Skip to Content

How to use Powershell to create a user in AD

Hi All,

I want to share a simple example with you to demonstrate how you can utilize SAP IdM to invoke a local PowerShell script.

In my scenario I am using Quest ActiveRoles Server Management Shell for Active Directory but this should work with Windows AD cmdlets as well.

In my Plugins folder I have replaced the standard To LDAP directory pass with a new Shell execute pass.

Screen Shot 2014-04-03 at 22.53.01.png

In the Destination tab you should disable the option “Wait for execution” and insert the following command with your arguments.

cmd /c powershell.exe -Command “c://scripts//ProcessQADUser.ps1” %$rep.QARS_HOST% %$rep.QARS_PASSWORD% %MSKEYVALUE% $FUNCTION.cce_core_descryptPassword(%MX_ENCRYPTED_PASSWORD%)$$ “‘%Z_ADS_PARENT_CONTAINER%'” %MX_FIRSTNAME% “‘%MX_LASTNAME%'”

Screen Shot 2014-04-03 at 22.57.50.png

Please remember to separate attributes using white spaces as PowerShell will remove commas and convert the arguments into an Array.

Hope this helps.

Regards,

Ridouan

1 Comment
You must be Logged on to comment or reply to a post.
  • Hi Ridouan,

    Can you send me your “.ps1” file only to see how a powershell script should be created to run in SAP Identity Management?

    Best Regards,

    Gustavo