--- title: "Active Directory Module Steps" slug: "active-directory-module-steps" tags: ["active directory"] updated: 2025-10-23T14:28:41Z published: 2025-10-23T14:28:41Z --- > ## Documentation Index > Fetch the complete documentation index at: https://documentation.decisions.com/llms.txt > Use this file to discover all available pages before exploring further. # Active Directory Module Steps **Breaking change on upgrading to v9**If upgrading from v8.14 to v9, please note that the **List Users In OU Step** will not work. This is due to an update that alters the input requirement, requiring Users to provide the OU name instead of the entire URL. Update the step input to avoid workflow disruptions.Upgrading to v9:Microsoft has renamed Azure Active Directory (Azure AD) to [Microsoft Entra ID](https://learn.microsoft.com/en-us/entra/fundamentals/new-name). This change has been incorporated into the platform starting in v8.17. | Module Details | | --- | | **Core or GitHub Module** | Core module | | **Restart Required?** | No | | **Step Location** | Integration > Active Directory | | **Settings Location** | System > Settings > Entra ID Settings | ## Overview The**Active Directory** module introduces Flow steps that allow Users to build Flows centered around managing the Active Directory, such as creating Users, Groups, and Associations. Installing the module will also provide steps that handle Microsoft Entra ID (formerly known as Azure Active Directory) accounts. #### Prerequisites - [Setup an Active Directory Server Authentication](https://documentation.decisions.com/docs/setting-up-active-directory-ad-server-authentication) - [Install Active Directory](https://documentation.decisions.com/docs/installing-modules-decisions?highlight=installing%20modules) - Create a [Project Dependency](https://documentation.decisions.com/v9/docs/project-dependencies) Note for Third-Party Systems and SubscriptionsCustomers are responsible for securing and maintaining accounts with third-party systems and subscriptions. --- ## Active Directory Steps | Location | Step Name | Description | Inputs/Outputs | | --- | --- | --- | --- | | Users | Find User By SAMAccount Name | The **Find User By SAMAccount Name**step connects to the Active Directory by configuring the Connection String Input and searches for the provided account via the SAMAccount Name Input. It then outputs the found account's information. | Inputs: Connection Settings (ADStepSettings), SAMAccount Name (String) | | Outputs: Output (ADUser) | | Find User By SAMAccount Name JSON | The **Find User By SAMAccount Name JSON**step connects to the Active Directory by configuring the Connection String Input and searches for the provided account via the SAMAccount Name Input. It then outputs the found account's information in a JSON string. | Inputs: Connection Strings (ADStepSettings), SAMAccount Name (String) | | Outputs: Output (String) | | Get All Users | The **Get All Users**step connects to the Active Directory by configuring the Connection Strings Input and then outputs a list of all found Active Directory users. | Inputs: Connection Strings (ADStepSettings) | | Outputs: Output (ADUser[]) | | Set New Password | The **Set New Password**step finds the specified user name and then changes its password to the value of the New Password Input. If an error occurs on this step, it then outputs an error message. | Inputs: New Password (String), User Name (String) | | Outputs: Error Message (String) | | Root | Disable User | The **Disable User** step connects to the LDAP server by configuring its System User Name. System Password and LDAP Server Address Inputs. It then disables the user matching the login of the Login Name Input, thus preventing them from logging into the server until re-enabled. | Inputs: System User Name (String), System Password (String). LDAP Server Address (String), Login Name (String) | | Outputs: None | | Enable User | The**Enable****User** step connects to the LDAP server by configuring its System User Name. System Password and LDAP Server Address Inputs. It then enables the user to match the login of the Login Name Input, thus allowing them to log back into the server again. | Inputs: System User Name (String), System Password (String). LDAP Server Address (String), Login Name (String) | | Outputs: None | | Get Groups List | The **Get Group List step** connects to the LDAP server by configuring its System User Name. System Password and LDAP Server Address Inputs.