IA-Connect JML

Reference

IA-Connect is a Robotic Process Automation 'RPA' platform which adds RPA functionality from the Cloud to on-premises virtual machines or over Citrix or Microsoft Remote Desktop 'RDS' connections. This is the module for automating Joiner, Mover, Leaver processes.

This connector is available in the following products and regions:

Service	Class	Regions
Copilot Studio	Premium	All Power Automate regions except the following: - US Government (GCC) - US Government (GCC High) - China Cloud operated by 21Vianet - US Department of Defense (DoD)
Logic Apps	Standard	All Logic Apps regions except the following: - Azure Government regions - Azure China regions - US Department of Defense (DoD)
Power Apps	Premium	All Power Apps regions except the following: - US Government (GCC) - US Government (GCC High) - China Cloud operated by 21Vianet - US Department of Defense (DoD)
Power Automate	Premium	All Power Automate regions except the following: - US Government (GCC) - US Government (GCC High) - China Cloud operated by 21Vianet - US Department of Defense (DoD)

Contact
Name	Ultima Labs
URL	https://www.ultima.com/ultima-labs
Email	IAConnect@ultima.com

Connector Metadata
Publisher	Ultima Business
Website	https://www.ultima.com/ultima-labs
Privacy policy	https://www.ultima.com/privacy-policy
Categories	IT Operations;Productivity

IA-Connect is a Robotic Process Automation (RPA) platform which adds RPA functionality from Power Automate Cloud Flows to on-premises virtual machines or over Citrix or Microsoft Remote Desktop (RDS) connections. The IA-Connect Connectors provide over 800 actions, allowing you to automate every type of on-premise application directly from a Power Automate Cloud Flow. All IA-Connect actions are available directly from your Power Automate Cloud Flow providing easy integration between Cloud based and on-premises applications, the ability to leverage existing Power Automate conditions, loops, dynamic content, expressions and exception handling in your RPA processes. Utilising the IA-Connect Connectors also provides full execution history and auditability from the Flow run history whilst also removing the need to have a separate application/console/studio for developing your RPA processes.

Prerequisites

To use any of the IA-Connect Connectors, you must install the IA-Connect software. This is free to test for 30 days, following which you will require an IA-Connect license.

The IA-Connect software consists of two main components:

The IA-Connect Orchestrator, which is an Azure WebApp which you would host in your own Azure tenant. This handles the routing and security of RPA Flows to one or more on-premises or cloud-based virtual machines.
The IA-Connect Agent and Director, which is installed onto the virtual machines where the software you wish to automate is accessible. Additionally, the IA-Connect Agent can run inside a Citrix or Microsoft Remote Desktop Services (RDS) session, where the RPA commands are passed down a virtual channel into the remote session for execution. The IA-Connect Agent can be run from a network share and does not require installation.

Available IA-Connect Connectors

The available IA-Connect Connectors are:

IA-Connect Dynamic Code
IA-Connect Java
IA-Connect JML
IA-Connect Mainframe
IA-Connect Microsoft Office
IA-Connect SAP GUI
IA-Connect Session
IA-Connect UI
IA-Connect Web Browser

How to get credentials

In order to receive your license and begin your 30-day free trial, please submit a request on our website (https://www.ultima.com/IA-Connect/Power-Automate).

Once a trial request is received, we will contact you via the email address provided to assist with setting up the IA-Connect software and to provide you with the trial license. This is a fully featured trial and will enable you to test any of the 800 actions across all 9 IA-Connect Connectors within your own environment during the trial period.

Get started with your connector

After submitting a trial request for IA-Connect, you will be able to download a ZIP file containing the IA-Connect software and documentation covering the installation and setup. We will also contact you to offer support and guidance through the installation process as required.

Support

During the trial period, you can contact Ultima Labs (IAConnect@ultima.com) for support and assistance.

Upon purchasing IA-Connect licenses you will receive support tokens which can be redeemed for bespoke training or support from Ultima's UK-based Technical Service Centre (TSC).

Known issues, common errors and FAQs

Our Knowledge Base contains a number of articles covering any known issues, common errors that may occur when using the IA-Connect Connectors and frequently asked questions. This is accessible at https://support.ultima.com/ultimalabs and an account to access these resources is provided during the IA-Connect trial and upon purchasing an IA-Connect license.

Creating a connection

The connector supports the following authentication types:


Default	Parameters for creating connection.	All regions	Not shareable

Default

Applicable: All regions

Parameters for creating connection.

This is not shareable connection. If the power app is shared with another user, another user will be prompted to create new connection explicitly.

Name	Type	Description	Required
API Key	securestring	The API Key for this api	True
IA-Connect Orchestrator address	string	Specify the IA-Connect Orchestrator address without the HTTP(S) component	True

