How to use Powershell to create a user in AD
I want to share a simple example with you to demonstrate how you can utilize SAP IdM to invoke a local PowerShell script.
In my scenario I am using Quest ActiveRoles Server Management Shell for Active Directory but this should work with Windows AD cmdlets as well.
In my Plugins folder I have replaced the standard To LDAP directory pass with a new Shell execute pass.
In the Destination tab you should disable the option “Wait for execution” and insert the following command with your arguments.
cmd /c powershell.exe -Command “c://scripts//ProcessQADUser.ps1” %$rep.QARS_HOST% %$rep.QARS_PASSWORD% %MSKEYVALUE% $FUNCTION.cce_core_descryptPassword(%MX_ENCRYPTED_PASSWORD%)$$ “‘%Z_ADS_PARENT_CONTAINER%'” %MX_FIRSTNAME% “‘%MX_LASTNAME%'”
Please remember to separate attributes using white spaces as PowerShell will remove commas and convert the arguments into an Array.
Hope this helps.