****The Ou Path Input prompts which Organization Unit the step will search for groups, if at all. It then outputs the list of found groups. | Inputs: System User Name (String), System Password (String). LDAP Server Address (String), Login Name (String) | | Output: Output (String[]) | | List Users In OU | The **List Users In OU**connects to the Active Directory by configuring the Connection String Input. | Inputs: Connection Strings (ADStepSettings), Limit (Int32), OU (String) | | Outputs: Output (ADUser[]) | | Find Computer By Name | The **Find Computer By Name**step connects to the Active Directory by configuring the Connection String Input and then searches for a computer matching the Computer Name Input. It then outputs the found computer's information. | Inputs: Computer Name (String), Connection Settings (ADStepSettings) | | Outputs: Output (ADComputer) | | Find Computers By Name | The **Find Computer By Name**step connects to the Active Directory by configuring the Connection String Input and then searches for computers matching the Computer Name Input. It then outputs the found computer's information. | Inputs: Computer Name (String), Connection Settings (ADStepSettings) | | Outputs: Output (ADComputer[]) | | Find Group By Name | The **Find Group By Name**step connects to the Active Directory by configuring the Connection String Input and then searches for the group matching the Group Name Input. It then outputs the found group's information. | Inputs: Connection Settings (ADStepSettings), Group Name (String) | | Outputs: Output (ADGroup) | | Find Groups By Name | The **Find Groups By Name**step connects to the Active Directory by configuring the Connection String Input and then searches for the groups matching the Group Name Input. It then outputs the information for the found groups. | Inputs: Connection Settings (ADStepSettings), Group Name (String) | | Outputs: Output (ADGroup[]) | | List Computers In Active Directory | The **List Computers In Active Directory**step connects to the Active Directory by configuring the Connection String Input. It then outputs a list of all computers within the Active Directory along with their information. | Inputs: Connection Strings (ADStepSettings) | | Outputs: Output (ADComputer[]) | | List Groups In Active Directory | The **List Groups In Active Directory**step connects to the Server IP Input with the specified User Name and Password, aka Pwd Inputs. It then outputs a list of all groups within the server, along with their information. | Inputs: Pwd (String), Server Ip (String), User Name (String) | | Outputs: Output (ADGroup[]) | | Add Group | The **Add Group** step selects a group to be added for an AD sync | Inputs: System User Name (String), System Password (String). LDAP Server Address (String), Name (String), Ou Path (String) | | Outputs: None | | Add User To Group | The **Add User to Group** step selects a specified user and adds them to the Group. | Inputs: System User Name (String), System Password (String). LDAP Server Address (String), Login Name (String), Group Name (String), | | Outputs: None | | Convert Active Directory UTC Time To Date Time | The **Convert Active Directory UTC Time to Date Time** step converts an int64 value into a DateTime object. | Input: Long Value (Int64) | | Outputs: ConvertActiveDirectorryUTCTimeToDateTime (DateTime) | | Create Group | The **Create Group** step defines a new group to be added to the AD server | Inputs: Description (String), Is Security Group (Boolean), New Group Name (String), Optional Container (String), Pwd, (String), Server IP Or Domain (String), User Name (String) | | Outputs: None | | Create OU | The **Create OU**step allows a new OU group to be defined and added to the AD server. | Inputs: Connection Settings (ADStepSettings), NewOUDescription (String), NewOUName (String), Parent OU (String) | | Outputs: Name | | Create User Advanced | The **Create User Advanced** step allows for new AD accounts to be created using a Flow. | Inputs: System User Name (String), System Password (String). LDAP Server Address (String), Department (String), Email (String), First Name (String), Last Name (String), Login Name (String), Ou Path (String), User Password (String) | | Outputs: None | | Delete User | The **Delete User** step removes a user from the AD server. The synced AD account will not be removed from Decisions. | Inputs: System User Name (String), System Password (String). LDAP Server Address (String), Login Name (String) | | Outputs: None | | List Org Unit in