Throttling Limits

Name	Calls	Renewal Period
API calls per connection	100	60 seconds

Actions

Add Active Directory group	Creates a new Active Directory group.
Add Active Directory group member	Add an Active Directory object (typically a user, group or computer) to an existing Active Directory group. If group and group member are in different domains, you will need to specify the Distinguished Name (DN) for both group and members.
Add Active Directory object to multiple groups	Add an Active Directory object (typically a user, group or computer) to multiple existing Active Directory groups. IA-Connect adds the object to as many groups as possible and reports on the outcome. If the object is already a member of one or more of the specified groups, this is counted as a success.
Add Active Directory OU	Creates a new Active Directory Organizational Unit (OU).
Add Active Directory user	Creates a new Active Directory user account.
Add Azure AD user	Creates a new Azure Active Directory user account. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.
Add Azure AD user to group	Add an Azure Active Directory user to an existing Azure Active Directory security or M365 group. This action cannot modify distribution lists or mail-enabled security groups - use the Office 365 Exchange Online actions instead. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.
Add Azure AD user to multiple groups	Adds an Azure Active Directory user to multiple existing Azure Active Directory groups where the groups are specified by object Id or display name. IA-Connect adds the user to as many groups as possible and reports on the outcome. This action cannot modify distribution lists or mail-enabled security groups - use the Office 365 Exchange Online actions instead. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.
Add Microsoft Exchange mailbox permission	Assign mailbox permissions to an Active Directory object (e.g. user or group).
Add Microsoft Exchange mailbox permission to user	Assign mailbox permissions to a specified mailbox user, user or security group.
Add Microsoft Exchange member to distribution group	Add a member (for example a user) to an Exchange distribution group. If the member is already in the group, no action is taken.
Add multiple Active Directory group members	Add one or more Active Directory objects (typically users, groups or computers) to an existing Active Directory group. IA-Connect adds as many members to the group as possible and reports on the outcome. If group and group member are in different domains, you will need to specify the Distinguished Name (DN) for both group and members. If some of the objects are already a member of the group, this is counted as a success.
Add Office 365 mailbox permission to user	Assign Microsoft Exchange Online or Office 365 mailbox permissions to a specified mailbox user, user or security group.
Add Office 365 member to distribution group	Add a member to a Microsoft Exchange Online or Office 365 distribution group or mail-enabled security group.
Assign Azure AD user to admin role	Assign an Azure Active Directory user (or other object) to an existing Azure Active Directory admin role. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.
Assign Azure AD user to multiple admin roles	Assign an Azure Active Directory user (or other object) to one or more existing Azure Active Directory admin roles. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.
Check Active Directory OU exists	Reports if an Active Directory Organizational Unit (OU) exists.
Clear Active Directory user account expiration	Clears the expiration date for an Active Directory account.
Clone Active Directory user group membership	Adds the destination Active Directory user to the same Active Directory groups that the first user is a member of, minus the primary group (usually 'Domain users') since it technically isn't a membership.
Clone Active Directory user properties	Configures the specified properties / attributes of the source Active Directory user to the destination Active Directory user.
Connect to Active Directory with credentials	Allows you to specify an alternative account to use when running Active Directory PowerShell commands. This affects all Active Directory commands issued after this action. If you don't use this action then all Active Directory PowerShell commands will run as the user account the IA-Connect Agent is running as.
Connect to Azure AD with certificate	Connects IA-Connect to Azure Active Directory (also known as Microsoft Entra ID, Azure AD or AAD). This action (or 'Connect to Azure AD with credentials') must be issued before running any other Azure AD actions. This action requires an Azure Service Principal and Azure AD app registration with certificate to be setup in Azure AD before it will work, but has the advantage of not requiring MFA (2FA). This action uses Azure AD v2 or Microsoft Graph PowerShell modules.
Connect to Azure AD with credentials	Connects IA-Connect to Azure Active Directory (also known as Microsoft Entra ID, Azure AD or AAD). This action (or 'Connect to Azure AD with certificate') must be issued before running any other Azure AD actions. This action either requires an account which doesn't use MFA (2FA) or you'll need to use the UI automation module to automate the 2FA component (i.e. the one-time password authentication popup). Alternatively, use the action 'Connect to Azure AD with certificate'. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules.
Connect to default Active Directory domain	Connects the IA-Connect Agent to the Domain the computer running the IA-Connect Agent is a member of, using the account the IA-Connect Agent is running as (i.e. the default behaviour).
Connect to JML environment	Connect to a JML environment where the details of that environment are held in the IA-Connect Orchestrator. These details can include credentials, addresses and other connectivity settings. For example you can use this action to connect to Active Directory, Microsoft Exchange, Azure AD or Office 365 Exchange Online.
Connect to Microsoft Exchange	Connects IA-Connect to a Microsoft Exchange server. This action must be issued before running any other Exchange actions. If you specify a username and password, all subsequent Exchange actions will run as that account. If you don't specify a username and password, all subsequent Exchange actions will run as the user account the IA-Connect Agent is running as.
Connect to Office 365 with certificate	Connects IA-Connect to Office 365 using the Office 365 PowerShell modules. This action (or 'Connect to Office 365 with credentials') must be issued before running any other Office 365 actions. This action requires an Azure AD app registration with certificate and the correct roles to be setup in Azure AD before it will work, but has the advantage of not requiring MFA (2FA).
Connect to Office 365 with credentials	Connects IA-Connect to Office 365 using the Office 365 PowerShell modules. This action (or 'Connect to Office 365 with certificate') must be issued before running any other Office 365 actions. This action either requires an account which doesn't require MFA (2FA) or you'll need to use the UI automation module to automate the 2FA component (i.e. the one-time password authentication popup). Alternatively, use the action 'Connect to Office 365 with certificate'.
Create a Microsoft Exchange mailbox for a user	Creates a Microsoft Exchange mailbox for an existing user who doesn't already have a mailbox.
Create a new Azure AD Microsoft 365 group	Creates a new Azure Active Directory Microsoft 365 group. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.
Create a new Azure AD security group	Creates a new Azure Active Directory security group. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.
Create a new Microsoft Exchange distribution group	Creates a new Microsoft Exchange distribution group or mail-enabled security group.
Create a new Office 365 distribution group	Creates a new Microsoft Exchange Online or Office 365 distribution group or mail-enabled security group.
Create Microsoft Exchange mailbox and user account	Create a mail-enabled user in on-premises Active Directory and create an associated mailbox in Microsoft Exchange. Only use this action if the user doesn't exist in on-premises Active Directory. If the user already exists, use the action 'Create a Microsoft Exchange mailbox for a user'.
Create Microsoft Exchange Online mailbox and user account	Create a mail-enabled user in on-premises Active Directory and create an associated remote mailbox in Microsoft Exchange Online or Office 365. Only use this action if the user doesn't exist in on-premises Active Directory. If the user already exists, use the action 'Create Microsoft Exchange Online mailbox for a user'. The request is sent via your on-premises Microsoft Exchange server which must be setup for a hybrid deployment.
Create Microsoft Exchange Online mailbox for a user	Creates a Microsoft Exchange Online or Office 365 (remote) mailbox or archive mailbox for an existing user in on-premises Active Directory who doesn't already have a mailbox. The request is sent via your on-premises Microsoft Exchange server which must be setup for a hybrid deployment. You can also use this action to archive an existing remote mailbox.
Create Office 365 archive mailbox for existing user	Creates a archived mailbox in Microsoft Exchange online for an existing user in Azure Active Directory / Entra ID. The user must have already have a mailbox and suitable license.
Create Office 365 mailbox and user account	Create a mailbox in Microsoft Exchange online and a user account in Azure Active Directory / Entra ID. Only use this action if the user doesn't already exist in Azure Active Directory / Entra ID. If the user already exists, assign a suitable license to the user account instead.
Create Office 365 shared mailbox and user account	Create a shared mailbox in Microsoft Exchange online and a user account in Azure Active Directory / Entra ID. Only use this action if the user doesn't already exist in Azure Active Directory / Entra ID. The shared mailbox SMTP address will be based on the name, alias or primary SMTP address (depending on which inputs are provided).
Disable Active Directory user account	Disables an Active Directory user account. If a user account is disabled, the user cannot logon.
Disable Azure AD user	Disables an Azure Active Directory user. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.
Disable the Microsoft Exchange mailbox for a user	Disable an existing Microsoft Exchange mailbox.
Disable the Microsoft Exchange Online mailbox for a user	Disable an existing Microsoft Exchange Online or Office 365 (remote) mailbox. The request is sent via your on-premises Microsoft Exchange server which must be setup for a hybrid deployment.
Disconnect from Active Directory	If you have used the action 'Open Active Directory PowerShell runspace with credentials' to run Active Directory PowerShell commands as an alternative user account or to an alternative domain, this action returns the IA-Connect Agent to the default behaviour of running Active Directory actions as the user account the IA-Connect Agent is running as.
Disconnect from Azure AD	Disconnects IA-Connect from Azure Active Directory (also known as Microsoft Entra ID, Azure AD or AAD). You will not be able to issue Azure AD actions again until you reconnect. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to originally connect.
Disconnect from Microsoft Exchange	Disconnects IA-Connect from a Microsoft Exchange server (connected using the action 'Connect to Microsoft Exchange'). You will not be able to issue Microsoft Exchange PowerShell actions again until you reconnect.
Disconnect from Office 365	Disconnects IA-Connect from Office 365 using the Office 365 PowerShell modules (connected using the action 'Connect to Office 365'). You will not be able to issue Office 365 PowerShell actions again until you reconnect.
Does Active Directory group exist	Returns whether a specified Active Directory group exists.
Does Microsoft Exchange mailbox exist	Returns whether the specified Exchange mailbox exists.
Does Microsoft Exchange Online mailbox exist	Returns whether the specified Microsoft Exchange Online or Office 365 (remote) mailbox exists. The request is sent via your on-premises Microsoft Exchange server which must be setup for a hybrid deployment.
Does Office 365 mailbox have an archive	Reports whether an existing mailbox in Microsoft Exchange online has an archive mailbox. If the mailbox does not exist, an exception will be raised.
Enable Active Directory user account	Enables an Active Directory user account. If the account is not disabled, this command does nothing.
Enable Azure AD user	Enables an Azure Active Directory user. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.
Get Active Directory domain FQDN from DN	A utility function. Given an Active Directory user's Distinguished Name (DN), returns the Active Directory domain containing the user.
Get Active Directory domain info	Retrieves information about an Active Directory domain.
Get Active Directory group	Returns the properties of a specified Active Directory group or groups. You can search either by identity (to locate a single group) or using a filter (to locate one or more groups).
Get Active Directory group members	Returns a list of members of an Active Directory group.
Get Active Directory OU from user DN	A utility function. Given an Active Directory user's Distinguished Name (DN), returns the Organizational Unit (OU) the user is located within.
Get Active Directory user	Returns the properties of a specified Active Directory user. You can search either by identity (to locate a single user) or using a filter (to locate one or more users).
Get Active Directory user group membership	Returns a list of Active Directory groups the specified user is a member of, minus the primary group (usually 'Domain users') since it technically isn't a membership. This action only works with user accounts, you cannot use this action to query group membership of groups or computers.
Get Azure AD group members	Returns a list of members of an Azure Active Directory group. Members could be users, groups, devices or service principals / enterprise applications. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.
Get Azure AD groups	Returns the details of groups in Azure Active Directory (also known as Microsoft Entra ID, Azure AD or AAD). You can search by object Id or using a filter. An object Id search should return 0 or 1 results. A filter search could return 0 or more results. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.
Get Azure AD license SKUs	Returns a list of Azure Active Directory license Stock Keeping Units (SKUs) which the connected Azure AD is subscribed to. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.
Get Azure AD user admin role assignments	Returns a list of Azure Active Directory admin roles the specified user is assigned to. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.
Get Azure AD user group membership	Returns a list of Azure Active Directory groups the specified user is a member of. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.
Get Azure AD user license service plans	Retrieves a list of licenses plans assigned to a specified Azure AD user license (SKU). For example: If the user has the FLOW_FREE license assigned, this will allow you to view which service plans they have provisioned to that license. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.
Get Azure AD user licenses	Retrieves a list of licenses (SKU) assigned to a Azure AD user. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.
Get Azure AD users	Returns the details of users in Azure Active Directory (also known as Microsoft Entra ID, Azure AD or AAD). You can search by object Id or using a filter. An object Id search should return 0 or 1 results. A filter search could return 0 or more results. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.
Get Microsoft Exchange distribution group members	Retrieve a list of the members of a Microsoft Exchange Distribution group.
Get next available account name	Given details regarding the naming format for Active Directory and Exchange account names, provides the details of the next available spare account name. Used to determine which Active Directory and Exchange account to create for a given user. This action does not create any accounts, it provides information regarding name availability.
Get Office 365 distribution group	Returns the properties of the specified Microsoft Exchange Online or Office 365 distribution groups or mail-enabled security groups. You can search by Identity or using a filter. An Identity search should return 0 or 1 results. A filter search could return 0 or more results.
Get Office 365 distribution group members	Retrieve a list of the members of a Microsoft Exchange Online or Office 365 distribution group or mail-enabled security group.
Get Office 365 mailbox	Returns the properties of the specified Microsoft Exchange Online or Office 365 mailbox.
Is Azure AD PowerShell module installed	Reports if the PowerShell modules required for Azure Active Directory (also known as Microsoft Entra ID, Azure AD or AAD) are installed on the computer where the IA-Connect Agent is running. This action checks for the Azure AD v2 and Microsoft Graph Users PowerShell modules.
Is Azure AD user assigned to admin role	Returns whether an Azure Active Directory user is assigned to an Azure Active Directory admin role. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.
Is connected to Active Directory	Reports if IA-Connect is connected to Active Directory. By default, IA-Connect is automatically connected to the Domain the computer running the IA-Connect Agent is a member of, using the account the IA-Connect Agent is running as. Use the action 'Connect to Active Directory with credentials' to connect using alternative credentials or to an alternative domain.
Is connected to Azure AD	Reports if IA-Connect is connected to Azure Active Directory (also known as Microsoft Entra ID, Azure AD or AAD). Use one of the 'Connect to Azure AD' actions to connect.
Is connected to Microsoft Exchange	Reports if IA-Connect is connected to a Microsoft Exchange server. Use the action 'Connect to Microsoft Exchange' to connect.
Is connected to Office 365	Reports if IA-Connect is connected to Office 365 using the Office 365 PowerShell modules. Use the action 'Connect to Office 365' to connect.
Is user in Azure AD user group	Returns whether a user is a member of an Azure Active Directory group. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.
Modify a Microsoft Exchange mailbox email addresses	Modify the email addresses on a Microsoft Exchange mailbox. You can add, remove and replace primary and alias email addresses.
Modify a Microsoft Exchange Online mailbox email addresses	Modify the email addresses on an existing Microsoft Exchange Online or Office 365 (remote) mailbox. You can add, remove and replace primary and alias email addresses. The request is sent via your on-premises Microsoft Exchange server which must be setup for a hybrid deployment.
Modify Active Directory common user properties	Modify common properties of an Active Directory user. You can only assign values to properties, not set them to blank. To set properties to blank, use the action 'Modify Active Directory user string properties'.
Modify Active Directory user boolean property	Modify an individual boolean (true / false) property of an Active Directory user. This allows you to modify a very specific user setting, including custom properties.
Modify Active Directory user home folder	Sets the home folder / directory / drive for an Active Directory user.
Modify Active Directory user string properties	Modify individual string property(s) of an Active Directory user. This allows you to modify very specific user settings, including custom properties. You can also set individual user properties to blank.
Modify Azure AD user properties	Modify common properties of an Azure Active Directory user. You can only assign values to properties, not set them to blank, because a blank value is interpreted as a intent to leave the value unchanged. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.
Move Active Directory user to OU	Moves an Active Directory user to an existing Active Directory Organizational Unit (OU).
Perform Active Directory DirSync	Performs a synchronisation between Active Directory (on-premises) and Azure Active Directory (cloud). This command must be issued to the server with the 'DirSync' role (i.e. the computer performing the synchronisation).
Remove Active Directory group	Removes a group from Active Directory. If there are objects (for example users, groups or computers) in the group, those objects will be removed as part of the group deletion.
Remove Active Directory group member	Removes an Active Directory member (user, group or computer) from an Active Directory group.
Remove Active Directory object from multiple groups	Removes an Active Directory object (typically a user, group or computer) from multiple existing Active Directory groups. IA-Connect removes the object from as many groups as possible and reports on the outcome. If the object isn't a member of one or more of the specified groups, this is counted as a success.
Remove Active Directory OU	Removes an Organizational Unit (OU) from Active Directory. The OU cannot be deleted if there are objects (for example users, groups or computers) in the OU.
Remove Active Directory user	Removes a user from Active Directory.
Remove Active Directory user from all groups	Removes an Active Directory user from all of the Active Directory groups they are a member of. IA-Connect removes the user from as many groups as possible and reports on the outcome. This action only works with user accounts, you cannot use this action to remove a group or computer's group memberships.
Remove all Azure AD user licenses	Removes all Azure AD user license (SKU) assigned to a user. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.
Remove Azure AD security or Microsoft 365 group	Remove an Azure Active Directory security group or Microsoft 365 group. This action cannot remove mail enabled security groups or distribution lists: Use the action 'Remove Office 365 distribution group' instead. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.
Remove Azure AD user	Remove an Azure Active Directory user. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.
Remove Azure AD user from admin role assignment	Remove an Azure Active Directory user (or other object) from an existing Azure Active Directory admin role assignment. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.
Remove Azure AD user from all admin role assignments	Removes an Azure Active Directory user (or other object) from all of the Azure Active Directory admin roles they are assigned to. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.
Remove Azure AD user from all groups	Removes an Azure Active Directory user from all of the Azure Active Directory groups they are a member of. This action cannot modify distribution lists or mail-enabled security groups - use the Office 365 Exchange Online actions instead. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.
Remove Azure AD user from group	Removes an Azure Active Directory user from an Azure Active Directory group. This action cannot modify distribution lists or mail-enabled security groups - use the Office 365 Exchange Online actions instead. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.
Remove Azure AD user from multiple admin roles	Removes an Azure Active Directory user (or other object) from one or more existing Azure Active Directory admin roles. This action iterates through the list of user's role assignments and removes matching items, so if you specify non-existent roles to remove, this doesn't trigger an error (since if the user isn't in that role, nothing is attempted). This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.
Remove Azure AD user from multiple groups	Removes an Azure Active Directory user from multiple existing Azure Active Directory groups where the groups are specified by object Id or display name. IA-Connect removes the user from as many groups as possible and reports on the outcome. This action cannot modify distribution lists or mail-enabled security groups - use the Office 365 Exchange Online actions instead. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.
Remove Microsoft Exchange distribution group	Remove a Microsoft Exchange distribution group.
Remove Microsoft Exchange mailbox permission from user	Remove mailbox permissions from a specified mailbox user, user or security group.
Remove Microsoft Exchange member from distribution group	Remove a member (for example a user) from an Exchange distribution group. If the member is not in the group, no action is taken.
Remove multiple Active Directory group members	Remove one or more Active Directory objects (typically users, groups or computers) from an existing Active Directory group. IA-Connect removes as many members from the group as possible and reports on the outcome. If group and group member are in different domains, you will need to specify the Distinguished Name (DN) for both group and members. If some of the objects aren't a member of the group, this is counted as a success.
Remove Office 365 distribution group	Remove a Microsoft Exchange Online or Office 365 distribution group or mail-enabled security group.
Remove Office 365 mailbox from all distribution groups	Remove a mailbox from all Microsoft Exchange Online or Office 365 distribution groups or mail-enabled security groups that it is a member of.
Remove Office 365 mailbox permission from user	Remove Microsoft Exchange Online or Office 365 mailbox permissions from a specified mailbox user, user or security group.
Remove Office 365 member from distribution group	Remove a member from a Microsoft Exchange Online or Office 365 distribution group or mail-enabled security group.
Reset Active Directory user password	Resets an Active Directory user's password with a new password and optionally set password properties.
Reset Azure AD user password	Resets an Azure Active Directory user's password with a new password. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.
Reset Azure AD user properties	Reset common properties of an Azure Active Directory user to a blank value. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.
Reset the properties on a Microsoft Exchange mailbox	Set the specified properties of an existing Microsoft Exchange mailbox to blank.
Reset the properties on a Microsoft Exchange Online mailbox	Set the specified properties of an existing Microsoft Exchange Online or Office 365 (remote) mailbox to blank. The request is sent via your on-premises Microsoft Exchange server which must be setup for a hybrid deployment.
Retrieve a Microsoft Exchange mailbox email addresses	Retrieves a list of all email addresses assigned to a Microsoft Exchange mailbox. This includes the primary SMTP address, proxy email addresses, X.400 addresses and EUM (Exchange Unified Messaging) addresses.
Retrieve a Microsoft Exchange Online mailbox email addresses	Retrieves a list of all email addresses assigned to an existing Microsoft Exchange Online or Office 365 (remote) mailbox. This includes the primary SMTP address, proxy email addresses, X.400 addresses and EUM (Exchange Unified Messaging) addresses. The request is sent via your on-premises Microsoft Exchange server which must be setup for a hybrid deployment.
Retrieve Microsoft Exchange distribution group details	Retrieve the details of a Microsoft Exchange Distribution group. You can search by Identity or using a filter. An Identity search should return 0 or 1 results. A filter search could return 0 or more results.
Retrieve Microsoft Exchange mailbox details	Returns the properties of the specified Exchange mailbox. You can search by Identity or using a filter. An Identity search should return 0 or 1 results. A filter search could return 0 or more results.
Retrieve Microsoft Exchange mailbox distribution group membership	Retrieve which distribution groups a mailbox is a member of.
Retrieve Microsoft Exchange Online mailbox details	Returns the properties of the specified Microsoft Exchange Online or Office 365 (remote) mailbox. The request is sent via your on-premises Microsoft Exchange server which must be setup for a hybrid deployment. You can search by Identity or using a filter. An Identity search should return 0 or 1 results. A filter search could return 0 or more results.
Retrieve Office 365 mailbox distribution group membership	Retrieve which distribution groups or mail-enabled security groups an Office 365 or Exchange Online mailbox is a member of.
Run Active Directory PowerShell script	Runs a PowerShell script in the Active Directory runspace in the session where the IA-Connect Agent is running, where the script contents are passed to the IA-Connect Agent as part of the command. This is the recommended action for running your own custom Active Directory PowerShell code. This action can also be used to retrieve the results from a previous execution of a PowerShell script, run as an Agent thread.
Run Azure AD PowerShell script	Runs a PowerShell script in the Azure Active Directory (also known as Microsoft Entra ID, Azure AD or AAD) runspace in the session where the IA-Connect Agent is running, where the script contents are passed to the IA-Connect Agent as part of the command. This is the recommended action for running your own custom Azure AD PowerShell scripts. This action can also be used to retrieve the results from a previous execution of a PowerShell script, run as an Agent thread. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules.
Run Exchange PowerShell script	Runs a PowerShell script in the Exchange runspace in the session where the IA-Connect Agent is running, where the script contents are passed to the IA-Connect Agent as part of the command. This is the recommended action for running your own custom Exchange PowerShell code. This action can also be used to retrieve the results from a previous execution of a PowerShell script, run as an Agent thread.
Run Office 365 PowerShell script	Runs a PowerShell script in the Office 365 runspace in the session where the IA-Connect Agent is running, where the script contents are passed to the IA-Connect Agent as part of the command. This is the recommended action for running your own custom Office 365 Exchange Online PowerShell code. This action can also be used to retrieve the results from a previous execution of a PowerShell script, run as an Agent thread.
Set Active Directory server	Sets a specific Active Directory server to use for all further Active Directory actions.
Set Active Directory user account expiration end of date	Sets the account expiration end of date for an Active Directory user account. This is the last full day in which the account is usable, so technically the account expires at the start of the next day. The IA-Connect Agent is aware of this and automatically adds 1 day to the provided input date when storing the date in Active Directory.
Set Active Directory user protected from accidental deletion	Sets an Active Directory account to be protected (or not protected) from accidental deletion. If you protect an account from accidental deletion, you cannot delete that account until you remove the protection.
Set automatic replies (Out of Office) for a Microsoft Exchange mailbox	Set automatic replies (Out of Office) for a Microsoft Exchange mailbox. This action won't work for remote mailbox in Microsoft Exchange Online or Office 365: Use the action 'Set automatic replies (Out of Office) for an Office 365 mailbox' instead.
Set automatic replies (Out of Office) for an Office 365 mailbox	Set automatic replies (Out of Office) for a Microsoft Exchange Online or Office 365 mailbox.
Set Azure AD user's manager	Set an Azure Active Directory user's manager. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.
Set Azure AD user license	Adds or removes an Azure AD user license (SKU). This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.
Set Exchange mailbox send on behalf of	Specify who can send on behalf of this existing mailbox.
Set Exchange to view entire Active Directory forest	Specify whether the entire Active Directory forest (including sub-domains) is searched / viewed when performing Exchange actions. You may need to use this action if you have multiple linked domains.
Set the properties on a Microsoft Exchange mailbox	Set the properties of an existing Microsoft Exchange mailbox.
Set the properties on a Microsoft Exchange Online mailbox	Set the properties of an existing Microsoft Exchange Online or Office 365 (remote) mailbox. The request is sent via your on-premises Microsoft Exchange server which must be setup for a hybrid deployment.
Set the properties on a Office 365 mailbox	Set the properties on a Microsoft Exchange Online or Office 365 mailbox.
Unlock Active Directory account	Unlock an Active Directory account. If the account is not locked, this command does nothing.
Wait for a Office 365 mailbox	Wait for a specified Microsoft Exchange Online or Office 365 mailbox to exist. This is common if you are waiting for an AD sync or license setting to take effect. If the mailbox already existed, the action will immediately return successful.

Add Active Directory group

Operation ID:: ActiveDirectoryAddADGroup

Creates a new Active Directory group.

Parameters

Name	Key	Required	Type	Description
Name	Name	True	string	The name of the Active Directory group. This appears in the 'Name' column in AD users and computers and in the top of the Group 'General' tab (in the title).
SAM account name	SamAccountName		string	The group name (pre-Windows 2000) in Active Directory. This is in the format 'name' (e.g. 'TestGroup1').
Path	Path		string	The Organizational Unit (OU) in which to store the group in Distinguished Name format (e.g. OU=Target OU,OU=London,DC=mydomain,DC=local), GUID format or as a path (e.g. MyGroups\London). If this is left blank, the group will be created in the 'Users' OU.
Description	Description		string	The optional group description.
Notes	Notes		string	The optional group notes.
Display name	DisplayName		string	The optional group display name. Unlike user accounts, a group display name doesn't show in AD users and computers.
Group category	GroupCategory	True	string	The type of group to create. A security group is typically used to manage user and computer access to IT resources. A distribution group is typically used to create a group email, allowing you to email a group of users.
Group scope	GroupScope	True	string	The scope of the group to create. There are a complex set of rules describing where a group can be referenced and what can be placed in a group, depending on that group's scope. You cannot always convert to another group scope later, so you should pick the correct scope at creation.
Home page	HomePage		string	The optional group home page.
Managed by	ManagedBy		string	Specifies the user or group that manages this group. You can specify this input in Distinguished Name format (e.g. CN=MrBig,OU=London,DC=mydomain,DC=local), GUID format, SID or SAMAccountName (e.g. 'MrBig').
Protected from accidental deletion	ProtectedFromAccidentalDeletion		boolean	Set to true to protect this group from accidental deletion. Set to false to leave the group at the default of not being protected from accidental deletion.
AD server	ADServer		string	The optional name or Fully Qualified Domain Name (FQDN) of an Active Directory Domain Controller (DC) to contact to perform the requested action. If left blank, the Active Directory Domain Controller (DC) is automatically determined using site settings.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
PowerShell output JSON	PowerShellJSONOutput	string	The output of the PowerShell script, formatted as JSON.
Created group Distinguished Name	CreatedGroupDistinguishedName	string	The Active Directory Distinguished Name (DN) of the created group.
Created group SAM Account Name	CreatedGroupSAMAccountName	string	The Active Directory SAM Account Name of the created group.

Add Active Directory group member

Operation ID:: ActiveDirectoryAddADGroupMemberByIdentity

Add an Active Directory object (typically a user, group or computer) to an existing Active Directory group. If group and group member are in different domains, you will need to specify the Distinguished Name (DN) for both group and members.

Parameters

Name	Key	Required	Type	Description
Group identity	GroupIdentity		string	The identity of the Active Directory group. You can specify a group by Distinguished Name (e.g. CN=Group1,OU=My Groups,DC=mydomain,DC=local), GUID, SID, or SAMAccountName / pre-2K name (e.g. 'Group1'). You cannot use display name or group name (although group name will often be the same as pre-2K name which can be used).
Group name	GroupName		string	As an alternative to searching by identity, provide the pre-2K name (SAMAccountName) of the Active Directory group. Since the 'Group identity' input also accepts the pre-2K name, this input is now redundant, but maintained for backwards compatibility.
Group member	UserIdentity	True	string	The group member to add (typically a user, group or computer). You can specify a user or group by Distinguished Name (e.g. CN=User1,OU=My Groups,DC=mydomain,DC=local), GUID, SID, or SAMAccountName / pre-2K name (e.g. 'User1'). You can specify a computer by Distinguished Name or computer name (pre-2K) followed by a $ (e.g. VM01$).
AD server	ADServer		string	The optional name or Fully Qualified Domain Name (FQDN) of an Active Directory Domain Controller (DC) to contact to perform the requested action. If left blank, the Active Directory Domain Controller (DC) is automatically determined using site settings.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	ActiveDirectoryAddADGroupMemberByIdentityResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Add Active Directory object to multiple groups

Operation ID:: ActiveDirectoryAddADUserToMultipleADGroupsByName

Add an Active Directory object (typically a user, group or computer) to multiple existing Active Directory groups. IA-Connect adds the object to as many groups as possible and reports on the outcome. If the object is already a member of one or more of the specified groups, this is counted as a success.

