How to use the 'Add user to AD group' step

Last modified:

Overview

This article will lay out the requirements needed for the workflow step to add users to an Active Directory group.  

1.  The Cloudficient service account configured for EVComplete must have permission to modify group membership (minimally, the add permission).  


2. The Distinguished Name of the AD group is needed.  The PowerShell cmdlet below will provide this info as shown:

Get-ADGroup -Identity AZ Licensing-Exchange

DistinguishedName : CN=Administrators,CN=Builtin,DC=Fabrikam,DC=com

GroupCategory : Security

GroupScope : DomainLocal

Name : Administrators

ObjectClass : group

ObjectGUID : 02ce3874-dd86-41ba-bddc-013f34019978

SamAccountName : Administrators

SID : S-1-5-32-544

3. The Bridgehead server requires the Active Directory Module for Powershell feature installed.  

Image 222


4.  The Microsoft Graph permissions for the Azure application must also be added. For details, request the latest pre-requisites guide from your consultant.  Note: this only applies to customer installations deployed before October 2023.  New installs should already have the required permissions. 


Once all the above have been completed, the workflow step can be configured.  

Note:  if the step fails with a "phase 1" error, refer to the following article: 

https://support.cloudficient.com/knowledge-bases/2/articles/152-issue-add-user-to-ad-group-step-fails-with-error-execute-addusertoadgroup-phase-1

Is this article helpful for you?
HOW TO: Show number of items per folder in O365 Mailbox
ISSUE: Disable Archive step fails with error 'Object reference not set to an instance of an object'
Customer support portal powered by UserEcho