Hi Christine,
The Create AD User will create an entry in Active Directory and it will be active immediately. It also optionally autogenerates a password for the user. It will not add them to any groups or assign different permissions. There are other actions that you can use to add the newly created person to groups (e.g. Add user to AD Group, set item permissions).
There's more info in the help documentation.
Cheers,
Chris
For testing purposes you could create a new Organizational Unit (OU) for testing. Then make sure that no Group policies (GPO) or other automation are active on the new OU.
I have used this approach on several projects in the past.
Thanks Ben. Is there a way to create the account but keep it disabled until the Security team do their checklist then enable it?
Thanks Fredrik. That's a good point. I'll give it a try.. appreciated.
End result: We will keep the newly created users in the test OU (new OU) that has no permissions, then manually someone will go in there and place it in the correct OU based on position/department/status. There is too many rules to think of to just to place the user in the correct OU and also trying to mitigate any security concerns for now.
Hi Christine,
we set an Expiry date (past date) on the account that is created. This way the user account is active but expired. This was needed in our case, as we provision different access based on that account. The user, even if they want to connect will not be able to connect as its an expired account.
Once we have set all in place, we set the account back to 'Not Expire'.
Also, we create the users in a New OU as Fredrik Andersen have mentioned.
Many ways, what works out best for your scenario should be considered.