Text file | Create AD users rule
Overview
This rule queries the specified text file data source that is in a comma-separated variable format (CSV) and creates new user accounts according to the Action section settings.
NOTE: CSV-file should be in UTF-8 format in case of using letters with an accent: á, ä, é, í, ö, ü and etc.
When to use this rule
Use this rule when you need to perform bulk user account provisioning from HR/ERP/SIS system into Active Directory.
You can extend provisioning to other systems like M365, by combining this rule with other automation rules or using the pre-configured runbooks. For more information, please see Rules and runbooks article.
It is possible to specify values for any user attribute, including those required for Exchange Server and Office 365.
This rule requires a source text file in the comma-separated variable format (CSV). You can use the template CSV file provided with the rule, or create a file in Microsoft Excel and export as CSV.
To use a template CSV file:
- In the Query section, click the [...] button next to the Select Data Source setting.
Open Templates folder.
Select AD Users Template CSV file.
Click Open.
The Query's source text file requires the following CSV (comma separated value) format:
FirstName,LastName,Description,EmailAddress
Joe,Smith,test user,joe@domain.com
Kelly,Jones,test user,kelly@domain.comNOTE: For additional information about this rule see User provisioning from text file data source article.
Rule settings
Query section
| Setting name | Description |
|---|---|
Select data source |
Specify the text file to be imported. The […] (three dots) button allows the user to browse for the file and the Create/Edit button allows the creation or editing of the existing file in the built-in Data Source editor. |
| CSV file delimiter | Specify a character to separate data values in the CSV file. |
| Maximum number of users | Specify the maximum number of users to modify in the selected scope. |
More options | |
Filter CSV data |
This setting specifies the filter that can remove data rows from the imported text file that satisfies the specific condition. |
Properties to display |
Define object properties to display in the output file. |
Skip user if anchor attribute already exists |
The anchor attribute must be unique in the data source. Using the defined Anchor attribute, the rule checks to see if the anchor is already present in Active Directory. If the anchor is present, then this user was previously created, and the row in the data source is skipped. |
Data source anchor attribute |
Defines the column in the Data Source that will be used to determine if the user account already exists. This value is compared to the Active Directory Anchor attribute. Because user names are likely to have duplicates, some other attribute with a unique value should be used to determine if records read from the data source have already been processed. |
Active Directory anchor attribute |
Defines the attribute in the AD to which the data source anchor attribute is to be compared. When a new user is created this value also specifies the AD attribute into which the data source anchor is written for comparison the next time the rule is executed. NOTE: If the Active Directory attribute you wish to use as the Active Directory Anchor attribute is not displayed, you can enter the LDAP name of the attribute in the field. The attribute must be flagged as searchable (https://msdn.microsoft.com/en-us/library/ms679765(v=vs.85).aspx) within Active Directory. To determine if the attribute is flagged as searchable you can use ADSI Edit to view the Schema Objects container and examine the attribute’s searchFlags property. |
Action section
| Setting name | Description |
|---|---|
Create in |
Determine the location within Active Directory to create new user accounts in. RECOMMENDED: Create new objects in a separate OU then moved to the final location after provisioning is completed. The Text file | DynamicAttributes™ Relocate AD Users rule can be used to automatically move new user objects to the desired OU after the accounts are fully provisioned. |
Account | |
Logon name (SamAccountName) |
By default, SamAccountName is automatically generated from the data source, provided it contains correctly named fields. If the field names differ from those required for the selected format, contact Cayosoft to configure an override format. Additionally, the SamAccountName must be unique within the target domain. |
UPNSuffix |
Define the domain name component of the new user UserPrincipalName (UPN). The default UPN suffix is defined in the Default domain setting within the AD Users web query. If you are using Microsoft 365, ensure this value is set to a domain registered in Microsoft 365/Entra ID. |
UserPrincipalName |
By default, UserPrincipalName (UPN) is automatically generated from the data source, provided it contains correctly named fields. If the field names differ from those required for the selected UPN format, contact Cayosoft to configure an override format. The UPN value must be unique. |
FirstName (GivenName) |
Define the FirstName data column in the data source. If the data source contains a field named FirstName, ignore this setting. Otherwise, use the selector. |
Initials |
Define the Initials data column in the data source. If the data source contains a field named Initials, ignore this setting. Otherwise, use the selector. |
Last/Surname (sn) |
Define the LastName data column in the data source. If the data source contains a field named LastName, you can ignore this setting. Otherwise, use the Selector button to choose a field from the Data Source. |
Name (cn) |
Define the cn format. The default format uses fields named FirstName and LastName. You can use predefined options, use the expression builder to select a field from the data source, or contact Cayosoft for support. |
Display name |
Define the displayName format. The default format uses the cn value. You can use predefined options, use the expression builder to select a field from the data source, or contact Cayosoft for support. |
Description |
Define the description data column in the data source. If the data source contains a field name Description, you can ignore this setting. Otherwise, manually enter a static text value or use the selector button to choose a field from the data source. |
Settings | |
Default password |
Define a password for new accounts:
NOTE: Static passwords and passwords from the data source must meet the Active Directory Password complexity policy of the target container; alternatively, the account is created in a disabled state. Randomly generated passwords are generated to match both the Active Directory password complexity policy and additional complexity requirements defined in the Cayosoft Administrator password complexity policy. |
|
Define the settings to control default Active Directory user object settings. |
Account expiration date |
Define the account expiration attribute for Active Directory. You can populate this field using a data source column or a static text string entered manually in the |
Organization | |
|
Define the values for the default organization attributes in Active Directory. If the data source contains the field names, you can ignore this setting. Otherwise, manually enter a static text value or use the selector button to choose a field from the data source. |
Manager identifier |
Use the selector button to choose a field from the data source that is a unique identifier for the manager. Typically, the identifier used is the EmployeeNumber or EmployeeID value. |
AD attribute for manager lookup |
Define an Active Directory attribute used to link the manager and the Manager identifier value. |
Contact info | |
|
Define the values for the default contact info attributes in Active Directory. If the data source contains the field names, you can ignore this setting. Otherwise, manually enter a static text value or use the selector button to choose a field from the data source. NOTE: If you need alternative SMTP addresses, you can run the AD Users | Set Proxy Addresses rule after the create rule. IMPORTANT: The country/region should be represented by a 2-character code based on ISO-3166. For example, use code |
Alternative name generation rules | |
Name conflict resolution |
Define the behavior in case of a naming conflict:
|
|
Define the alternative values for the attributes. You can use the expression builder to define further generaion rules. |
Counter format |
Define the counter format to suffix conflicting users with a numeric value and generate unique names across the organizations. TIP: To use two-digit numbers, use 00. To start from a specific number (e.g., 5), specify 5. |
Add counter when |
Define the logic for the suffix addition:
The counter suffix does not apply when the name conflict resolution logic is set to logging an error in the Execution History. |
Multi-valued attributes | |
Multi-valued attribute support |
Enable or disable the support for multi-valued attributes in AD users. |
| Multi-valued attribute delimiter | Define a character to separate multiple data values in the CSV file. |
| List of multi-valued attributes |
Define a list of multi-valued attributes using the selector. IMPORTANT: Link source data attributes to matched attributes in Other properties to assign multiple values to corresponding attributes. Otherwise, the values won't be assigned. |
Other properties | |
Other properties |
Map data source columns and target user properties using the picker. |
Other properties script |
Data mapping also can be set by the script. If you want every provisioned user to have extension attribute 1 populated with some string value then use this
Copy
If you want every provisioned user to have extension attribute 2 populated with the corresponding value from the column in your data source file, then use this:
Copy
since NOTE: If you set mapping for the same properties both in Other properties and Other properties script, attribute values will be updated by the script. |
Notify manager | |
Notify Manager |
Define the notification behavior for the user creation event. NOTE: Pick Yes to send an email for each created user. Pick Yes (send one email) to send one email for all created users. |
| Additional To | Define an additional email address to send a notification when a user is created. |
| CC, BCC | Define an email address to send a copy to. |
| From | Define an email address to send emails from. |
| Subject |
Email subject. TIP: It is possible to customize email subjects by using different tokens, see Customizing an automation rule or web action output email. |
| Message |
Message text. TIP: It is possible to customize email messages by using different tokens, see Customizing an automation rule or web action output email. |
| Limit the number of emails sent per minute | Define an integer value that represents the number of emails sent per minute by this rule. To change the default value, navigate to Configuration > Settings > Email Settings (SMTP). The default limit for Microsoft 365 SMTP gate is 30 emails per minute. |
Output section
This section defines the output format of this rule.
To get more information about this section, please see the Rule Output section article.
Enforce/Schedule section
This section defines the schedule for how often to run the rule.
To get more information about this section, please see the Enforce/Schedule section article.
Change history
| Version | Notes |
|---|---|
| 13.1 | The Multi-valued attributes section has been added. |
| 8.0.0 | The Execution history name setting is removed. |
| 7.2.0 | The Other properties, Limit the number of emails sent per minute settings are added. |
| 5.4.0 | The rule is supplied with the pre-built CSV file template, which is selected by default when you create a new rule. |
Comments
0 comments
Please sign in to leave a comment.