Automate creating new users with Azure Automation Runbooks, Microsoft Forms & Logic Apps

Photo of author

Dan Rios

3 min read

13 thoughts on “Automate creating new users with Azure Automation Runbooks, Microsoft Forms & Logic Apps”

  1. This is excellent, thanks for sharing Dan. We use Forms at various clients for new starters, where the client completes the information (name, start date, access required, etc.) and the form generates a ticket for us to follow. Looks like we can extend that to actually create the AAD/AD user – very nice!

    Reply
    • Hi David, great to hear from you. Hope you’ve been keeping well.

      Thanks for the feedback on this. Indeed a very powerful toolset! It definitely becomes even sleeker when the client is cloud only due to the AAD Create User connector available to use in the flow, eliminating the steps for hybrid agents and runbooks.

      Dan

      Reply
  2. Hello Dan. This was a wonderful article. I was wondering if you have seen an instance where following these steps you may get the exception Incomplete String Token? I confirmed I can successfully run test powershell scripts through runbooks by creating a file on the C drive. I cannot however use the script to create new users. If you can point me in the right direction that would be wonderful!

    Reply
    • Hi Morgan. Thanks for your kind words, mate!

      I would probably look at running the new user script locally on the server, if it works there it should definitely work when triggering through the run book in Azure.

      Also, is the Active Directory PS Module installed onto the server as well?

      Dan

      Reply
      • Thank you for such a quick reply! The script works just fine on the local server, AD PS module is installed, I rebooted everything overnight and starting the Runbook manually creates a user now! Though now I am getting some actual errors I can work through.
        When submitting new user through Forms the Runbook spits out the error “The term ‘New-ADUser’ is not recognized” So I will start troubleshooting that piece and let you know what I find out.

        Reply
        • Hello Dan I got it working! Again thank you for this article. Its not a handhold guide ,but it points you in the right direction to do the research for yourself which is exactly what I needed. To anyone else out there reading this in the future my issue was setting the account back to default, AND I missed the “Hybrid Automation Work Group” in the Logic App. Using Event logs in folders Microsoft-Automation and Microsoft-SMA on my worker allowed me to follow the error trail and find the solution in the Microsoft article linked below.
          https://docs.microsoft.com/en-us/azure/automation/troubleshoot/runbooks#diagnose-runbook-issues

          Reply
          • Great to hear! I will update the article to mention this – as it may not be clear enough from the screenshots for other. Thanks.

            The toolset has such a wide use case and different approaches I wanted the article to cover the basic overview. That way people can use the concept and be able to apply their own use cases into it 🙂 Happy automating!

  3. Hi I have tried this but I am getting the error that -accountpassword doesn’t exist. i am trying to run a runbook with already filled out variables for testing any ideas?

    Reply
    • Hey Jamie.

      Sounds like it’s not picking up the password variable for whatever reason.

      You could try running the script on the target server itself via Powershell ISE first to check the code is good. Maybe a hidden symbol at play causing an issue or syntax problem.

      Also check the target sever has the AD ps module installed.

      Dan

      Reply
  4. Hey Dan!

    Amazing article, with which account has you configured the ‘Create Job’ action in order to run the Azure Automation, and which type of permissions are you assigning it.

    Thanks you in advanced!

    Reply
    • Hey there 👋 thanks! In this example the create job connector was running under my own user context. From memory as long as that account has access to the automation account resource it should be fine.

      Ultimately a service account dedicated for the logic app connectors may be preferred.

      The article is very old now I need to update it. Let me know if you hit any issues! Glad you found it useful.

      Reply

Leave a comment


Skip to content