Parameters

Name	Key	Required	Type	Description
Object identity	UserIdentity	True	string	The object (typically a user, group or computer) to add to the one or more groups. You can specify a user or group by Distinguished Name (e.g. CN=User1,OU=My Groups,DC=mydomain,DC=local), GUID, SID, or SAMAccountName / pre-2K name (e.g. 'User1'). You can specify a computer by Distinguished Name or computer name (pre-2K) followed by a $ (e.g. VM01$).
AD groups to add	GroupNamesJSON		string	A list of the AD groups to add the object to, in JSON or CSV format. For example: [{"GroupName": "Group 1"}, {"GroupName": "Group 2"}] (JSON table format), ["Group 1", "Group 2"] (JSON array format), or Group 1,Group 2 (CSV format). You can specify a group by Distinguished Name (e.g. CN=Group1,OU=My Groups,DC=mydomain,DC=local), GUID, SID, or SAMAccountName / pre-2K name (e.g. 'Group1'). You cannot use display name or group name (although group name will often be the same as pre-2K name which can be used).
Exception if any groups fail to add	ExceptionIfAnyGroupsFailToAdd		boolean	If set to true: An exception (failure) will be raised if any single group fails to add (i.e. 100% success is a requirement). If no exception is raised, this action will report how many groups were added successfully and how many failed to add.
Exception if all groups fail to add	ExceptionIfAllGroupsFailToAdd		boolean	If set to true: An exception (failure) will be raised only if all groups fail to add (i.e. no successes and some failures). If no exception is raised, this action will report how many groups were added successfully and how many failed to add.
AD server	ADServer		string	The optional name or Fully Qualified Domain Name (FQDN) of an Active Directory Domain Controller (DC) to contact to perform the requested action. If left blank, the Active Directory Domain Controller (DC) is automatically determined using site settings.
Max groups per call	MaxGroupsPerCall		integer	If a large number of AD groups is specified for addition, this might cause a timeout. By setting the 'Max groups per call' value to 1 or higher, the IA-Connect Orchestrator will split this action into multiple calls to the IA-Connect Director and Agent with the specified maximum number of groups per call. First available in IA-Connect 9.3. For example: If you set a value of 5 and 14 groups are requested for addition, the Orchestrator will split this into requests of 5, 5, 4.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
AD groups added successfully	ADGroupsAddedSuccessfully	integer	The number of AD groups the object was successfully added to.
AD groups failed to add	ADGroupsFailedToAdd	integer	The number of AD groups that the object failed to add to.
Add AD groups error message	AddADGroupsMasterErrorMessage	string	If the object failed to add to some of the AD groups, and no exception was raised, this error message provides details of the problem.

Add Active Directory OU

Operation ID:: ActiveDirectoryAddOU

Creates a new Active Directory Organizational Unit (OU).

Parameters

Name	Key	Required	Type	Description
Name	Name	True	string	The name of the Active Directory OU. This appears in the OU tree structure in AD users and computers and in the top of the OU properties 'General' tab (in the title).
Path	Path		string	The Organizational Unit (OU) in which to store the new OU in Distinguished Name format (e.g. OU=Parent OU,OU=London,DC=mydomain,DC=local), GUID format or as a path (e.g. London\Parent OU). If this is left blank, the OU will be created in the root of the tree.
Description	Description		string	The optional OU description.
Display name	DisplayName		string	The optional OU display name. Unlike user accounts, a OU display name doesn't show in AD users and computers.
Managed by	ManagedBy		string	Specifies the user or group that manages this OU. You can specify this input in Distinguished Name format (e.g. CN=MrBig,OU=London,DC=mydomain,DC=local), GUID format, SID or SAMAccountName (e.g. 'MrBig').
Protected from accidental deletion	ProtectedFromAccidentalDeletion		boolean	Set to true (default) to protect this OU from accidental deletion. Set to false to leave the OU unprotected from accidental deletion.
Street address	StreetAddress		string	The OU's 'Street' property (in the OU properties 'General' tab in AD users and computers).
City	City		string	The OU's 'City' property (in the OU properties 'General' tab in AD users and computers).
State	State		string	The OU's 'State/province' property (in the OU properties 'General' tab in AD users and computers).
Postal code	PostalCode		string	The OU's 'ZIP/Postal Code' property (in the OU properties 'General' tab in AD users and computers).
AD server	ADServer		string	The optional name or Fully Qualified Domain Name (FQDN) of an Active Directory Domain Controller (DC) to contact to perform the requested action. If left blank, the Active Directory Domain Controller (DC) is automatically determined using site settings.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
PowerShell output JSON	PowerShellJSONOutput	string	The output of the PowerShell script, formatted as JSON.
Created OU Distinguished Name	CreatedOUDistinguishedName	string	The Active Directory Distinguished Name (DN) of the created OU.

Add Active Directory user

Operation ID:: ActiveDirectoryAddADUser

Creates a new Active Directory user account.

Parameters

Name	Key	Required	Type	Description
Name	Name	True	string	The name of the Active Directory user. This appears in the 'Name' column in AD users and computers and in the top of the User 'General' tab (in the title). This is not the user logon name.
User Principal Name	UserPrincipalName		string	The user logon name in Active Directory. This generally should be in the format 'name@domainFQDN' (e.g. 'TestUser1@domain.local'). The user can logon using this format: name@domainFQDN.
SAM account name	SamAccountName		string	The user logon name (pre-Windows 2000) in Active Directory. This is in the format 'name' (e.g. 'TestUser1'). The user can logon using this format: DOMAIN\name.
First name	GivenName		string	The optional user first name.
Last name	SurName		string	The optional user last name.
Path	Path		string	The Organizational Unit (OU) in which to store the user in Distinguished Name format (e.g. OU=Target OU,OU=London,DC=mydomain,DC=local), GUID format or as a path (e.g. MyUsers\London). If this is left blank, the user will be created in the 'Users' OU.
Description	Description		string	The optional user description.
Display name	DisplayName		string	The optional user display name.
Account password	AccountPassword		password	The user password. This must be specified and meet the Active Directory password complexity rules. If this is a 'Stored' password, enter in the format {IAConnectPassword:StoredPasswordIdentifier} and set the 'stored password' input to true. If this is an Orchestrator generic credential, enter in the format {OrchestratorCredential:FriendlyName} and set the 'stored password' input to true.
Account password is stored password	AccountPasswordIsStoredPassword		boolean	Set to true if the password is an IA-Connect stored password identifier (for example: generated by the 'Generate password' action) or an IA-Connect Orchestrator generic credential (for example: If using IA-Connect with a PA flow).
Enabled	Enabled		boolean	Set to true if you want the account enabled immediately after creation. Set to false for the account to start disabled. This option defaults to true.
User must change password at next logon	ChangePasswordAtLogon		boolean	Set to true if you want to force the user to change their password when they login (i.e. the new password being set here is a one-time password to get the user logged-in). Set to false if this is the password the user will use until they manually change it. You cannot set this option to true at the same time as setting either 'User cannot change password' or 'Password never expires' to true.
User cannot change password	CannotChangePassword		boolean	Set to true to stop the user from being able to change their password. Set to false if the user can change the password. You cannot set this option to true at the same time as setting 'User must change password at next login' to true.
Password never expires	PasswordNeverExpires		boolean	Set to true if the password never expires (i.e. the user will never be prompted to change the password). Set to false if the password can expire as set in Active Directory Domain policy. You cannot set this option to true at the same time as setting 'User must change password at next login' to true.
AD server	ADServer		string	The optional name or Fully Qualified Domain Name (FQDN) of an Active Directory Domain Controller (DC) to contact to perform the requested action. If left blank, the Active Directory Domain Controller (DC) is automatically determined using site settings.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
PowerShell output JSON	PowerShellJSONOutput	string	The output of the PowerShell script, formatted as JSON.
Created user Distinguished Name	CreatedUserDistinguishedName	string	The Active Directory Distinguished Name (DN) of the created user account.
Created user SAM Account Name	CreatedUserSAMAccountName	string	The Active Directory SAM Account Name of the created user account.
Created user Principal Name	CreatedUserPrincipalName	string	The Active Directory User Principal Name (UPN) of the created user account.

Add Azure AD user

Operation ID:: AzureADv2AddAzureADUser

Creates a new Azure Active Directory user account. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.

Parameters

Name	Key	Required	Type	Description
User Principal Name	UserPrincipalName	True	string	The user logon name in Azure Active Directory. This generally should be in the format 'name@domainFQDN' (e.g. 'TestUser1@mydomain.onmicrosoft.com').
Account enabled	AccountEnabled	True	boolean	Set to true if you want the account enabled immediately after creation. Set to false for the account to start disabled. This option defaults to true.
Account password	AccountPassword	True	password	The user password. This must be specified and meet the Azure Active Directory password complexity rules. If this is a 'Stored' password, enter in the format {IAConnectPassword:StoredPasswordIdentifier} and set the 'stored password' input to true. If this is an Orchestrator generic credential, enter in the format {OrchestratorCredential:FriendlyName} and set the 'stored password' input to true.
Account password is stored password	AccountPasswordIsStoredPassword		boolean	Set to true if the password is an IA-Connect stored password identifier (for example: generated by the 'Generate password' action) or an IA-Connect Orchestrator generic credential (for example: If using IA-Connect with a PA flow).
First name	FirstName		string	The user's first name.
Last name	LastName		string	The user's family name / last name / surname.
Display name	DisplayName	True	string	The full display name for this user.
City	City		string	The name of the City the user lives in, or where their office is located.
Company name	CompanyName		string	The name of the company the user works for.
Country or region	Country		string	The Country or Region the user lives in, or where their office is located.
Department	Department		string	The name of the department the user works for within the Company.
Fax number	FaxNumber		string	The user's fax (facsimile) telephone number.
Job title	JobTitle		string	The user's job title.
Mail nickname	MailNickName	True	string	The user's mail nickname.
Mobile phone number	MobilePhone		string	The user's mobile phone number.
Office	Office		string	The location of the office where the user works.
Telephone number	PhoneNumber		string	The user's telephone number.
ZIP or postal code	PostalCode		string	The ZIP or postal code where the user lives, or the office they work in.
Preferred language	PreferredLanguage		string	The user's preferred language. This is typically entered as a two letter language code (ISO 639-1), followed by a dash, followed by a two letter upper-case country code (ISO 3166). For example: en-US, en-GB, fr-FR, ja-JP.
State or province	State		string	The state, province or county the user lives in, or where their office located.
Street address	StreetAddress		string	The street address where the user lives, or their office street address.
Usage location	UsageLocation		string	A two letter country code (ISO 3166). Required for users that will be assigned licenses due to a legal requirement. For example: US (United States), JP (Japan), GB (United Kingdom), FR (France), IN (India). See https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes.
Age group	AgeGroup		string	The age group of the user, for parental control purposes. The default is none / not specified which (from a controls perspective) is the same as Adult.
Consent provided for minor	ConsentProvidedForMinor		string	If the 'Age group' is 'Minor', this field allows you to specify whether consent has been provided for the minor, for parental control purposes.
Employee Id	EmployeeId		string	An optional employee Id. You might use this to uniquely distinguish between each user in your organisation.
Force change password at next login	ForceChangePasswordNextLogin		boolean	Set to true if you want to force the user to change their password when they next login (i.e. the new password being set here is a one-time password to allow the user to log in). Set to false if this is the password the user will use until they manually change it.
Enforce change password policy	EnforceChangePasswordPolicy		boolean	Set to true to enforce the Azure Active Directory change password policy which (depending on your environment) can define how often the user should change their password, password recovery options and additional security verification. This may cause the user to be prompted for additional information.
Password never expires	PasswordNeverExpires		boolean	Set to true if the password never expires (i.e. the user will never be prompted to change the password). Set to false if the password can expire as set in the Azure Active Directory password policy.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Action result JSON	PowerShellJSONOutput	string	The output of the PowerShell script, formatted as JSON.
Created user Principal Name	CreatedUserPrincipalName	string	The Azure Active Directory User Principal Name (UPN) of the created user account.
Created user Object Id	CreatedUserObjectId	string	The Azure Active Directory User Object Id of the created user account.

Add Azure AD user to group

Operation ID:: AzureADv2AddUserToGroup

Add an Azure Active Directory user to an existing Azure Active Directory security or M365 group. This action cannot modify distribution lists or mail-enabled security groups - use the Office 365 Exchange Online actions instead. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.

Parameters

Name	Key	Required	Type	Description
User object Id or UPN	UserObjectId	True	string	The Id of an Azure Active Directory user. You can specify a user by UPN (e.g. user@mydomain.onmicrosoft.com) or ObjectId (e.g. UUID/GUID value).
Group object Id or display name	GroupObjectId	True	string	The Id or display name of an Azure Active Directory group. You can specify a group by Display Name (e.g. "Finance users") or ObjectId (e.g. UUID/GUID value).
Check user group memberships first	CheckUserGroupMembershipsFirst		boolean	If set to true, IA-Connect will check the user's group memberships before attempting to add them to the group. If the user is already a member of the group, IA-Connect will simply report success without having to do anything. If set to false, IA-Connect will immediately add the user to the group without checking, resulting in an error if the user is already in the group.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	AzureADv2AddUserToGroupResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Add Azure AD user to multiple groups

Operation ID:: AzureADv2AddADUserToMultipleADGroups

Adds an Azure Active Directory user to multiple existing Azure Active Directory groups where the groups are specified by object Id or display name. IA-Connect adds the user to as many groups as possible and reports on the outcome. This action cannot modify distribution lists or mail-enabled security groups - use the Office 365 Exchange Online actions instead. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.

Parameters

Name	Key	Required	Type	Description
User object Id or UPN	UserObjectId	True	string	The Id of an Azure Active Directory user. You can specify a user by UPN (e.g. user@mydomain.onmicrosoft.com) or ObjectId (e.g. UUID/GUID value).
Azure AD groups to add	GroupNamesJSON		string	A list of the Ids or display names of Azure AD groups to add the user to, in JSON or CSV format. For example: [{"GroupName": "Group 1"}, {"GroupName": "Group 2"}] (JSON table format), ["Group 1", "Group 2"] (JSON array format), or Group 1,Group 2 (CSV format).
Exception if any groups fail to add	ExceptionIfAnyGroupsFailToAdd		boolean	If set to true: An exception (failure) will be raised if any single group fails to add (i.e. 100% success is a requirement). Some groups (for example: Office 365 groups) might not add so an exception could be common. If no exception is raised, this action will report how many groups were added successfully and how many failed to add.
Exception if all groups fail to add	ExceptionIfAllGroupsFailToAdd		boolean	If set to true: An exception (failure) will be raised only if all groups fail to add (i.e. no successes and some failures). If no exception is raised, this action will report how many groups were added successfully and how many failed to add.
Check user group memberships first	CheckUserGroupMembershipsFirst		boolean	If set to true, IA-Connect will check the user's group memberships before attempting to add them to the group. If the user is already a member of the group, IA-Connect will simply report success without having to do anything. If set to false, IA-Connect will immediately add the user to the group without checking, resulting in an error if the user is already in the group.
Max Azure AD groups per call	MaxAzureADGroupsPerCall		integer	If a large number of Azure AD groups is specified for addition, this might cause a timeout. By setting the 'Max Azure AD groups per call' value to 1 or higher, the IA-Connect Orchestrator will split this action into multiple calls to the IA-Connect Director and Agent with the specified maximum number of groups per call. For example: If you set a value of 5 and 14 groups need to be removed, the Orchestrator will split this into requests of 5, 5, 4.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Azure AD groups added successfully	AzureADGroupsAddedSuccessfully	integer	The number of Azure AD groups the user was successfully added to.
Azure AD groups failed to add	AzureADGroupsFailedToAdd	integer	The number of Azure AD groups that the user failed to add to.
Add Azure AD groups master error message	AddAzureADGroupsMasterErrorMessage	string	If the user failed to add to some of the Azure AD groups, and no exception was raised, this error message provides details of the problem.

Add Microsoft Exchange mailbox permission

Operation ID:: ExchangeAddADPermission

Assign mailbox permissions to an Active Directory object (e.g. user or group).

Parameters

Name	Key	Required	Type	Description
Mailbox identity	Identity	True	string	The identity of the Microsoft Exchange mailbox. You can specify a mailbox by Name, Alias, Distinguished Name (e.g. CN=User1,OU=My Users,DC=mydomain,DC=local), DOMAIN\username, Email address, GUID, SAMAccountName or User Principal Name (UPN).
Active Directory object	User	True	string	The active Directory object (e.g. user or group) to assign the permissions to. You can specify a user by Name, Alias, Distinguished Name (e.g. CN=User1,OU=My Users,DC=mydomain,DC=local), DOMAIN\username, Email address, GUID, SAMAccountName or User Principal Name (UPN).
Access rights	AccessRights		string	The access rights to assign to the user's permissions on the mailbox. Available options are 'AccessSystemSecurity', 'CreateChild', 'DeleteChild', 'ListChildren', 'Self', 'ReadProperty', 'WriteProperty', 'DeleteTree', 'ListObject', 'ExtendedRight', 'Delete', 'ReadControl', 'GenericExecute', 'GenericWrite', 'GenericRead', 'WriteDacl', 'WriteOwner', 'GenericAll' and 'Synchronize'.
Extended rights	ExtendedRights		string	An optional extended right to assign to the user's permissions on the mailbox. Extended rights include 'Send As'.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	ExchangeAddADPermissionResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Add Microsoft Exchange mailbox permission to user

Operation ID:: ExchangeAddMailboxPermission

Assign mailbox permissions to a specified mailbox user, user or security group.

