
Last Name: {Last Name from userinfo}
Container Distinguished Name: This is the OU for the users department in the format OU=Sales,OU=Users,DC=int,DC=domain,DC=local
Password: {Random Text from generate password}
Office: Enter the Office Name
Postal Code: Enter the Office Post Code/Zip
Profile Path: \\servername\sharename\{SamName from Variables}
SAM Account Name: {SamName from variables}
Login Script: Enter login script name (script.bat)
Phone Number: {Phone from userinfo}
Title: {Title from userinfo}
Web Page: Enter default website
User Principle Name: {SamName from Variables}@int.domain.local

Next drag an enable user control over from the AD section and link this to create user. Set the AD connection and subscribe Distinguished Name to {Distinguished name from create user}.

Next drag an enable mailbox control from the Exchange Admin section and link to enable user, set the Exchange connection and subscribe Distinguished Name to {Distinguished name from enable user}.

For the last step, drag a send email control over from the email section. I set this up as below:

sendemail

 

 

 

 

 

 

 

 

 

 

 

On the connect tab, add your SMTP details and send from address, and then specify any required security details. Once you have done this, run it through the runbook tester, and you should be ready to go.

I’ll do a post on connecting the runbook to System Center System Manager at a later date.

3 comments

  1. Stephen Sandifer says:

    I’ve pitched this as an idea, but not seen it in action. Well done. Thank you for the example.

    • Brian Jones says:

      Thanks Stephen,

      I’ve actually extended this now to add groups and I’ve also amended a codeplex runbook so that it can get the requesters email address from their user token and send them a notification of any details. This will for me be part of a larger runbook that emails administrators of other systems dependent on what options were selected on a comprehensive user form. I’ll be making another post with the updates in a couple of days.

      Brian

  2. Usman says:

    anyone have a example or help me in creating a runbook to bulk import AD user accounts details from XML/CSV file into system center Orchestrator, which will create AD accounts, put them in groups and then create their exchange mail accounts.

    Thank you
    Usman

Leave a Reply

%d bloggers like this: