How to use Powershell to create a user in AD

Hi All,

I want to share a simple example with you to demonstrate how you can utilize SAP IdM to invoke a local PowerShell script.

In my scenario I am using Quest ActiveRoles Server Management Shell for Active Directory but this should work with Windows AD cmdlets as well.

In my Plugins folder I have replaced the standard To LDAP directory pass with a new Shell execute pass.

In the Destination tab you should disable the option “Wait for execution” and insert the following command with your arguments.

cmd /c powershell.exe -Command “c://scripts//ProcessQADUser.ps1” %$rep.QARS_HOST% %$rep.QARS_PASSWORD% %MSKEYVALUE% $FUNCTION.cce_core_descryptPassword(%MX_ENCRYPTED_PASSWORD%)$$ “‘%Z_ADS_PARENT_CONTAINER%'” %MX_FIRSTNAME% “‘%MX_LASTNAME%'”

Please remember to separate attributes using white spaces as PowerShell will remove commas and convert the arguments into an Array.

Hope this helps.

Regards,

Ridouan