Parameters

Name	Key	Required	Type	Description
Mailbox identity	Identity	True	string	The identity of the Microsoft Exchange mailbox. You can specify a mailbox by Name, Alias, Distinguished Name (e.g. CN=User1,OU=My Users,DC=mydomain,DC=local), DOMAIN\username, Email address, GUID, SAMAccountName or User Principal Name (UPN).
User	User	True	string	The user to add to the mailbox permissions. You can specify a user by Name, Alias, Distinguished Name (e.g. CN=User1,OU=My Users,DC=mydomain,DC=local), DOMAIN\username, Email address, GUID, SAMAccountName or User Principal Name (UPN).
Access rights	AccessRights	True	string	The access rights to assign to the user's permissions on the mailbox. Available options are 'ChangeOwner', 'ChangePermission', 'DeleteItem', 'ExternalAccount', 'FullAccess' and 'ReadPermission'. To assign multiple permissions, specify them as a comma-separated list.
Auto mapping	AutoMapping		boolean	If set to true, the mailbox and user account will have some additional properties set that will result in Outlook automatically opening the mailbox when logged-in as this user. This can take a few minutes to take effect. If set to false, the additional properties will not be set and Outlook will not automatically open the mailbox.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	ExchangeAddMailboxPermissionResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Add Microsoft Exchange member to distribution group

Operation ID:: ExchangeAddDistributionGroupMember

Add a member (for example a user) to an Exchange distribution group. If the member is already in the group, no action is taken.

Parameters

Name	Key	Required	Type	Description
Distribution group identity	Identity	True	string	The identity of the distribution group to add to. You can specify a distribution group by Name, Alias, Distinguished Name (e.g. CN=MyGroup,OU=My Groups,DC=mydomain,DC=local), Email address or GUID.
Member to add	Member	True	string	The identity of the member to add to the distribution group. You can specify a mailbox by Name, Alias, Distinguished Name (e.g. CN=User1,OU=My Users,DC=mydomain,DC=local), DOMAIN\username, Email address, GUID, SAMAccountName or User Principal Name (UPN).
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	ExchangeAddDistributionGroupMemberResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Add multiple Active Directory group members

Operation ID:: ActiveDirectoryAddMultipleADGroupMembersByIdentity

Add one or more Active Directory objects (typically users, groups or computers) to an existing Active Directory group. IA-Connect adds as many members to the group as possible and reports on the outcome. If group and group member are in different domains, you will need to specify the Distinguished Name (DN) for both group and members. If some of the objects are already a member of the group, this is counted as a success.

Parameters

Name	Key	Required	Type	Description
Group identity	GroupIdentity		string	The identity of the Active Directory group. You can specify a group by Distinguished Name (e.g. CN=Group1,OU=My Groups,DC=mydomain,DC=local), GUID, SID, or SAMAccountName / pre-2K name (e.g. 'Group1'). You cannot use display name or group name (although group name will often be the same as pre-2K name which can be used).
Group members	GroupMembersJSON		string	A list of the members (typically users, groups or computers) to add to the AD group, in JSON or CSV format. For example: [{"MemberName": "User 1"}, {"MemberName": "User 2"}] (JSON table format), ["User 1", "User 2"] (JSON array format), or User 1,User 2 (CSV format). You can specify a user or group by Distinguished Name (e.g. CN=User1,OU=My Groups,DC=mydomain,DC=local), GUID, SID, or SAMAccountName / pre-2K name (e.g. 'User1'). You can specify a computer by Distinguished Name or computer name (pre-2K) followed by a $ (e.g. VM01$).
Exception if any members fail to add	ExceptionIfAnyMembersFailToAdd		boolean	If set to true: An exception (failure) will be raised if any single members fails to add (i.e. 100% success is a requirement). If no exception is raised, this action will report how many members were added successfully and how many failed to add.
Exception if all members fail to add	ExceptionIfAllMembersFailToAdd		boolean	If set to true: An exception (failure) will be raised only if all members fail to add (i.e. no successes and some failures). If no exception is raised, this action will report how many members were added successfully and how many failed to add.
Add all members in a single call	AddAllMembersInASingleCall		boolean	If set to true, all members will be added to the group in a single action. This will be faster, but if a single member doesn't exist or fails to add, no members will be added and an exception will be raised, regardless of the 'Exception' input options. If set to false (the default), each member will be added individually and the IA-Connect Agent will count how many added successfully and how many failed to add. If adding members to groups across domains, it is recommended to set this input to false.
AD server	ADServer		string	The optional name or Fully Qualified Domain Name (FQDN) of an Active Directory Domain Controller (DC) to contact to perform the requested action. If left blank, the Active Directory Domain Controller (DC) is automatically determined using site settings.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
AD group members added successfully	ADGroupMembersAddedSuccessfully	integer	The number of members successfully added to the AD group.
AD group members failed to add	ADGroupMembersFailedToAdd	integer	The number of members which failed to add to the AD group.
Add AD group members error message	AddADGroupMembersMasterErrorMessage	string	If some members failed to add to the AD group, and no exception was raised, this error message provides details of the problem.

Add Office 365 mailbox permission to user

Operation ID:: O365AddMailboxPermission

Assign Microsoft Exchange Online or Office 365 mailbox permissions to a specified mailbox user, user or security group.

Parameters

Name	Key	Required	Type	Description
Mailbox identity	Identity	True	string	The Id of a Microsoft Exchange Online or Office 365 mailbox. You can specify a mailbox by Name, Alias, Object Id (e.g. UUID/GUID value), Email address, GUID, SAMAccountName (even users in non Active Directory connected environments have a SAMAccountName) or User Principal Name (UPN).
User	User	True	string	The mailbox user, user or mail-enabled security group to receive the mailbox permissions. You can specify a mailbox by Name, Alias, Object Id (e.g. UUID/GUID value), Email address, GUID, SAMAccountName (even users in non Active Directory connected environments have a SAMAccountName) or User Principal Name (UPN).
Access rights	AccessRights	True	string	The access rights to assign to the user's permissions on the mailbox. Available options are 'ChangeOwner', 'ChangePermission', 'DeleteItem', 'ExternalAccount', 'FullAccess' and 'ReadPermission'. To assign multiple permissions, specify them as a comma-separated list.
Auto mapping	AutoMapping		boolean	If set to true, the mailbox and user account will have some additional properties set that will result in Outlook automatically opening the mailbox when logged-in as this user. This can take a few minutes to take effect. If set to false, the additional properties will not be set and Outlook will not automatically open the mailbox.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	O365AddMailboxPermissionResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Add Office 365 member to distribution group

Operation ID:: O365AddDistributionGroupMember

Add a member to a Microsoft Exchange Online or Office 365 distribution group or mail-enabled security group.

Parameters

Name	Key	Required	Type	Description
Distribution group identity	Identity	True	string	The identity of the distribution group or mail-enabled security group to add to. You can specify a distribution group by Name, Alias, Distinguished Name (e.g. CN=MyGroup,OU=My Groups,DC=mydomain,DC=local), Email address or GUID.
Member to add	Member	True	string	The identity of the member to add to the distribution group or mail-enabled security group. You can specify a mailbox by Name, Alias, Object Id (e.g. UUID/GUID value), Email address, GUID, SAMAccountName (even users in non Active Directory connected environments have a SAMAccountName) or User Principal Name (UPN).
Bypass security group manager check	BypassSecurityGroupManagerCheck		boolean	If the IA-Connect Agent automation account is not an owner of the Distribution Group or mail-enabled security group, it will be unable to remove the group. If you set this option to true the owner check will be bypassed, but it requires the automation account to be in the Exchange 'Organization Management' role group or have the 'Role Management' role assigned - this is a single role to give you permissions to modify any Office 355 Exchange Online group instead of being an owner of all groups you need to modify.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	O365AddDistributionGroupMemberResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Assign Azure AD user to admin role

Operation ID:: AzureADv2AssignUserToRole

Assign an Azure Active Directory user (or other object) to an existing Azure Active Directory admin role. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.

Parameters

Name	Key	Required	Type	Description
User object Id or UPN	UserObjectId	True	string	The Id of an Azure Active Directory user. You can specify a user by UPN (e.g. user@mydomain.onmicrosoft.com) or ObjectId (e.g. UUID/GUID value).
Role object Id or display name	RoleObjectId	True	string	The Id or display name of an Azure Active Directory admin role. You can specify an AAD admin role by Display Name (e.g. "Application Developer") or ObjectId (e.g. UUID/GUID value).
Directory scope Id	DirectoryScopeId		string	The directory scope Id for the role assignment. For example: / represents the entire tenant, /GUID represents an app registration, /administrativeUnits/GUID represents an administrative unit.
Check user role memberships first	CheckUserRoleMembershipsFirst		boolean	If set to true (the default), IA-Connect will check the user's role assignments before attempting to assign them to the role. If the user is already assigned to the role, IA-Connect will simply report success without having to do anything. If set to false, IA-Connect will immediately assign the user to the role without checking, resulting in an error if the user is already assigned to the role.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	AzureADv2AssignUserToRoleResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Assign Azure AD user to multiple admin roles

Operation ID:: AzureADv2AssignUserToMultipleRoles

Assign an Azure Active Directory user (or other object) to one or more existing Azure Active Directory admin roles. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.

Parameters

Name	Key	Required	Type	Description
User object Id or UPN	UserObjectId	True	string	The Id of an Azure Active Directory user. You can specify a user by UPN (e.g. user@mydomain.onmicrosoft.com) or ObjectId (e.g. UUID/GUID value).
Role object Ids or display names	RolesJSON		string	A list of the admin roles to assign to the user, in JSON or CSV format. For example: [{"Role": "Application Developer"}, {"Role": "Exchange Administrator"}] (JSON table format), ["Application Developer", "Exchange Administrator"] (JSON array format) or Application Developer,Exchange Administrator (CSV format). You can specify an AAD admin role by Display Name (e.g. "Application Developer") or ObjectId (e.g. UUID/GUID value).
Exception if any roles fail to assign	ExceptionIfAnyRolesFailToAssign		boolean	If set to true: An exception (failure) will be raised if any single Azure AD admin role fails to assign (i.e. 100% success is a requirement). If no exception is raised, this action will report how many Azure AD admin roles were assigned successfully and how many failed to assign.
Exception if all roles fail to assign	ExceptionIfAllRolesFailToAssign		boolean	If set to true: An exception (failure) will be raised only if all Azure AD admin roles fail to assign (i.e. no successes and some failures). If no exception is raised, this action will report how many Azure AD admin roles were assigned successfully and how many failed to assign.
Directory scope Id	DirectoryScopeId		string	The directory scope Id for all roles being assigned. For example: / represents the entire tenant, /GUID represents an app registration, /administrativeUnits/GUID represents an administrative unit.
Check user role memberships first	CheckUserRoleMembershipsFirst		boolean	If set to true (the default), IA-Connect will check the user's role assignments before attempting to assign them to the role. If the user is already assigned to the role, IA-Connect will simply report success without having to do anything. If set to false, IA-Connect will immediately assign the user to the role without checking, resulting in an error if the user is already assigned to the role.
Check role Ids exist	CheckRoleIdsExist		boolean	If set to true (the default) and one or more of the roles are provided in Object Id format, IA-Connect will double-check those role Ids are valid. This is recommended because the error message received from Azure AD, when you provide an invalid Object Id, isn't helpful. If set to false, IA-Connect will not double-check the validity of any provided role Ids, which is faster.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Azure AD roles assigned successfully	AzureADRolesAssignedSuccessfully	integer	The number of Azure AD roles successfully assigned.
Azure AD roles failed to assign	AzureADRolesFailedToAssign	integer	The number of Azure AD roles which failed to assign.
Assign Azure AD roles error message	AssignAzureADRolesMasterErrorMessage	string	If some roles failed to assign, and no exception was raised, this error message provides details of the problem.

Check Active Directory OU exists

Operation ID:: ActiveDirectoryCheckOUExists

Reports if an Active Directory Organizational Unit (OU) exists.

Parameters

Name	Key	Required	Type	Description
OU identity	OUIdentity	True	string	The path to the target Organizational Unit (OU) in Distinguished Name format (e.g. OU=Target OU,OU=London,DC=mydomain,DC=local), GUID format or as a path (e.g. London\Target OU).
AD server	ADServer		string	The optional name or Fully Qualified Domain Name (FQDN) of an Active Directory Domain Controller (DC) to contact to perform the requested action. If left blank, the Active Directory Domain Controller (DC) is automatically determined using site settings.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
OU properties as JSON	PowerShellJSONOutput	string	The details of the located Organizational Unit (OU).
OU exists	OUExists	boolean	Set to true if the Organizational Unit (OU) exists, false if not.

Clear Active Directory user account expiration

Operation ID:: ActiveDirectoryClearADUserAccountExpiration

Clears the expiration date for an Active Directory account.

Parameters

Name	Key	Required	Type	Description
User identity	UserIdentity	True	string	The identity of the Active Directory user. You can specify a user by Distinguished Name (e.g. CN=User1,OU=My Users,DC=mydomain,DC=local), GUID, SID, SAMAccountName / pre-2K name (e.g. 'User1') or Name (e.g. 'User1').
AD server	ADServer		string	The optional name or Fully Qualified Domain Name (FQDN) of an Active Directory Domain Controller (DC) to contact to perform the requested action. If left blank, the Active Directory Domain Controller (DC) is automatically determined using site settings.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	ActiveDirectoryClearADUserAccountExpirationResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Clone Active Directory user group membership

Operation ID:: ActiveDirectoryCloneADUserGroups

Adds the destination Active Directory user to the same Active Directory groups that the first user is a member of, minus the primary group (usually 'Domain users') since it technically isn't a membership.

Parameters

Name	Key	Required	Type	Description
Source user identity	SourceUserIdentity	True	string	The identity of the source Active Directory user (the user to copy groups from). You can specify a user by Distinguished Name (e.g. CN=User1,OU=My Users,DC=mydomain,DC=local), GUID, SID, SAMAccountName / pre-2K name (e.g. 'User1') or Name (e.g. 'User1').
Destination user identity	DestinationUserIdentity	True	string	The identity of the destination Active Directory user (the user to add the groups to). You can specify a user by Distinguished Name (e.g. CN=User1,OU=My Users,DC=mydomain,DC=local), GUID, SID, SAMAccountName / pre-2K name (e.g. 'User1') or Name (e.g. 'User1').
AD server	ADServer		string	The optional name or Fully Qualified Domain Name (FQDN) of an Active Directory Domain Controller (DC) to contact to perform the requested action. If left blank, the Active Directory Domain Controller (DC) is automatically determined using site settings.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
AD groups added successfully	ADGroupsAddedSuccessfully	integer	The number of AD groups the destination user was successfully added to.
AD groups failed to add	ADGroupsFailedToAdd	integer	The number of AD groups that the destination user failed to add to.
Add AD groups error message	AddADGroupsMasterErrorMessage	string	If the destination user failed to add to some of the AD groups, this error message provides details of the problem.

Clone Active Directory user properties

Operation ID:: ActiveDirectoryCloneADUserProperties

Configures the specified properties / attributes of the source Active Directory user to the destination Active Directory user.

Parameters

Name	Key	Required	Type	Description
Source user identity	SourceUserIdentity	True	string	The identity of the source Active Directory user (the user to copy attributes from). You can specify a user by Distinguished Name (e.g. CN=User1,OU=My Users,DC=mydomain,DC=local), GUID, SID, SAMAccountName / pre-2K name (e.g. 'User1') or Name (e.g. 'User1').
Destination user identity	DestinationUserIdentity	True	string	The identity of the destination Active Directory user (the user to copy attributes to). You can specify a user by Distinguished Name (e.g. CN=User1,OU=My Users,DC=mydomain,DC=local), GUID, SID, SAMAccountName / pre-2K name (e.g. 'User1') or Name (e.g. 'User1').
Properties to clone	PropertiesToClone	True	string	A comma separated list of user properties to copy from the source user to the destination user. Common properties to clone include: city, company, country, department, description, division, enabled, homedirectory, homedrive, homephone, manager, office, organization, postalcode, profilepath, scriptpath, state, streetaddress.
AD server	ADServer		string	The optional name or Fully Qualified Domain Name (FQDN) of an Active Directory Domain Controller (DC) to contact to perform the requested action. If left blank, the Active Directory Domain Controller (DC) is automatically determined using site settings.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	ActiveDirectoryCloneADUserPropertiesResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Connect to Active Directory with credentials

Operation ID:: OpenActiveDirectoryPowerShellRunspaceWithCredentials

Allows you to specify an alternative account to use when running Active Directory PowerShell commands. This affects all Active Directory commands issued after this action. If you don't use this action then all Active Directory PowerShell commands will run as the user account the IA-Connect Agent is running as.

