Create User

Creates a new user in Azure Active Directory with the specified properties.

Common Properties

• Name - The custom name of the node.
• Color - The custom color of the node.
• Delay Before (sec) - Waits in seconds before executing the node.
• Delay After (sec) - Waits in seconds after executing node.
• Continue On Error - Automation will continue regardless of any error. The default value is false.

info

If ContinueOnError property is true, no error is caught when the project is executed even if Catch node is used.

Inputs

• Access Id - The access ID from the Connect node. Optional if using direct credentials.
• User Properties (JSON) - A JSON object containing the user properties. This is configured in the node editor with C# syntax.

Required User Properties

The following properties are required when creating a user:

{
  "accountEnabled": true,
  "displayName": "John Doe",
  "mailNickname": "johnd",
  "userPrincipalName": "johnd@contoso.onmicrosoft.com",
  "passwordProfile": {
    "forceChangePasswordNextSignIn": true,
    "password": "TemporaryPassword123!"
  }
}

Optional User Properties

You can include additional properties:

• givenName - First name
• surname - Last name
• jobTitle - Job title
• department - Department name
• officeLocation - Office location
• mobilePhone - Mobile phone number
• businessPhones - Array of business phone numbers
• usageLocation - Two-letter country code (e.g., "US")
• streetAddress - Street address
• city - City
• state - State or province
• postalCode - Postal code
• country - Country

Options

Direct Credentials (optional - alternative to using Connect node):

• Tenant Id - Azure AD tenant ID (optional if using Access ID)
• Client Id - Azure AD application client ID (optional if using Access ID)
• Client Secret - Azure AD application client secret credential (optional if using Access ID)

Output

• Result - Created user object containing user details including:
  • id - The unique user ID
  • userPrincipalName - The user's principal name
  • displayName - The user's display name
  • All other properties set during creation

How It Works

The Create User node:

1. Authenticates using either the access ID or direct credentials
2. Sends a POST request to Microsoft Graph API with user properties
3. Azure AD creates the user account
4. Returns the complete user object including the generated user ID

The user is created immediately and can be used right away for authentication and group assignments.

Examples

Create Basic User

Create a new employee account with required fields:

// Using Connect node
access_id = message.access_id

// User properties in node editor:
{
    "accountEnabled": true,
    "displayName": "Jane Smith",
    "mailNickname": "janes",
    "userPrincipalName": "janes@contoso.onmicrosoft.com",
    "passwordProfile": {
        "forceChangePasswordNextSignIn": true,
        "password": "Welcome2024!"
    }
}

// Output
result = {
    "id": "12345678-1234-1234-1234-123456789012",
    "userPrincipalName": "janes@contoso.onmicrosoft.com",
    "displayName": "Jane Smith",
    ...
}

Create User with Full Details

Create a user with complete profile information:

// User properties:
{
    "accountEnabled": true,
    "displayName": "John Doe",
    "givenName": "John",
    "surname": "Doe",
    "mailNickname": "johnd",
    "userPrincipalName": "johnd@contoso.onmicrosoft.com",
    "jobTitle": "Senior Developer",
    "department": "Engineering",
    "officeLocation": "Building 2, Floor 3",
    "mobilePhone": "+1 555 123 4567",
    "businessPhones": ["+1 555 987 6543"],
    "usageLocation": "US",
    "passwordProfile": {
        "forceChangePasswordNextSignIn": true,
        "password": "TempPass2024!"
    }
}

Bulk User Creation from CSV

Automate user creation from a CSV file:

// Read CSV with employee data
// CSV columns: FirstName, LastName, Email, Department, JobTitle

// Loop through each employee
for (employee of employees) {
    // Create User node
    // User properties:
    {
        "accountEnabled": true,
        "displayName": employee.FirstName + " " + employee.LastName,
        "givenName": employee.FirstName,
        "surname": employee.LastName,
        "mailNickname": employee.Email.split("@")[0],
        "userPrincipalName": employee.Email,
        "department": employee.Department,
        "jobTitle": employee.JobTitle,
        "passwordProfile": {
            "forceChangePasswordNextSignIn": true,
            "password": generatePassword() // Custom function
        }
    }

    // Store user ID for later use
    newUsers.push(result.id)
}

Create Disabled User Account

Create a user account that is initially disabled:

