Skip to main content

Microsoft Active Directory

The Microsoft Active Directory package provides comprehensive automation capabilities for Azure Active Directory (Azure AD), enabling you to manage users, groups, and organizational resources programmatically.

Overview

The Microsoft Active Directory package allows you to:

  • Connect to Azure Active Directory using client credentials
  • Create and manage users with custom properties
  • Create and manage security and distribution groups
  • Retrieve user and group information
  • List all users and groups in your directory
  • Manage group memberships
  • Update user and group properties
  • Delete users and groups when needed

Authentication

The package supports two authentication methods:

  1. Connect Node - Use the Connect node to establish a session that can be reused across multiple nodes
  2. Direct Credentials - Pass client credentials directly to individual nodes without using Connect

Client Credentials Authentication

To use Azure Active Directory automation, you need to create an Azure AD application and obtain:

  • Tenant ID - Your Azure AD directory (tenant) ID
  • Client ID - Your Azure AD application (client) ID
  • Client Secret - Your Azure AD application client secret

The package uses OAuth2 client credentials flow to authenticate with Microsoft Graph API.

Required Microsoft Graph Permissions

Your Azure AD application needs the following Application permissions:

  • User.ReadWrite.All - Read and write all users' full profiles
  • Group.ReadWrite.All - Read and write all groups
  • Directory.ReadWrite.All - Read and write directory data
important

These are Application permissions (not Delegated). After adding permissions, an admin must grant consent for your organization.

Common Use Cases

User Lifecycle Management

  • Automate employee onboarding by creating user accounts
  • Update user properties during employee changes
  • Deactivate or delete accounts during offboarding
  • Bulk user creation from HR systems

Group Management

  • Create security groups for access control
  • Create distribution groups for email communication
  • Manage group memberships automatically
  • Sync groups with external systems

Directory Automation

  • Generate reports of all users and groups
  • Audit group memberships
  • Synchronize with external identity systems
  • Automated provisioning and deprovisioning

Compliance & Security

  • Ensure consistent user properties
  • Automate security group assignments
  • Track and report on directory changes
  • Implement least-privilege access

Setting Up Azure AD Application

To use this package, you need to create an Azure AD application:

  1. Go to Azure Portal
  2. Navigate to Azure Active Directory > App registrations
  3. Click "New registration"
  4. Provide a name (e.g., "Robomotion Automation")
  5. Select "Accounts in this organizational directory only"
  6. Click "Register"
  7. Note the Application (client) ID and Directory (tenant) ID
  8. Go to "Certificates & secrets" > "New client secret"
  9. Create a secret and note the Value (this is your client secret)
  10. Go to "API permissions" > "Add a permission"
  11. Select "Microsoft Graph" > "Application permissions"
  12. Add these permissions:
    • User.ReadWrite.All
    • Group.ReadWrite.All
    • Directory.ReadWrite.All
  13. Click "Grant admin consent for [your organization]"
tip

Store your client secret securely in Robomotion Vault. Never expose it in code or logs.

Available Nodes