Parameters

Name	Key	Required	Type	Description
Username	Username	True	string	The username of the account to use when running Active Directory commands. You can specify a username in the format 'DOMAIN\username' (e.g. TESTDOMAIN\admin) or 'username@domainFQDN' (e.g. admin@testdomain.local).
Password	Password	True	password	The password of the account to use when running Active Directory commands.
Remote computer	RemoteComputer		string	The name or Fully Qualified Domain Name (FQDN) of an Active Directory Domain Controller (DC) or member server to authenticate against and for all Active Directory actions to be passed to. If left blank, the Active Directory Domain Controller (DC) is automatically determined using site settings. If a member server is entered (instead of a Domain Controller), that member server must have the Active Directory PowerShell modules / RSAT installed.
Use SSL	UseSSL		boolean	Set to true to connect to the remote WSMan endpoint using SSL.
Alternative TCP port	AlternativeTCPPort		integer	Set to an alternative TCP port if not using the default WSMan TCP/5985 (non-SSL) or TCP/5986 (SSL).
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	OpenActiveDirectoryPowerShellRunspaceWithCredentialsResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Connect to Azure AD with certificate

Operation ID:: OpenAzureADv2PowerShellRunspaceWithCertificate

Connects IA-Connect to Azure Active Directory (also known as Microsoft Entra ID, Azure AD or AAD). This action (or 'Connect to Azure AD with credentials') must be issued before running any other Azure AD actions. This action requires an Azure Service Principal and Azure AD app registration with certificate to be setup in Azure AD before it will work, but has the advantage of not requiring MFA (2FA). This action uses Azure AD v2 or Microsoft Graph PowerShell modules.

Parameters

Name	Key	Required	Type	Description
Azure AD app registration Id	ApplicationId	True	string	The application Id of the Azure AD app registration which contains the certificate and has the required roles in Azure AD to perform the automation actions. This Azure AD app registration must have previously been setup by an administrator.
Certificate thumbprint	CertificateThumbprint	True	string	The thumbprint of the certificate used for authentication. This certificate must have been previously created and exist both on the computer where IA-Connect is performing the automation actions and in the Azure AD app registration.
Azure Tenant Id	TenantId	True	string	Azure Tenant Id to connect to. This must be specified when using certificates to authenticate.
API to use	APIToUse		string	The API to use for connection to Azure AD. Once set, all further Azure AD commands issued by IA-Connect will use this API. If set to auto (the default), the installed PowerShell modules will be scanned and selected in the following order: Microsoft Graph Users PowerShell module, Azure AD v2 PowerShell module. The Azure AD v2 PowerShell module is deprecated on March 30th 2024 and hence it is recommended to use the Microsoft Graph Users PowerShell module.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	OpenAzureADv2PowerShellRunspaceWithCertificateResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Connect to Azure AD with credentials

Operation ID:: OpenAzureADv2PowerShellRunspace

Connects IA-Connect to Azure Active Directory (also known as Microsoft Entra ID, Azure AD or AAD). This action (or 'Connect to Azure AD with certificate') must be issued before running any other Azure AD actions. This action either requires an account which doesn't use MFA (2FA) or you'll need to use the UI automation module to automate the 2FA component (i.e. the one-time password authentication popup). Alternatively, use the action 'Connect to Azure AD with certificate'. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules.

Parameters

Name	Key	Required	Type	Description
Username	Username	True	string	The username of the account to use when running Azure AD v2 PowerShell commands.
Password	Password	True	password	The password of the account to use when running Azure AD v2 PowerShell commands.
Azure Tenant Id	TenantId		string	The optional Azure Tenant Id to connect to. If this is left blank, the default Tenant associated with the supplied user account is used.
API to use	APIToUse		string	The API to use for connection to Azure AD. Once set, all further Azure AD commands issued by IA-Connect will use this API. If set to auto (the default), the installed PowerShell modules will be scanned and selected in the following order: Microsoft Graph Users PowerShell module, Azure AD v2 PowerShell module. The Azure AD v2 PowerShell module is deprecated on March 30th 2024 and hence it is recommended to use the Microsoft Graph Users PowerShell module.
Authentication scope	AuthenticationScope		string	The scope of permissions required, to perform all automation tasks in this Azure AD login session. By default, IA-Connect will request a permission scope to allow modification of users, groups and license assignments. This setting is only used when connecting using the Microsoft Graph Users PowerShell module.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	OpenAzureADv2PowerShellRunspaceResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Connect to default Active Directory domain

Operation ID:: OpenLocalPassthroughActiveDirectoryPowerShellRunspace

Connects the IA-Connect Agent to the Domain the computer running the IA-Connect Agent is a member of, using the account the IA-Connect Agent is running as (i.e. the default behaviour).

Parameters

Name	Key	Required	Type	Description
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	OpenLocalPassthroughActiveDirectoryPowerShellRunspaceResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Connect to JML environment

Operation ID:: JMLConnectToJMLEnvironment

Connect to a JML environment where the details of that environment are held in the IA-Connect Orchestrator. These details can include credentials, addresses and other connectivity settings. For example you can use this action to connect to Active Directory, Microsoft Exchange, Azure AD or Office 365 Exchange Online.

Parameters

Name	Key	Required	Type	Description
Friendly name	FriendlyName		string	Friendly name of the JML environment held in the IA-Connect Orchestrator.
Only connect if not already connected	OnlyConnectIfNotAlreadyConnected		boolean	Only applies to Exchange and Office 365 Exchange Online. If set to false: This action will always connect to Exchange or Office 365 Exchange Online even if IA-Connect is already connected. If set to true (the default): If IA-Connect is already connected to Exchange or Office 365 Exchange Online with identical settings and the Exchange connection is responding, IA-Connect will do nothing since the connection is already established.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	JMLConnectToJMLEnvironmentResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Connect to Microsoft Exchange

Operation ID:: OpenExchangePowerShellRunspace

Connects IA-Connect to a Microsoft Exchange server. This action must be issued before running any other Exchange actions. If you specify a username and password, all subsequent Exchange actions will run as that account. If you don't specify a username and password, all subsequent Exchange actions will run as the user account the IA-Connect Agent is running as.

Parameters

Name	Key	Required	Type	Description
Username	Username		string	The username of the account to use when running Exchange PowerShell commands. You can specify a username in the format 'DOMAIN\username' (e.g. TESTDOMAIN\admin) or 'username@domainFQDN' (e.g. admin@testdomain.local). If you don't specify a username and password, all subsequent Exchange actions will run as the user account the IA-Connect Agent is running as.
Password	Password		password	The password of the account to use when running Exchange PowerShell commands.
Exchange server FQDN	ExchangeServerFQDN	True	string	The Fully Qualified Domain Name (FQDN) or hostname of the Microsoft Exchange server.
Use SSL	UseSSL		boolean	Set to true if you wish to connect to the Microsoft Exchange server using HTTPS / SSL. This will encrypt all traffic but only works if the Exchange server is setup to accept PowerShell commands over SSL.
Connection method	ConnectionMethod		string	Which method should be used to connect to Microsoft Exchange. 'Local' imports the remote Exchange runspace locally and runs commands locally. 'Remote' runs directly in the remote Exchange runspace and may not be able to run generic PowerShell scripts due to security restrictions.
Authentication mechanism	AuthenticationMechanism		string	The authentication mechanism to be used if connecting to a remote computer or running the script as an alternative user. Supported values are 'Basic', 'Credssp', 'Default', 'Digest', 'Kerberos' and 'Negotiate'.
Only connect if not already connected	OnlyConnectIfNotAlreadyConnected		boolean	If set to false: This action will always connect to Exchange even if IA-Connect is already connected. If set to true (the default): If IA-Connect is already connected to Exchange with identical settings and the Exchange connection is responding, IA-Connect will do nothing since the connection is already established.
Command types to import locally	CommandTypesToImportLocally		string	The 'Local' connection method imports Exchange PowerShell commands locally. This option allows you to choose which PowerShell commands should be imported. Keeping this list to a minimum reduces both memory usage and the time to connect. 'All' (the default, for backwards compatibility) imports all PS commands. 'IA-Connect only' (the recommended option) imports only PS commands used by IA-Connect (you can specify additional PS commands). 'Specified' only imports PS commands you specify and could break some IA-Connect actions if they depend on PS commands you have not specified.
Additional commands to import locally	AdditionalCommandsToImportLocallyCSV		string	If using the 'Local' connection method and if you have chosen to import either 'IA-Connect only' or 'Specified' PS commands, you can specify a comma separated list of additional PS commands to import. For example: 'Get-Mailbox,New-Mailbox,New-DistributionGroup'.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	OpenExchangePowerShellRunspaceResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Connect to Office 365 with certificate

Operation ID:: OpenO365PowerShellRunspaceWithCertificate

Connects IA-Connect to Office 365 using the Office 365 PowerShell modules. This action (or 'Connect to Office 365 with credentials') must be issued before running any other Office 365 actions. This action requires an Azure AD app registration with certificate and the correct roles to be setup in Azure AD before it will work, but has the advantage of not requiring MFA (2FA).

Parameters

Name	Key	Required	Type	Description
Azure AD app registration application Id	ApplicationId	True	string	The application Id of the Azure AD app registration which contains the certificate and has the required roles in Azure AD to perform the automation actions. This Azure AD app registration must have previously been setup by an administrator.
Certificate thumbprint	CertificateThumbprint	True	string	The thumbprint of the certificate used for authentication. This certificate must have been previously created and exist both on the computer where IA-Connect is performing the automation actions and in the Azure AD app registration.
Organization	Organization	True	string	The Organisation to use for authentication. For example: mytestenvironment.onmicrosoft.com.
Exchange URL	ExchangeURL		string	The optional URL of the Microsoft Exchange online server to connect to. Only use this if you have a custom URL.
Connection method	ConnectionMethod		string	Which method should be used to connect to Microsoft Exchange. 'EXO V1' is the original Microsoft Exchange Online PowerShell and doesn't support certificates (and hence isn't available as an option). 'EXO V2' uses the newer Microsoft Exchange Online PowerShell v2 module which runs on the computer running the IA-Connect Agent and requires the 'ExchangeOnlineManagement' v2 PowerShell module installed.
Only connect if not already connected	OnlyConnectIfNotAlreadyConnected		boolean	If set to false: This action will always connect to Office 365 Exchange Online even if IA-Connect is already connected. If set to true (the default): If IA-Connect is already connected to Office 365 Exchange Online with identical settings and the Office 365 Exchange Online connection is responding, IA-Connect will do nothing since the connection is already established.
Command types to import locally	CommandTypesToImportLocally		string	The 'EXO V2' connection method (required for certificate authentication) imports Office 365 or Exchange Online PowerShell commands locally. This option allows you to choose which PowerShell commands should be imported. Keeping this list to a minimum reduces both memory usage and the time to connect. 'All' (the default, for backwards compatibility) imports all PS commands. 'IA-Connect only' (the recommended option) imports only PS commands used by IA-Connect (you can specify additional PS commands). 'Specified' only imports PS commands you specify and could break some IA-Connect actions if they depend on PS commands you have not specified.
Additional commands to import locally	AdditionalCommandsToImportLocallyCSV		string	If you have chosen to import either 'IA-Connect only' or 'Specified' PS commands, you can specify a comma separated list of additional PS commands to import. For example: 'Get-Mailbox,New-Mailbox,New-DistributionGroup'.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	OpenO365PowerShellRunspaceWithCertificateResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Connect to Office 365 with credentials

Operation ID:: OpenO365PowerShellRunspace

Connects IA-Connect to Office 365 using the Office 365 PowerShell modules. This action (or 'Connect to Office 365 with certificate') must be issued before running any other Office 365 actions. This action either requires an account which doesn't require MFA (2FA) or you'll need to use the UI automation module to automate the 2FA component (i.e. the one-time password authentication popup). Alternatively, use the action 'Connect to Office 365 with certificate'.

Parameters

Name	Key	Required	Type	Description
Username	Office365Username	True	string	The username of the account to use when running Office 365 PowerShell commands.
Password	Office365Password	True	password	The password of the account to use when running Office 365 PowerShell commands.
Exchange URL	ExchangeURL		string	The optional URL of the Microsoft Exchange online server to connect to. Only use this if you have a custom URL.
Connection method	ConnectionMethod		string	Which method should be used to connect to Microsoft Exchange. Both 'EXO V1 local' and 'EXO V1 remote' use the original Microsoft Exchange Online PowerShell which runs on the computer running the IA-Connect Agent and does not require any additional PowerShell modules, but will eventually be deprecated. 'EXO V1 local' imports the remote Exchange runspace locally and runs commands locally. 'EXO V1 remote' runs directly in the remote Exchange runspace and cannot run generic PowerShell scripts due to security restrictions. 'EXO V2' uses the newer Microsoft Exchange Online PowerShell v2 module which runs on the computer running the IA-Connect Agent and requires the 'ExchangeOnlineManagement' v2 PowerShell module installed.
Only connect if not already connected	OnlyConnectIfNotAlreadyConnected		boolean	If set to false: This action will always connect to Office 365 Exchange Online even if IA-Connect is already connected. If set to true (the default): If IA-Connect is already connected to Office 365 Exchange Online with identical settings and the Office 365 Exchange Online connection is responding, IA-Connect will do nothing since the connection is already established.
Command types to import locally	CommandTypesToImportLocally		string	The 'EXO v1 local' and 'EXO V2' connection methods import Office 365 or Exchange Online PowerShell commands locally. This option allows you to choose which PowerShell commands should be imported. Keeping this list to a minimum reduces both memory usage and the time to connect. 'All' (the default, for backwards compatibility) imports all PS commands. 'IA-Connect only' (the recommended option) imports only PS commands used by IA-Connect (you can specify additional PS commands). 'Specified' only imports PS commands you specify and could break some IA-Connect actions if they depend on PS commands you have not specified.
Additional commands to import locally	AdditionalCommandsToImportLocallyCSV		string	If using the 'EXO v1 local' or 'EXO V2' connection methods and if you have chosen to import either 'IA-Connect only' or 'Specified' PS commands, you can specify a comma separated list of additional PS commands to import. For example: 'Get-Mailbox,New-Mailbox,New-DistributionGroup'.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	OpenO365PowerShellRunspaceResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Create a Microsoft Exchange mailbox for a user

Operation ID:: ExchangeEnableMailbox

Creates a Microsoft Exchange mailbox for an existing user who doesn't already have a mailbox.

Parameters

Name	Key	Required	Type	Description
Mailbox identity	Identity	True	string	The identity of the existing user you want to create a mailbox for. You can specify a user by Distinguished Name (e.g. CN=User1,OU=My Users,DC=mydomain,DC=local), GUID, SID, SAMAccountName / pre-2K name (e.g. 'User1') or Name (e.g. 'User1').
Alias	Alias		string	The Exchange alias (also known as mail nickname) for the user. If the email address policy is enabled, this will be used to generate the name component of the Primary SMTP email address (e.g. alias@mydomain.com). If the email address policy is not enabled, you may wish to set the primary SMTP address instead.
Display name	DisplayName		string	The display name of the mailbox. This is visible in address lists.
Linked Domain Controller	LinkedDomainController		string	If you are creating a linked mailbox, this allows you to specify the domain controller in the forest where the user account resides. Use the Fully Qualified Domain Name (FQDN) of the domain controller.
Linked master account	LinkedMasterAccount		string	If you are creating a linked mailbox, this allows you to specify the account that the mailbox is linked to. You can specify the account by Distinguished Name (e.g. CN=User1,OU=My Users,DC=mydomain,DC=local), GUID or Name (e.g. 'User1').
Database	Database		string	The Exchange database to contain the new database. You can specify the database by Distinguished Name, GUID or Name.
Primary SMTP address	PrimarySmtpAddress		string	The primary return email address that is used for the recipient. You are unlikely to be able to set this if the 'Email address policy' is enabled so either use 'Alias' instead (and the policy will create the Primary SMTP address from the alias) or disable the email address policy.
Email address policy enabled	EmailAddressPolicyEnabled		boolean	Set to true if you want to automatically update email addresses based on the email address policy applied to this recipient. If the email address policy is enabled, this generally will impact your ability to set the primary SMTP address. Set to false to disable the feature, giving you full control to manually setting email addresses. Leave blank if you don't want to set this option (i.e. leave at the existing or default value).
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Action result JSON	PowerShellJSONOutput	string	The output from the enable mailbox action, in JSON format.
New mailbox DN	NewMailboxDN	string	The Distinguished Name (DN) of the newly created (enabled) mailbox. This is a unique identifier for the mailbox which could be used in further actions on this mailbox.
New mailbox GUID	NewMailboxGUID	string	The GUID of the newly created (enabled) mailbox. This is a unique identifier for the mailbox which could be used in further actions on this mailbox.

Create a new Azure AD Microsoft 365 group

Operation ID:: AzureADv2NewMicrosoft365Group

Creates a new Azure Active Directory Microsoft 365 group. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.

Parameters

Name	Key	Required	Type	Description
Display name	DisplayName	True	string	The display name of the group.
Description	Description		string	The group description.
Mail nickname	MailNickname		string	The email nickname, used to form the group email address.
Group visibility	GroupVisibility		string	If set to public (the default), anyone can view the contents of the group and anyone can join the group. If set to private, only members can view the contents of the group and only owners can add new members to the group or approve join requests.
Check group exists	CheckGroupExists		boolean	If set to true, IA-Connect will check if the group exists and, if it does exist, IA-Connect will simply report success for that group without having to do anything. If set to false, IA-Connect will create the group without checking, which could result in a duplicate group name.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Action result JSON	PowerShellJSONOutput	string	The output from the create distribution group action, in JSON format. This will typically hold the details of the created group.
Group already exists	GroupAlreadyExists	boolean	If the group already exists, this will be set to true to inform you that the group exists and hence IA-Connect didn't need to perform any actions.
Created group Object Id	CreatedGroupObjectId	string	The Object Id of the created group (or the existing group).

Create a new Azure AD security group

Operation ID:: AzureADv2NewSecurityGroup

Creates a new Azure Active Directory security group. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.