Active Directory | The **List Org Unit in Active Directory** step lists out the organization units available in an AD environment. | Inputs: Pwd (String), Server Ip (String), User Name (String) | | Outputs: None | | Remove Group | The **Remove Group** step removes a group from the AD environment. | Inputs: System User Name (String), System Password (String). LDAP Server Address (String), Name (String). Ou Path (String) | | Outputs: None | | Remove User From Group | The **Remove User From Group** step removes a group from a specific user in the AD environment. | Inputs: System User Name (String), System Password (String). LDAP Server Address (String), Group Name (String). Login Name (String) | | Outputs: None | | Unlock User | The **Unlock User** step unlocks a user account in the AD environment. | Inputs: System User Name (String), System Password (String). LDAP Server Address (String), Login Name (String) | | Outputs: None | | Update User | The **Update User** step updates a user account in the AD environment. | Inputs: System User Name (String), System Password (String). LDAP Server Address (String), Department (String), Email (String), First Name (String), Last Name (String), Login Name (String) | | Outputs: None | | User Exists | The **User Exist****s** step checks to see if an inputted login name exists in the AD environment. | Inputs: System User Name (String), System Password (String). LDAP Server Address (String), Group Name (String). Login Name (String) | | Outputs: None | | Microsoft Entra ID (formerly known as Azure Active Directory) | Add User To Group | The **Add User to Group** step allows users to be added to an Azure Active Directory environment. | Inputs: Group ID (String), User ID (String) | | Outputs: None | | Disable User | The **Disable User** step allows users to be disabled in an AAD environment. | Inputs: User ID (String) | | Outputs: None | | Enable User | The **Enable User** step enables the inputted account in an AAD environment. | Inputs: User ID (String) | | Outputs: None | | Remove User From Group | The **Remove User From Group** step provides a method to remove a user from a specified group in an AAD environment. | Inputs: Group ID (String), User ID (String) | | Outputs: None | | User Exists | The **User Exists** step checks to see if an inputted login name exists in the AAD environment. | Inputs: User ID (String) | | Outputs: None | ### LDAPS Support Starting in v9.8, Steps with "Connection Settings" as an Input have additional configuration for LDAP support. Setting the data type to Constant and hitting the Edit button will pull up a menu. Look for the "Enable LDAPS" option and click to enable it.![](https://cdn.document360.io/6ef8bcc1-6489-4486-9ad1-83acff7e5df0/Images/Documentation/Screenshot%202025-02-27%20103127.png) --- ## Active Directory Internal Services Methods While not added to the Active Directory module's installation, the following commonly used pre-built methods streamline or otherwise assist with Active Directory configurations. These are part of the Call Internal Decisions Service Step, found under **Integration > Internal Services.**Pick Service Name ActiveDirectoryServices for a full list of methods. | Method Name | Description | Inputs/Outputs | | --- | --- | --- | | **GetActiveDirectorySettings** | The **GetActiveDirectorySettings**method automatically gathers the current configuration of the installed Active Directory module's settings and then outputs them. This output may be mapped to Active Directory steps needing connection string Inputs to save time over manually entering them. | Inputs: None | | Outputs: Output (ActiveDirectorySettings) | | **TestLogin** | The **TestLogin**method creates a test login user account for the Active Directory server, which is often used to test connections. It then outputs the results of the login test. | Inputs: Domain and User Name (String), Password (String) | | Outputs: Output (ActiveDirectoryLoginTestResult) | --- ## Feature Changes | Description | Version | Release Date | Developer Task | | --- | --- | --- | --- | | Wildcard (*) searches will now work properly. | [9.3](https://documentation.decisions.com/v99/docs/version-93x-release-notes) | September 2024 | [DT-041927] | | Added the "Enable LDAPS" setting on all Steps. | [9.8](https://documentation.decisions.com/v99/docs/version-98x-release-notes) | March 2025 | [DT-043770] | For further information on Modules, visit the [Decisions Forum](https://community.decisions.com/categories/Modules).