// Useful for pre-provisioning accounts before employee start date
{
    "accountEnabled": false,
    "displayName": "Future Employee",
    "mailNickname": "future",
    "userPrincipalName": "future@contoso.onmicrosoft.com",
    "passwordProfile": {
        "forceChangePasswordNextSignIn": true,
        "password": "TempPass2024!"
    }
}

// Later, use Update User node to enable:
// {"accountEnabled": true}

Using Direct Credentials

Create user without Connect node:

// Create User node settings:
// - Access Id: (leave empty)
// - Tenant Id: "12345678-1234-1234-1234-123456789012"
// - Client Id: "abcdef12-3456-7890-abcd-ef1234567890"
// - Client Secret: [from vault]

// User properties:
{
    "accountEnabled": true,
    "displayName": "Direct Create Test",
    "mailNickname": "directtest",
    "userPrincipalName": "directtest@contoso.onmicrosoft.com",
    "passwordProfile": {
        "forceChangePasswordNextSignIn": true,
        "password": "Pass123!"
    }
}

Tips for Effective Use

• Password policy: Ensure passwords meet your organization's complexity requirements
• Unique userPrincipalName: Each user must have a unique userPrincipalName
• Force password change: Use forceChangePasswordNextSignIn: true for security
• Usage location: Set usageLocation if you plan to assign licenses later
• Error handling: Use Try-Catch to handle duplicate user errors gracefully
• Validation: Validate email format and required fields before creating users
• Bulk operations: Add delays between bulk user creations to avoid throttling
• Store user IDs: Save the returned user ID for subsequent operations

Common Errors and Solutions

"Response Status is not OK - User already exists"

Cause: A user with the same userPrincipalName already exists.

Solution:

• Check if user exists using Get User before creating
• Use unique userPrincipalName values
• Consider updating the existing user instead

// Check before creating
try {
    // Get User node
    existingUser = getUser(email)
    // User exists, update instead
} catch (error) {
    // User doesn't exist, create new
    createUser(properties)
}

"Password does not meet complexity requirements"

Cause: Password doesn't meet Azure AD password policy.

Solution:

• Use passwords with at least 8 characters
• Include uppercase, lowercase, numbers, and special characters
• Don't use common words or patterns

// Strong password example
"passwordProfile": {
    "password": "Wk#m9$Lp2024!"
}

"Invalid userPrincipalName format"

Cause: userPrincipalName is not in correct email format.

Solution:

• Use format: username@domain.onmicrosoft.com
• Only use verified domains for your tenant
• Check for special characters or spaces

// Correct format
"userPrincipalName": "john.doe@contoso.onmicrosoft.com"

// Incorrect formats
"userPrincipalName": "johndoe"  // Missing domain
"userPrincipalName": "john doe@contoso.onmicrosoft.com"  // Contains space

"Either Client Secret with Tenant ID and Client ID, or Access ID must be provided"

Cause: Neither access ID nor complete credentials were provided.

Solution: Use one of these approaches:

// Option 1: Use Connect node
access_id = message.access_id

// Option 2: Provide all credentials
tenant_id = "your-tenant-id"
client_id = "your-client-id"
// Set Client Secret option from vault

"Property mailNickname is invalid"

Cause: mailNickname contains invalid characters or format.

Solution:

• Use only alphanumeric characters, hyphens, and underscores
• Don't start or end with special characters
• Keep it under 64 characters

// Valid mailNickname
"mailNickname": "john_doe"
"mailNickname": "john-doe2024"

// Invalid mailNickname
"mailNickname": "john.doe"  // Contains period
"mailNickname": "john@doe"  // Contains @

Best Practices

1. Standardized naming: Use consistent naming conventions for userPrincipalName and mailNickname
2. Password management: Generate strong, random passwords and force change on first sign-in
3. Complete profiles: Populate as many user properties as possible for better directory information
4. Error handling: Always use Try-Catch blocks when creating users
5. Validation: Validate input data before attempting user creation
6. Audit logging: Log user creation activities for compliance and troubleshooting
7. Throttling: When creating many users, add delays to respect API rate limits
8. Testing: Test user creation flow in development before running in production
9. Cleanup: Have a process to handle failed user creations and cleanup if needed
10. Documentation: Document the user creation process and required properties

Related Nodes

• Connect - Establish Azure AD connection
• Get User - Retrieve user information
• Update User - Update user properties
• Delete User - Delete users
• Add User To Group - Add users to groups
• List All Users - List all users