Parameters

Name	Key	Required	Type	Description
Display name	DisplayName	True	string	The display name of the group.
Description	Description		string	The group description.
Check group exists	CheckGroupExists		boolean	If set to true, IA-Connect will check if the group exists and, if it does exist, IA-Connect will simply report success for that group without having to do anything. If set to false, IA-Connect will create the group without checking, which could result in a duplicate group name.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Action result JSON	PowerShellJSONOutput	string	The output from the create distribution group action, in JSON format. This will typically hold the details of the created group.
Group already exists	GroupAlreadyExists	boolean	If the group already exists, this will be set to true to inform you that the group exists and hence IA-Connect didn't need to perform any actions.
Created group Object Id	CreatedGroupObjectId	string	The Object Id of the created group (or the existing group).

Create a new Microsoft Exchange distribution group

Operation ID:: ExchangeNewDistributionGroup

Creates a new Microsoft Exchange distribution group or mail-enabled security group.

Parameters

Name	Key	Required	Type	Description
Group name	Name	True	string	The unique name for the new group.
Alias	Alias		string	The alias (also known as mail nickname) for the new group. If you don't specify a SMTP address, the alias will be used to generate the name component of the email address (e.g. alias@mydomain.com).
Display name	DisplayName		string	The display name of the group. This is visible in address lists.
Notes	Notes		string	Optional notes about the object.
Managed by	ManagedBy		string	The owner of the group. If you don't specify an owner, the user that created the group will become the owner. The owner can be a mailbox, mail user or mail-enabled security group. You can specify a mailbox by Name, Alias, Object Id (e.g. UUID/GUID value), Email address, GUID, SAMAccountName or User Principal Name (UPN).
Members	Members		string	A comma separated list of members to add to the new group. You can specify members by Name, Alias, Distinguished Name (e.g. CN=MyGroup,OU=My Groups,DC=mydomain,DC=local), Email address or GUID.
Organizational unit	OrganizationalUnit		string	The Organizational Unit (OU) in Active Directory in which to store the group. You can specify an OU in Distinguished Name format (e.g. OU=Target OU,OU=London,DC=mydomain,DC=local), GUID format or as a path (e.g. MyGroups\London). If this is left blank, the group will be created in the 'Users' OU.
Primary SMTP address	PrimarySmtpAddress		string	The primary return email address that is used for the new group.
Member depart restriction	MemberDepartRestriction		string	Allows you to specify restrictions on a member leaving a distribution group. 'Open' is the default and allows members to leave the group without approval, 'Closed' restricts members from leaving the group. This option is ignored for security groups since users cannot remove themselves from security groups.
Member join restriction	MemberJoinRestriction		string	Allows you to specify restrictions on a member joining a distribution group after it has been created. 'Open' allows members to join the group without approval, 'Closed' (the default) restricts members from joining the group, 'ApprovalRequired' allows a member to request joining the group and they are added if a group owner accepts the request. This option is ignored for security groups since users cannot add themselves to security groups.
Require sender authentication	RequireSenderAuthenticationEnabled		boolean	Set to true to specify that the group will only accept messages from authenticated (internal) senders. Set to false to accept messages from all senders.
Group type	Type		string	Specify the type of group to create. 'Distribution' is the default and creates a distribution group. 'Security' is used to create a mail-enabled security group.
Exception if group already exists	ErrorIfGroupAlreadyExists		boolean	Should an exception occur if the group already exists? Set to false to simply do nothing if the group already exists (e.g. it has already been created). Set to true if the group already existing is an error (i.e. it was not expected to exist).
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Action result JSON	PowerShellJSONOutput	string	The output from the create distribution group action, in JSON format. This will typically hold the details of the created group.
Group already exists	GroupAlreadyExists	boolean	If the group already exists (and 'Exception if group already exists' is set to false), this will be set to true to inform you that the group didn't actually get created because it already exists.
New group DN	NewGroupDN	string	The Distinguished Name (DN) of the newly created group. This is a unique identifier for the group which could be used in further actions on this group.
New group GUID	NewGroupGUID	string	The GUID of the newly created (enabled) group. This is a unique identifier for the group which could be used in further actions on this group.

Create a new Office 365 distribution group

Operation ID:: O365NewO365DistributionGroup

Creates a new Microsoft Exchange Online or Office 365 distribution group or mail-enabled security group.

Parameters

Name	Key	Required	Type	Description
Group name	Name	True	string	The unique name for the new group.
Alias	Alias		string	The alias (also known as mail nickname) for the new group. If you don't specify a SMTP address, the alias will be used to generate the name component of the email address (e.g. alias@mydomain.com).
Display name	DisplayName		string	The display name of the group. This is visible in address lists.
Notes	Notes		string	Optional notes about the object.
Managed by	ManagedBy		string	The owner of the group. If you don't specify an owner, the user that created the group will become the owner. The owner can be a mailbox, mail user or mail-enabled security group. You can specify a mailbox by Name, Alias, Object Id (e.g. UUID/GUID value), Email address, GUID, SAMAccountName (even users in non Active Directory connected environments have a SAMAccountName) or User Principal Name (UPN).
Members	Members		string	A comma separated list of members to add to the new group. You can specify members by Name, Alias, Distinguished Name (e.g. CN=MyGroup,OU=My Groups,DC=mydomain,DC=local), Email address or GUID.
Organizational unit	OrganizationalUnit		string	The Organizational Unit (OU) in Azure Active Directory in which to store the group. You can specify an OU in Distinguished Name format (e.g. OU=Target OU,OU=London,DC=mydomain,DC=local) or GUID format.
Primary SMTP address	PrimarySmtpAddress		string	The primary return email address that is used for the new group.
Member depart restriction	MemberDepartRestriction		string	Allows you to specify restrictions on a member leaving the group. 'Open' is the default and allows members to leave the group without approval, 'Closed' restricts members from leaving the group.
Member join restriction	MemberJoinRestriction		string	Allows you to specify restrictions on a member joining the group after it has been created. 'Open' allows members to join the group without approval, 'Closed' (the default) restricts members from joining the group, 'ApprovalRequired' allows a member to request joining the group and they are added if a group owner accepts the request.
Require sender authentication	RequireSenderAuthenticationEnabled		boolean	Set to true to specify that the group will only accept messages from authenticated (internal) senders. Set to false to accept messages from all senders.
Group type	Type		string	Specify the type of group to create. 'Distribution' is the default and creates a distribution group. 'Security' is used to create a mail-enabled security group.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Action result JSON	PowerShellJSONOutput	string	The output from the create distribution group action, in JSON format. This will typically hold the details of the created group.
Group already exists	GroupAlreadyExists	boolean	If the group already exists, this will be set to true to inform you that the group didn't actually get created.
Created group DN	CreatedGroupDN	string	The Distinguished Name (DN) of the created group (or the existing group).
Created group GUID	CreatedGroupGUID	string	The GUID of the created group (or the existing group).
Created group Identity	CreatedGroupIdentity	string	The identity of the created group (or the existing group).

Create Microsoft Exchange mailbox and user account

Operation ID:: ExchangeNewMailbox

Create a mail-enabled user in on-premises Active Directory and create an associated mailbox in Microsoft Exchange. Only use this action if the user doesn't exist in on-premises Active Directory. If the user already exists, use the action 'Create a Microsoft Exchange mailbox for a user'.

Parameters

Name	Key	Required	Type	Description
First name	FirstName		string	The user's first name.
Last name	LastName		string	The user's last name / surname.
Organizational unit	OrganizationalUnit		string	The Organisation Unit (OU) in which to store the user in Distinguished Name format (e.g. OU=Target OU,OU=London,DC=mydomain,DC=local), GUID format or as a path (e.g. MyUsers\London). If this is left blank, the user will be created in the 'Users' OU.
Name	Name	True	string	The name of the Active Directory user. This appears in the 'Name' column in AD users and computers and in the top of the User 'General' tab. This is not the user logon name.
Display name	DisplayName		string	The optional user display name.
Alias	Alias		string	The Exchange alias (also known as mail nickname) for the user. If the email address policy is enabled, this will be used to generate the name component of the Primary SMTP email address (e.g. alias@mydomain.com). If the email address policy is not enabled, you may wish to set the primary SMTP address instead.
Primary SMTP address	PrimarySmtpAddress		string	The primary return email address that is used for the recipient. You are unlikely to be able to set this if the 'Email address policy' is enabled so either use 'Alias' instead (and the policy will create the Primary SMTP address from the alias) or disable the email address policy.
User Principal Name	UserPrincipalName	True	string	The user logon name in Active Directory. This generally should be in the format 'name@domainFQDN' (e.g. 'TestUser1@domain.local'). The user can logon using this format: name@domainFQDN.
SAM account name	SamAccountName		string	The user logon name (pre-Windows 2000) in Active Directory. This is in the format 'name' (e.g. 'TestUser1'). The user can logon using this format: DOMAIN\name.
Account password	Password		password	The user password. This must be specified and meet the Active Directory password complexity rules. If this is a 'Stored' password, enter in the format {IAConnectPassword:StoredPasswordIdentifier} and set the 'stored password' input to true. If this is an Orchestrator generic credential, enter in the format {OrchestratorCredential:FriendlyName} and set the 'stored password' input to true.
Account password is stored password	AccountPasswordIsStoredPassword		boolean	Set to true if the password is an IA-Connect stored password identifier (for example: generated by the 'Generate password' action) or an IA-Connect Orchestrator generic credential (for example: If using IA-Connect with a PA flow).
User must change password at next logon	ResetPasswordOnNextLogon		boolean	Set to true if you want to force the user to change their password when they login (i.e. the new password being set here is a one-time password to get the user logged-in). Set to false if this is the password the user will use until they manually change it.
Database	Database		string	The Exchange database to contain the new database. You can specify the database by Distinguished Name, GUID or Name.
Is shared mailbox	SharedMailbox		boolean	Set to true if the mailbox being created should be a shared mailbox.
Email address policy enabled	EmailAddressPolicyEnabled		boolean	Set to true if you want to automatically update email addresses based on the email address policy applied to this recipient. If the email address policy is enabled, this generally will impact your ability to set the primary SMTP address. Set to false to disable the feature, giving you full control to manually setting email addresses. Leave blank if you don't want to set this option (i.e. leave at the existing or default value).
Create archive mailbox	Archive		boolean	Set to true if you want to additionally create an archive mailbox in Microsoft Exchange Online or Office 365.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Action result JSON	PowerShellJSONOutput	string	The output from the new mailbox action, in JSON format.
New mailbox DN	NewMailboxDN	string	The Distinguished Name (DN) of the newly created mailbox. This is a unique identifier for the mailbox which could be used in further actions on this mailbox.
New mailbox GUID	NewMailboxGUID	string	The GUID of the newly created mailbox. This is a unique identifier for the mailbox which could be used in further actions on this mailbox.

Create Microsoft Exchange Online mailbox and user account

Operation ID:: ExchangeNewRemoteMailbox

Create a mail-enabled user in on-premises Active Directory and create an associated remote mailbox in Microsoft Exchange Online or Office 365. Only use this action if the user doesn't exist in on-premises Active Directory. If the user already exists, use the action 'Create Microsoft Exchange Online mailbox for a user'. The request is sent via your on-premises Microsoft Exchange server which must be setup for a hybrid deployment.

Parameters

Name	Key	Required	Type	Description
First name	FirstName		string	The user's first name.
Last name	LastName		string	The user's last name / surname.
Organizational unit	OnPremisesOrganizationalUnit		string	The Organisation Unit (OU) in which to store the user in Distinguished Name format (e.g. OU=Target OU,OU=London,DC=mydomain,DC=local), GUID format or as a path (e.g. MyUsers\London). If this is left blank, the user will be created in the 'Users' OU.
Name	Name	True	string	The name of the Active Directory user. This appears in the 'Name' column in AD users and computers and in the top of the User 'General' tab. This is not the user logon name.
Display name	DisplayName		string	The optional user display name.
Remote routing address	RemoteRoutingAddress		string	Set this to override the SMTP address of the mailbox in Microsoft Exchange Online or Office 365 that this user is associated with. If you leave this field blank (the default), the remote routing address is automatically calculated based on your directory synchronisation between on-premises and Microsoft Exchange Online.
Alias	Alias		string	The Exchange alias (also known as mail nickname) for the user. If the email address policy is enabled, this will be used to generate the name component of the Primary SMTP email address (e.g. alias@mydomain.com). If the email address policy is not enabled, you may wish to set the primary SMTP address instead.
Primary SMTP address	PrimarySmtpAddress		string	The primary return email address that is used for the recipient. You are unlikely to be able to set this if the 'Email address policy' is enabled so either use 'Alias' instead (and the policy will create the Primary SMTP address from the alias) or disable the email address policy.
User Principal Name	UserPrincipalName	True	string	The user logon name in Active Directory. This generally should be in the format 'name@domainFQDN' (e.g. 'TestUser1@domain.local'). The user can logon using this format: name@domainFQDN.
SAM account name	SamAccountName		string	The user logon name (pre-Windows 2000) in Active Directory. This is in the format 'name' (e.g. 'TestUser1'). The user can logon using this format: DOMAIN\name.
Account password	Password		password	The user password. This must be specified and meet the Active Directory password complexity rules. If this is a 'Stored' password, enter in the format {IAConnectPassword:StoredPasswordIdentifier} and set the 'stored password' input to true. If this is an Orchestrator generic credential, enter in the format {OrchestratorCredential:FriendlyName} and set the 'stored password' input to true.
Account password is stored password	AccountPasswordIsStoredPassword		boolean	Set to true if the password is an IA-Connect stored password identifier (for example: generated by the 'Generate password' action) or an IA-Connect Orchestrator generic credential (for example: If using IA-Connect with a PA flow).
User must change password at next logon	ResetPasswordOnNextLogon		boolean	Set to true if you want to force the user to change their password when they login (i.e. the new password being set here is a one-time password to get the user logged-in). Set to false if this is the password the user will use until they manually change it.
Is shared mailbox	SharedMailbox		boolean	Set to true if the mailbox being created should be a shared mailbox.
Email address policy enabled	EmailAddressPolicyEnabled		boolean	Set to true if you want to automatically update email addresses based on the email address policy applied to this recipient. If the email address policy is enabled, this generally will impact your ability to set the primary SMTP address. Set to false to disable the feature, giving you full control to manually setting email addresses. Leave blank if you don't want to set this option (i.e. leave at the existing or default value).
Create archive mailbox	Archive		boolean	Set to true if you want to additionally create an archive mailbox in Microsoft Exchange Online or Office 365.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Action result JSON	PowerShellJSONOutput	string	The output from the new remote mailbox action, in JSON format.
New mailbox DN	NewMailboxDN	string	The Distinguished Name (DN) of the newly created mailbox. This is a unique identifier for the mailbox which could be used in further actions on this mailbox.
New mailbox GUID	NewMailboxGUID	string	The GUID of the newly created mailbox. This is a unique identifier for the mailbox which could be used in further actions on this mailbox.

Create Microsoft Exchange Online mailbox for a user

Operation ID:: ExchangeEnableRemoteMailbox

Creates a Microsoft Exchange Online or Office 365 (remote) mailbox or archive mailbox for an existing user in on-premises Active Directory who doesn't already have a mailbox. The request is sent via your on-premises Microsoft Exchange server which must be setup for a hybrid deployment. You can also use this action to archive an existing remote mailbox.

Parameters

Name	Key	Required	Type	Description
Mailbox identity	Identity	True	string	The identity of the existing user you want to create a mailbox for. You can specify a user by Distinguished Name (e.g. CN=User1,OU=My Users,DC=mydomain,DC=local), GUID, SID, SAMAccountName / pre-2K name (e.g. 'User1') or Name (e.g. 'User1').
Alias	Alias		string	The Exchange alias (also known as mail nickname) for the user. If the email address policy is enabled, this will be used to generate the name component of the Primary SMTP email address (e.g. alias@mydomain.com). If the email address policy is not enabled, you may wish to set the primary SMTP address instead.
Display name	DisplayName		string	The display name of the mailbox. This is visible in address lists.
Remote routing address	RemoteRoutingAddress		string	The SMTP address of the mailbox in Microsoft Exchange Online or Office 365 that this user is associated with.
Primary SMTP address	PrimarySmtpAddress		string	The primary return email address that is used for the recipient. You are unlikely to be able to set this if the 'Email address policy' is enabled so either use 'Alias' instead or disable the email address policy.
Create archive mailbox	Archive		boolean	Set to true if you want to additionally create an archive mailbox in Microsoft Exchange Online or Office 365.
Email address policy enabled	EmailAddressPolicyEnabled		boolean	Set to true if you want to automatically update email addresses based on the email address policy applied to this recipient. If the email address policy is enabled, this generally will impact your ability to set the primary SMTP address. Set to false to disable the feature, giving you full control to manually setting email addresses. Leave blank if you don't want to set this option (i.e. leave at the existing or default value).
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Action result JSON	PowerShellJSONOutput	string	The output from the enable remote mailbox action, in JSON format.
New mailbox DN	NewMailboxDN	string	The Distinguished Name (DN) of the newly created (enabled) mailbox. This is a unique identifier for the mailbox which could be used in further actions on this mailbox.
New mailbox GUID	NewMailboxGUID	string	The GUID of the newly created (enabled) mailbox. This is a unique identifier for the mailbox which could be used in further actions on this mailbox.

Create Office 365 archive mailbox for existing user

Operation ID:: O365EnableArchiveMailbox

Creates a archived mailbox in Microsoft Exchange online for an existing user in Azure Active Directory / Entra ID. The user must have already have a mailbox and suitable license.

