Summary
This workflow automates the creation of Active Directory user accounts as part of the user onboarding process. The solution creates the user object with proper naming conventions, places it in the correct Organizational Unit, sets standard and custom attributes, assigns security and distribution group memberships, configures home directory and profile paths, sets initial password with change-at-next-logon, and enables the account. By automating AD user creation, the workflow ensures consistent provisioning, reduces onboarding time, eliminates manual configuration errors, and maintains compliance with organizational naming and security standards.
Usage
Prerequisites
Before using this workflow, ensure the following requirements are met:
-
Active Directory Integration: Configure AD integration via RMM agent or Rewst agent with user management permissions
-
PSA Integration: For ticket tracking
-
Email Integration: For notifications and credential delivery
-
Organizational Variables:
ad_user_creation_ticket_board: PSA board for onboarding tasksad_default_ou: Default OU for new usersad_department_ou_mapping: Map departments to OUsad_username_format: Username format (e.g.,first.last,flast)ad_default_groups: Default security groups for all usersad_department_groups: Department-specific group mappingsad_home_directory_path: UNC path for home directoriesad_password_policy: Initial password generation rules
Workflow Inputs
| Parameter | Type | Required | Description |
|---|---|---|---|
first_name | String | Yes | User's first name |
last_name | String | Yes | User's last name |
company_id | String | Yes | PSA company ID |
department | String | Yes | Department name |
title | String | Yes | Job title |
manager | String | No | Manager's AD username or email |
office_location | String | No | Office/site location |
phone_number | String | No | Business phone number |
employee_id | String | No | Employee ID number |
custom_ou | String | No | Override default OU path |
additional_groups | Array | No | Extra groups beyond defaults |
create_home_directory | Boolean | No | Create home folder. Default: true |
ticket_id | String | No | Existing PSA ticket to update |
Execution
Manual Trigger
- Execute from PSA ticket or onboarding form
Automated Trigger
- Part of new user onboarding workflow
- Triggered by HR system integration
Creation Process Flow
- Input Validation: Verify required fields and company mapping
- Username Generation: Generate username per naming convention
- Duplicate Check: Verify username doesn't already exist
- OU Determination: Map department to appropriate OU
- Password Generation: Generate initial password per policy
- User Creation: Create AD user object with all attributes
- Group Assignment: Add user to default and department groups
- Home Directory: Create home folder and set permissions
- Profile Configuration: Set profile path and logon script
- Account Enablement: Enable the user account
- Credential Delivery: Send credentials via secure method
- PSA Update: Update ticket with account details
- Notification: Alert requestor and manager
Returned Data
{
"success": true,
"user_created": {
"display_name": "John Smith",
"username": "john.smith",
"sam_account_name": "john.smith",
"user_principal_name": "john.smith@acmecorp.local",
"email": "john.smith@acmecorp.com",
"distinguished_name": "CN=John Smith,OU=Sales,OU=Users,DC=acmecorp,DC=local",
"department": "Sales",
"title": "Account Executive",
"manager": "CN=Jane Doe,OU=Sales,OU=Users,DC=acmecorp,DC=local",
"office": "New York - HQ",
"phone": "555-0150",
"employee_id": "EMP-2026-045",
"account_enabled": true,
"password_must_change": true
},
"group_memberships": [
{
"group": "Domain Users",
"type": "Default",
"added": true
},
{
"group": "All-Employees",
"type": "Default",
"added": true
},
{
"group": "Sales-Team",
"type": "Department",
"added": true
},
{
"group": "VPN-Users",
"type": "Default",
"added": true
},
{
"group": "CRM-Access",
"type": "Department",
"added": true
}
],
"home_directory": {
"created": true,
"path": "\\\\fileserver\\home$\\john.smith",
"permissions_set": true
},
"credential_delivery": {
"method": "Secure email to manager",
"delivered_to": "jane.doe@acmecorp.com",
"temporary_password": true
},
"ticket_id": "ONB-2026-022"
}
Changelog
2026-03-04
- Initial version of the document