Parameters

Name	Key	Required	Type	Description
Mailbox identity	Identity	True	string	The Id of a Microsoft Exchange Online or Office 365 mailbox. You can specify a mailbox by Name, Alias, Object Id (e.g. UUID/GUID value), Email address, GUID, SAMAccountName (even users in non Active Directory connected environments have a SAMAccountName) or User Principal Name (UPN).
Check if archive exists	CheckIfArchiveExists		boolean	If set to true (the default), the IA-Connect Agent will check if the mailbox already has an archive. If an archive already exists, there is nothing to do (since you cannot create an archive twice) and the Agent will return success. If set to false, the IA-Connect Agent will not check if the mailbox already has an archive, resulting in an exception if it already exists.
Archive name	ArchiveName		string	The optional archive name. If not specified, this defaults to 'In-Place Archive - {Display name}'.
Auto expanding archive	AutoExpandingArchive		boolean	If set to true, additional storage space is automatically added to the archive mailbox when it approaches the storage limit. This feature cannot be disabled, once enabled.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	O365EnableArchiveMailboxResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Create Office 365 mailbox and user account

Operation ID:: O365NewMailbox

Create a mailbox in Microsoft Exchange online and a user account in Azure Active Directory / Entra ID. Only use this action if the user doesn't already exist in Azure Active Directory / Entra ID. If the user already exists, assign a suitable license to the user account instead.

Parameters

Name	Key	Required	Type	Description
Microsoft Online services Id	MicrosoftOnlineServicesID	True	string	The user's unique Id. This is typically in the format 'name@xxx.onmicrosoft.com'.
Name	Name	True	string	The unique name of the mailbox. This is an internal value which won't be visible externally. It is recommended that you set it to the same value as the name component of their Microsoft Online services Id (e.g. 'user1'), unless you have an alternative procedure, or a good reason to use a different value.
First name	FirstName		string	The user's first name.
Last name	LastName		string	The user's last name / surname.
Initials	Initials		string	The user's middle initials.
Display name	DisplayName		string	The optional user display name.
Alias	Alias		string	The mailbox alias (also known as mail nickname) for the user. This value will be used to generate the name component of the user's SMTP email address (e.g. an alias of 'alias' would result in alias@mydomain.com). If this differs from the Primary SMTP address, this will result in the user having multiple SMTP addresses. If this value is not provided, no user aliases will be setup and the user will only have a primary SMTP address.
Primary SMTP address	PrimarySmtpAddress		string	The primary return SMTP email address that is used for the recipient. If this differs from the user alias, this will result in the user having multiple SMTP addresses. If this value is not provided, the primary SMTP address will be automatically calculated based on the organisation policy (which typically will be based on the default domain set in the Office 365 admin center).
Account password	Password		password	The user password. This must be specified and meet the Azure Active Directory password complexity rules. If this is a 'Stored' password, enter in the format {IAConnectPassword:StoredPasswordIdentifier} and set the 'stored password' input to true. If this is an Orchestrator generic credential, enter in the format {OrchestratorCredential:FriendlyName} and set the 'stored password' input to true.
Account password is stored password	AccountPasswordIsStoredPassword		boolean	Set to true if the password is an IA-Connect stored password identifier (for example: generated by the 'Generate password' action) or an IA-Connect Orchestrator generic credential (for example: If using IA-Connect with a PA flow).
User must change password at next logon	ResetPasswordOnNextLogon		boolean	Set to true if you want to force the user to change their password when they login (i.e. the new password being set here is a one-time password to get the user logged-in). Set to false if this is the password the user will use until they manually change it.
Create archive mailbox	Archive		boolean	Set to true if you want to additionally create an archive mailbox in Microsoft Exchange Online or Office 365.
Mailbox plan	MailboxPlan		string	The optional mailbox plan to apply to the mailbox. A mailbox plan specifies the permissions and features that are available to a mailbox. You can see the available mailbox plans by running the script 'Get-MailboxPlan' in the 'Office 365' PowerShell runspace in the IA-Connect Inspector.
Mailbox region	MailboxRegion		string	The optional geo region in which to create the mailbox, when in a multi-geo environment.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Action result JSON	PowerShellJSONOutput	string	The output from the new mailbox action, in JSON format.
New user Microsoft Online services Id	NewUserMicrosoftOnlineServicesID	string	The Microsoft Online services Id of the newly created user account. This is a unique identifier for the user which could be used in further actions.
New mailbox GUID	NewMailboxGUID	string	The GUID of the newly created mailbox. This is a unique identifier for the mailbox which could be used in further actions.
New mailbox primary SMTP address	NewMailboxPrimarySmtpAddress	string	The primary SMTP address of the newly created mailbox.

Create Office 365 shared mailbox and user account

Operation ID:: O365NewSharedMailbox

Create a shared mailbox in Microsoft Exchange online and a user account in Azure Active Directory / Entra ID. Only use this action if the user doesn't already exist in Azure Active Directory / Entra ID. The shared mailbox SMTP address will be based on the name, alias or primary SMTP address (depending on which inputs are provided).

Parameters

Name	Key	Required	Type	Description
Name	Name	True	string	The unique name of the mailbox. This is an internal value which won't be visible externally (unless you don't set an alias or primary SMTP address, in which case it will be used as the name component of the mailbox SMTP email address). It is recommended that you set it to the same value as the alias, unless you have an alternative procedure, or a good reason to use a different value.
First name	FirstName		string	The mailbox user's first name.
Last name	LastName		string	The mailbox user's last name / surname.
Initials	Initials		string	The mailbox user's middle initials.
Display name	DisplayName		string	The optional mailbox display name.
Alias	Alias		string	The mailbox alias (also known as mail nickname) for the user. This value will be used to generate the name component of the mailbox SMTP email address (e.g. an alias of 'alias' would result in alias@mydomain.com). If this differs from the Primary SMTP address, this will result in the mailbox having multiple SMTP addresses. If this value is not provided, no mailbox aliases will be setup and the mailbox will only have a primary SMTP address.
Primary SMTP address	PrimarySmtpAddress		string	The primary return SMTP email address that is used for the recipient. If this differs from the mailbox alias, this will result in the mailbox having multiple SMTP addresses. If this value is not provided, the primary SMTP address will be automatically calculated based on the alias or name and the organisation policy (which typically will be based on the default domain set in the Office 365 admin center).
Create archive mailbox	Archive		boolean	Set to true if you want to additionally create an archive mailbox in Microsoft Exchange Online or Office 365.
Mailbox region	MailboxRegion		string	The optional geo region in which to create the mailbox, when in a multi-geo environment.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Action result JSON	PowerShellJSONOutput	string	The output from the new mailbox action, in JSON format.
New user Microsoft Online services Id	NewUserMicrosoftOnlineServicesID	string	The Microsoft Online services Id of the newly created mailbox user account. This is a unique identifier for the mailbox which could be used in further actions.
New mailbox GUID	NewMailboxGUID	string	The GUID of the newly created mailbox. This is a unique identifier for the mailbox which could be used in further actions.
New mailbox primary SMTP address	NewMailboxPrimarySmtpAddress	string	The primary SMTP address of the newly created mailbox.

Disable Active Directory user account

Operation ID:: ActiveDirectoryDisableADUserByIdentity

Disables an Active Directory user account. If a user account is disabled, the user cannot logon.

Parameters

Name	Key	Required	Type	Description
User identity	UserIdentity	True	string	The identity of the Active Directory user. You can specify a user by Distinguished Name (e.g. CN=User1,OU=My Users,DC=mydomain,DC=local), GUID, SID, SAMAccountName / pre-2K name (e.g. 'User1') or Name (e.g. 'User1').
AD server	ADServer		string	The optional name or Fully Qualified Domain Name (FQDN) of an Active Directory Domain Controller (DC) to contact to perform the requested action. If left blank, the Active Directory Domain Controller (DC) is automatically determined using site settings.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	ActiveDirectoryDisableADUserByIdentityResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Disable Azure AD user

Operation ID:: AzureADv2DisableUser

Disables an Azure Active Directory user. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.

Parameters

Name	Key	Required	Type	Description
User object Id or UPN	UserObjectId	True	string	The Id of an Azure Active Directory user. You can specify a user by UPN (e.g. user@mydomain.onmicrosoft.com) or ObjectId (e.g. UUID/GUID value).
Revoke user refresh tokens	RevokeUserRefreshTokens		boolean	Set to true to revoke any refresh tokens issued to the user, which will cause any open sessions to stop working, typically within the hour (when their sessions attempt to use a refresh token to keep their connection alive).
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	AzureADv2DisableUserResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Disable the Microsoft Exchange mailbox for a user

Operation ID:: ExchangeDisableMailbox

Disable an existing Microsoft Exchange mailbox.

Parameters

Name	Key	Required	Type	Description
Mailbox identity	Identity	True	string	The identity of the Microsoft Exchange mailbox. You can specify a mailbox by Name, Alias, Distinguished Name (e.g. CN=User1,OU=My Users,DC=mydomain,DC=local), DOMAIN\username, Email address, GUID, SAMAccountName or User Principal Name (UPN).
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Action result JSON	PowerShellJSONOutput	string	The output from the disable mailbox action, in JSON format.

Disable the Microsoft Exchange Online mailbox for a user

Operation ID:: ExchangeDisableRemoteMailbox

Disable an existing Microsoft Exchange Online or Office 365 (remote) mailbox. The request is sent via your on-premises Microsoft Exchange server which must be setup for a hybrid deployment.

Parameters

Name	Key	Required	Type	Description
Mailbox identity	Identity	True	string	The identity of the Microsoft Exchange Online or Office 365 (remote) mailbox. You can specify a Microsoft Exchange Online or Office 365 (remote) mailbox by Active Directory object Id, Alias, Distinguished Name (e.g. CN=User1,OU=My Users,DC=mydomain,DC=local), DOMAIN\username, Email address, GUID or User Principal Name (UPN).
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Action result JSON	PowerShellJSONOutput	string	The output from the disable mailbox action, in JSON format.

Disconnect from Active Directory

Operation ID:: CloseActiveDirectoryPowerShellRunspace

If you have used the action 'Open Active Directory PowerShell runspace with credentials' to run Active Directory PowerShell commands as an alternative user account or to an alternative domain, this action returns the IA-Connect Agent to the default behaviour of running Active Directory actions as the user account the IA-Connect Agent is running as.

Parameters

Name	Key	Required	Type	Description
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	CloseActiveDirectoryPowerShellRunspaceResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Disconnect from Azure AD

Operation ID:: CloseAzureADv2PowerShellRunspace

Disconnects IA-Connect from Azure Active Directory (also known as Microsoft Entra ID, Azure AD or AAD). You will not be able to issue Azure AD actions again until you reconnect. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to originally connect.

Parameters

Name	Key	Required	Type	Description
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	CloseAzureADv2PowerShellRunspaceResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Disconnect from Microsoft Exchange

Operation ID:: CloseExchangePowerShellRunspace

Disconnects IA-Connect from a Microsoft Exchange server (connected using the action 'Connect to Microsoft Exchange'). You will not be able to issue Microsoft Exchange PowerShell actions again until you reconnect.

Parameters

Name	Key	Required	Type	Description
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	CloseExchangePowerShellRunspaceResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Disconnect from Office 365

Operation ID:: CloseO365PowerShellRunspace

Disconnects IA-Connect from Office 365 using the Office 365 PowerShell modules (connected using the action 'Connect to Office 365'). You will not be able to issue Office 365 PowerShell actions again until you reconnect.

Parameters

Name	Key	Required	Type	Description
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	CloseO365PowerShellRunspaceResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Does Active Directory group exist

Operation ID:: ActiveDirectoryDoesADGroupExist

Returns whether a specified Active Directory group exists.

Parameters

Name	Key	Required	Type	Description
Group identity	GroupIdentity	True	string	The identity of the Active Directory group. You can specify a group by Distinguished Name (e.g. CN=Group1,OU=My Groups,DC=mydomain,DC=local), GUID, SID, or SAMAccountName / pre-2K name (e.g. 'Group1'). You cannot use display name or group name (although group name will often be the same as pre-2K name which can be used).
AD server	ADServer		string	The optional name or Fully Qualified Domain Name (FQDN) of an Active Directory Domain Controller (DC) to contact to perform the requested action. If left blank, the Active Directory Domain Controller (DC) is automatically determined using site settings.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
AD group exists	ADGroupExists	boolean	This output returns true if the AD group exists, false if the AD group does not.
AD group DN	ADGroupDN	string	If the AD group exists, this output contains the group Distinguished Name (DN).

Does Microsoft Exchange mailbox exist

Operation ID:: ExchangeDoesMailboxExist

Returns whether the specified Exchange mailbox exists.

Parameters

Name	Key	Required	Type	Description
Mailbox identity	Identity		string	The identity of the Microsoft Exchange mailbox. You can specify a mailbox by Name, Alias, Distinguished Name (e.g. CN=User1,OU=My Users,DC=mydomain,DC=local), DOMAIN\username, Email address, GUID, SAMAccountName or User Principal Name (UPN).
Filter property name	FilterPropertyName		string	As an alternative to searching by identity, provide the name of the property to filter the mailboxes by. Common property names are: Name, Alias, PrimarySMTPAddress, DisplayName, SamAccountName. If using a filter, you also need to populate the 'Filter property comparison' and 'Filter property value' fields.
Filter property comparison	FilterPropertyComparison		string	If searching by 'Filter property name' as an alternative to searching by identity, enter the type of comparison here (for example: If the filter property name is 'Alias', the comparison could be 'equals' or 'like'). If you wish to enter a raw filter (in OPATH format), choose a comparison type of 'Raw: Enter filter manually' and enter the full filter in the 'Filter property value' field.
Filter property value	FilterPropertyValue		string	If searching by filter as an alternative to searching by identity, enter the value of the filter property here (for example: If the filter property name is 'Alias', the filter property value might be 'JohnDoe').
Recipient type details	RecipientTypeDetails		string	The type of mailbox to search for. If this field is left blank, all types of mailbox will be included in the search.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Mailbox exists	MailboxExists	boolean	True if the Exchange mailbox exists. False if the Exchange mailbox does not exist.

Does Microsoft Exchange Online mailbox exist

Operation ID:: ExchangeDoesRemoteMailboxExist

Returns whether the specified Microsoft Exchange Online or Office 365 (remote) mailbox exists. The request is sent via your on-premises Microsoft Exchange server which must be setup for a hybrid deployment.

Parameters

Name	Key	Required	Type	Description
Mailbox identity	Identity		string	The identity of the Microsoft Exchange Online or Office 365 (remote) mailbox. You can specify a Microsoft Exchange Online or Office 365 (remote) mailbox by Active Directory object Id, Alias, Distinguished Name (e.g. CN=User1,OU=My Users,DC=mydomain,DC=local), DOMAIN\username, Email address, GUID or User Principal Name (UPN).
Filter property name	FilterPropertyName		string	As an alternative to searching by identity, provide the name of the property to filter the mailboxes by. Common property names are: Name, Alias, PrimarySMTPAddress, DisplayName. If using a filter, you also need to populate the 'Filter property comparison' and 'Filter property value' fields.
Filter property comparison	FilterPropertyComparison		string	If searching by filter as an alternative to searching by identity, enter the type of comparison here (for example: If the filter property name is 'Alias', the comparison could be 'equals' or 'like'). If you wish to enter a raw filter (in OPATH format), choose a comparison type of 'Raw: Enter filter manually' and enter the full filter in the 'Filter property value' field.
Filter property value	FilterPropertyValue		string	If searching by filter as an alternative to searching by identity, enter the value of the filter property here (for example: If the filter property name is 'Alias', the filter property value might be 'JohnDoe').
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Mailbox exists	MailboxExists	boolean	True if the Microsoft Exchange Online mailbox exists. False if the Microsoft Exchange Online mailbox does not exist.

Does Office 365 mailbox have an archive

Operation ID:: O365DoesMailboxHaveAnArchive

Reports whether an existing mailbox in Microsoft Exchange online has an archive mailbox. If the mailbox does not exist, an exception will be raised.

Parameters

Name	Key	Required	Type	Description
Mailbox identity	Identity	True	string	The Id of a Microsoft Exchange Online or Office 365 mailbox. You can specify a mailbox by Name, Alias, Object Id (e.g. UUID/GUID value), Email address, GUID, SAMAccountName (even users in non Active Directory connected environments have a SAMAccountName) or User Principal Name (UPN).
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Mailbox has an archive	MailboxHasAnArchive	boolean	Set to true if the mailbox has an archive.

Enable Active Directory user account

Operation ID:: ActiveDirectoryEnableADUserByIdentity

Enables an Active Directory user account. If the account is not disabled, this command does nothing.

Parameters

Name	Key	Required	Type	Description
User identity	UserIdentity	True	string	The identity of the Active Directory user. You can specify a user by Distinguished Name (e.g. CN=User1,OU=My Users,DC=mydomain,DC=local), GUID, SID, SAMAccountName / pre-2K name (e.g. 'User1') or Name (e.g. 'User1').
AD server	ADServer		string	The optional name or Fully Qualified Domain Name (FQDN) of an Active Directory Domain Controller (DC) to contact to perform the requested action. If left blank, the Active Directory Domain Controller (DC) is automatically determined using site settings.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	ActiveDirectoryEnableADUserByIdentityResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Enable Azure AD user

Operation ID:: AzureADv2EnableUser

Enables an Azure Active Directory user. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.

Parameters

Name	Key	Required	Type	Description
User object Id or UPN	UserObjectId	True	string	The Id of an Azure Active Directory user. You can specify a user by UPN (e.g. user@mydomain.onmicrosoft.com) or ObjectId (e.g. UUID/GUID value).
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	AzureADv2EnableUserResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Get Active Directory domain FQDN from DN

Operation ID:: ActiveDirectoryGetDomainFQDNFromDN

A utility function. Given an Active Directory user's Distinguished Name (DN), returns the Active Directory domain containing the user.

Parameters

Name	Key	Required	Type	Description
User DN	DN	True	string	The search user's Distinguished Name (e.g. CN=User1,OU=My Users,DC=mydomain,DC=local).
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Domain FQDN	DomainFQDN	string	The Active Directory domain containing the user.

Get Active Directory domain info

Operation ID:: ActiveDirectoryGetDomainInfo

Retrieves information about an Active Directory domain.

Parameters

Name	Key	Required	Type	Description
AD server	ADServer		string	The optional name or Fully Qualified Domain Name (FQDN) of an Active Directory Domain Controller (DC) to send the domain request to. The domain controller will then obtain the requested information for the specified domain.
Predefined Domain identity	PredefinedIdentity		string	User: Information will be retrieved for the domain the currently logged in user belongs to. Computer: Information will be retrieved for the domain the computer (on which the IA-Connect session is running on) belongs to. Manual: Enter the Active Directory Domain in the 'Domain identity' field. If this field is blank and the 'Domain identity' field has a value, that value will be used.
Domain identity	Identity		string	This field is only used if the 'Predefined Domain identity' is set to 'Manual' (or blank). The identity of an Active Directory domain to retrieve domain information for. You can specify an Active Directory domain by Distinguished Name (e.g. DC=mydomain,DC=local), GUID, SID, DNS domain name (e.g. mydomain.local) or NetBIOS name (e.g. MYDOMAIN).
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Distinguished name	DistinguishedName	string	The Distinguished Name (DN) of the domain.
DNS root name	DNSRoot	string	The name of the top-level DNS root of the domain.
Domain mode	DomainMode	string	The mode or level of the domain (e.g. Windows2003Domain or Windows2016Domain).
Domain SID	DomainSID	string	The Security Identifier (SID) of the domain.
Forest	Forest	string	The name of the Active Directory forest (the top-most logical container).
Infrastructure master	InfrastructureMaster	string	The name of the Domain Controller (DC) with the infrastructure master role.
Domain NetBIOS name	NetBIOSName	string	The NetBIOS name of the domain (e.g. MYDOMAIN).
Domain GUID	ObjectGUID	string	The GUID of the domain.
PDC emulator	PDCEmulator	string	The name of the Domain Controller (DC) with the PDC emulator role.
RID master	RIDMaster	string	The name of the Domain Controller (DC) with the RID master role.

Get Active Directory group

Operation ID:: ActiveDirectoryGetADGroupByIdentity

Returns the properties of a specified Active Directory group or groups. You can search either by identity (to locate a single group) or using a filter (to locate one or more groups).

Parameters

Name	Key	Required	Type	Description
Identity	Identity		string	The identity of the Active Directory group. You can specify a group by Distinguished Name (e.g. CN=Group1,OU=My Groups,DC=mydomain,DC=local), GUID, SID, or SAMAccountName / pre-2K name (e.g. 'Group1'). You cannot use display name or group name (although group name will often be the same as pre-2K name which can be used).
Filter property name	FilterPropertyName		string	As an alternative to searching by identity, provide the name of the property to filter the groups by. Common property names for a group search are: name, description, samaccountname.
Filter property comparison	FilterPropertyComparison		string	If searching by filter as an alternative to searching by identity, enter the type of comparison here (for example: If the filter property name is 'Alias', the comparison could be 'equals' or 'like'). If you wish to enter a raw filter (in OPATH format), choose a comparison type of 'Raw: Enter filter manually' and enter the full filter in the 'Filter property value' field. If you wish to enter an LDAP filter, choose a comparison type of 'LDAP: Enter LDAP filter' and enter the full filter in the 'Filter property value' field.
Filter property value	FilterPropertyValue		string	As an alternative to searching by identity, the value of the 'Filter property name' to filter the groups by.
Search OU base	SearchOUBase		string	The top-level Organization Unit (OU) to search under. Only supported when searching using a filter, not by identity. If not specified, the entire domain is searched. The OU can be specified in Distinguished Name format (e.g. OU=London,OU=MyGroups,DC=mydomain,DC=local), GUID format or as a path (e.g. MyGroups\London).
Search OU base subtree	SearchOUBaseSubtree		boolean	If set to true (the default) and a search OU base is provided, the search OU base and all sub-OUs will be searched. If set to false and a search OU base is provided, only the search OU base will be searched. This input is not used if a search OU base is not provided, or if you are searching by identity.
Raise exception if group does not exist	RaiseExceptionIfGroupDoesNotExist		boolean	If set to true and the group does not exist, an exception will be raised. If set to false and the group does not exist, the action will report success but the output will report that no groups were found.
AD server	ADServer		string	The optional name or Fully Qualified Domain Name (FQDN) of an Active Directory Domain Controller (DC) to contact to perform the requested action. If left blank, the Active Directory Domain Controller (DC) is automatically determined using site settings.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Search results JSON	PowerShellJSONOutput	string	A list of groups (and their requested properties) which match the search identity.
Count of groups found	CountOfGroupsFound	integer	The number of groups found which match the search identity. Expected values are 0 or 1 for an identity search or any value for a filter search.

Get Active Directory group members

Operation ID:: ActiveDirectoryGetADGroupMembers

Returns a list of members of an Active Directory group.

Parameters

Name	Key	Required	Type	Description
Group identity	GroupIdentity	True	string	The identity of the Active Directory group. You can specify a group by Distinguished Name (e.g. CN=Group1,OU=My Groups,DC=mydomain,DC=local), GUID, SID, or SAMAccountName / pre-2K name (e.g. 'Group1'). You cannot use display name or group name (although group name will often be the same as pre-2K name which can be used).
Recursive	Recursive		boolean	If set to false (the default), only direct members of the group will be returned. If set to true, direct members and members of members will be returned, essentially returning all AD members at all levels.
AD server	ADServer		string	The optional name or Fully Qualified Domain Name (FQDN) of an Active Directory Domain Controller (DC) to contact to perform the requested action. If left blank, the Active Directory Domain Controller (DC) is automatically determined using site settings.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Group members JSON	GroupMembersJSON	string	The list of AD group members, in JSON format.
Count of group members found	CountOfGroupMembersFound	integer	The number of AD group members.

Get Active Directory OU from user DN

Operation ID:: ActiveDirectoryGetOUFromUserDN

A utility function. Given an Active Directory user's Distinguished Name (DN), returns the Organizational Unit (OU) the user is located within.

Parameters

Name	Key	Required	Type	Description
User DN	UserDN	True	string	The search user's Distinguished Name (e.g. CN=User1,OU=My Users,DC=mydomain,DC=local).
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
User OU	UserOU	string	The Organizational Unit (OU) the user is located within.

Get Active Directory user

Operation ID:: ActiveDirectoryGetADUserByIdentity

Returns the properties of a specified Active Directory user. You can search either by identity (to locate a single user) or using a filter (to locate one or more users).

Parameters

Name	Key	Required	Type	Description
Identity	Identity		string	The identity of the Active Directory user. You can specify a user by Distinguished Name (e.g. CN=User1,OU=My Users,DC=mydomain,DC=local), GUID, SID, SAMAccountName / pre-2K name (e.g. 'User1') or Name (e.g. 'User1').
Filter property name	FilterPropertyName		string	As an alternative to searching by identity, provide the name of the property to filter the users by. Common property names are: city, company, country, department, description, displayname, division, emailaddress, enabled, givenname, homedirectory, homedrive, homephone, initials, manager, office, organization, postalcode, profilepath, samaccountname, scriptpath, state, streetaddress, surname, title, userprincipalname.
Filter property comparison	FilterPropertyComparison		string	If searching by filter as an alternative to searching by identity, enter the type of comparison here (for example: If the filter property name is 'Alias', the comparison could be 'equals' or 'like'). If you wish to enter a raw filter (in OPATH format), choose a comparison type of 'Raw: Enter filter manually' and enter the full filter in the 'Filter property value' field. If you wish to enter an LDAP filter, choose a comparison type of 'LDAP: Enter LDAP filter' and enter the full filter in the 'Filter property value' field.
Filter property value	FilterPropertyValue		string	As an alternative to searching by identity, the value of the 'Filter property name' to filter the users by.
Search OU base	SearchOUBase		string	The top-level Organization Unit (OU) to search under. Only supported when searching using a filter, not by identity. If not specified, the entire domain is searched. The search base OU can be specified in Distinguished Name format (e.g. OU=London,OU=MyUsers,DC=mydomain,DC=local), GUID format or as a path (e.g. MyUsers\London).
Search OU base subtree	SearchOUBaseSubtree		boolean	If set to true (the default) and a search OU base is provided, the search OU base and all sub-OUs will be searched. If set to false and a search OU base is provided, only the search OU base will be searched. This input is not used if a search OU base is not provided, or if you are searching by identity.
Properties to retrieve	Properties		string	A comma separated list of additional user properties to retrieve. Common properties include: city, company, country, department, description, displayname, division, emailaddress, enabled, givenname, homedirectory, homedrive, homephone, initials, manager, office, organization, postalcode, profilepath, samaccountname, scriptpath, state, streetaddress, surname, title, userprincipalname. If you leave this field blank, a default set of properties are returned.
AD server	ADServer		string	The optional name or Fully Qualified Domain Name (FQDN) of an Active Directory Domain Controller (DC) to contact to perform the requested action. If left blank, the Active Directory Domain Controller (DC) is automatically determined using site settings.
Properties to return as collection	PropertiesToReturnAsCollectionJSON		string	If the PowerShell return data contains 'complex' properties (for example, collections of values, arrays, tables, or classes), these properties are not returned, by default, in the IA-Connect PowerShell response. This option allows you to specify which 'complex' properties (by name) IA-Connect should attempt to return as a collection. Depending on the property, its type and values, you should also consider using the alternative inputs 'Property names to serialize' and 'Property types to serialize' (pick one). This input can be entered in JSON or CSV format. For example: To return the EmailAddresses and MemberOf array properties, enter [{"PropertyName": "EmailAddresses"}, {"PropertyName": "MemberOf"}] (JSON table format), ["EmailAddresses", "MemberOf"] (JSON array format), or EmailAddresses,MemberOf (CSV format).
Property names to serialize	PropertyNamesToSerializeJSON		string	If the PowerShell return data contains 'complex' properties (for example, collections of values, arrays, tables, or classes), these properties are not returned, by default, in the IA-Connect PowerShell response. This option allows you to specify which 'complex' properties (by name) IA-Connect should serialize as JSON, so they are returned as a string type (which you can deserialize, once received). Depending on the property, its type and values, you should also consider using the alternative inputs 'Properties to return as collection' and 'Property types to serialize' (pick one). For example: To serialize the EmailAddresses and MemberOf properties, enter [{"PropertyName": "EmailAddresses"}, {"PropertyName": "MemberOf"}] (JSON table format), ["EmailAddresses", "MemberOf"] (JSON array format), or EmailAddresses,MemberOf (CSV format).
Property types to serialize	PropertyTypesToSerializeJSON		string	If the PowerShell return data contains 'complex' properties (for example, collections of values, arrays, tables, or classes), these properties are not returned, by default, in the IA-Connect PowerShell response. This option allows you to specify which 'complex' properties (by type) IA-Connect should serialize as JSON, so they are returned as a string type (which you can deserialize, once received). Depending on the property, its type and values, you should also consider using the alternative inputs 'Properties to return as collection' and 'Property names to serialize' (pick one). This input is a collection with a single 'PropertyType' field. For example: To serialize any property of type Microsoft.Graph.PowerShell.Models.IMicrosoftGraphServicePlanInfo[], enter [{"PropertyType": "Microsoft.Graph.PowerShell.Models.IMicrosoftGraphServicePlanInfo[]"}] (JSON table format), ["Microsoft.Graph.PowerShell.Models.IMicrosoftGraphServicePlanInfo[]"] (JSON array format), or 'Microsoft.Graph.PowerShell.Models.IMicrosoftGraphServicePlanInfo[] (CSV format).
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Search results JSON	PowerShellJSONOutput	string	A list of users (and their requested properties) which match the search identity, in JSON format.
Count of users found	CountOfUsersFound	integer	The number of users found which match the search identity. Usually 0 or 1 if searching by identity, or 0 or more if searching by filter property.

Get Active Directory user group membership

Operation ID:: ActiveDirectoryGetADUserGroupMembership

Returns a list of Active Directory groups the specified user is a member of, minus the primary group (usually 'Domain users') since it technically isn't a membership. This action only works with user accounts, you cannot use this action to query group membership of groups or computers.

Parameters

Name	Key	Required	Type	Description
User identity	UserIdentity	True	string	The user to query for group membership. You can specify a user by Distinguished Name (e.g. CN=User1,OU=My Users,DC=mydomain,DC=local), GUID, SID, SAMAccountName / pre-2K name (e.g. 'User1') or Name (e.g. 'User1').
AD server	ADServer		string	The optional name or Fully Qualified Domain Name (FQDN) of an Active Directory Domain Controller (DC) to contact to perform the requested action. If left blank, the Active Directory Domain Controller (DC) is automatically determined using site settings.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Group membership JSON	GroupMembershipJSON	string	The list of AD groups the user is a member of, in JSON format.
Count of groups found	CountOfGroupsFound	integer	The number of AD groups the user is a member of, minus the primary group (usually 'Domain users') which isn't counted.

Get Azure AD group members

Operation ID:: AzureADv2GetAzureADGroupMembers

Returns a list of members of an Azure Active Directory group. Members could be users, groups, devices or service principals / enterprise applications. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.

Parameters

Name	Key	Required	Type	Description
Group object Id or UPN	GroupObjectId	True	string	The Id of an Azure Active Directory user. You can specify a user by UPN (e.g. user@mydomain.onmicrosoft.com) or ObjectId (e.g. UUID/GUID value).
Properties to return	PropertiesToReturn		string	A comma separated list (CSV) of all member properties to return (retrieve). If blank (the default), IA-Connect will return AccountEnabled, DirSyncEnabled, DisplayName, Mail, MailNickName, ObjectId, ObjectType, SecurityEnabled, UserPrincipalName. Enter * to receive all properties.
Member object types to return	MemberObjectTypesToReturn		string	A comma separated list (CSV) of all member object types to return (retrieve). If blank (the default), IA-Connect will return all member object types which can be one or more of the following: User,Group,Device,ServicePrincipal.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Group members JSON	PowerShellJSONOutput	string	The list of AD group members, in JSON format.
Count of group members found	CountOfGroupMembersFound	integer	The number of Azure AD group members.

Get Azure AD groups

Operation ID:: AzureADv2GetGroups

Returns the details of groups in Azure Active Directory (also known as Microsoft Entra ID, Azure AD or AAD). You can search by object Id or using a filter. An object Id search should return 0 or 1 results. A filter search could return 0 or more results. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.

Parameters

Name	Key	Required	Type	Description
Group object Id	ObjectId		string	The object Id of an Azure Active Directory group to search for. You can specify a group by Display Name (e.g. "Finance users") or ObjectId (e.g. UUID/GUID value).
Filter property name	FilterPropertyName		string	As an alternative to searching by group object Id, provide the name of the property to filter the groups by. Common group property names are: Description, DisplayName and Mail. If using a filter, you also need to populate the 'Filter property comparison' and 'Filter property value' fields.
Filter property comparison	FilterPropertyComparison		string	If searching by filter as an alternative to searching by group object Id, enter the type of comparison here (for example: If the filter property name is 'DisplayName', the comparison could be 'equals' or 'starts with'). If you wish to enter a raw filter (in ODATA 3 format), choose a comparison type of 'Raw: Enter filter manually' and enter the full filter in the 'Filter property value' field.
Filter property value	FilterPropertyValue		string	If searching by filter as an alternative to searching by group object Id, enter the value of the filter property here (for example: If the filter property name is 'DisplayName', the filter property value might be 'London users').
Is no result an exception	NoResultIsAnException		boolean	Set to true to raise an exception if no groups are found. Set to false to simply report a count of 0 if no groups are found. Note the 'false' option may not work when used with Identity in non-English languages so consider searching using filters instead.
Properties to return	PropertiesToReturn		string	A comma separated list (CSV) of all group properties to return (retrieve). If blank (the default), IA-Connect will return a default set of common group properties. If using the Microsoft Graph Users PowerShell modules, the input allows you to both limit the returned properties or return additional properties. If using Azure AD v2, the input only allows you to limit the returned properties.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Search results JSON	PowerShellJSONOutput	string	A list of groups which match the search object Id or filter, in JSON format.
Count of groups found	CountOfGroupsFound	integer	The number of groups found which match the search object Id or filter.

Get Azure AD license SKUs

Operation ID:: AzureADv2GetAzureADLicenseSKUs

Returns a list of Azure Active Directory license Stock Keeping Units (SKUs) which the connected Azure AD is subscribed to. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.

Parameters

Name	Key	Required	Type	Description
Expand property	ExpandProperty		string	An optional license property to expand and include in the output. If you expand 'PrepaidUnits', license information including the total number of enabled licenses will be included in the output. If you expand 'ServicePlans', each individual service plan within a Sku will be returned as a separate output line item. You can only expand one property at a time.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
License SKU JSON	LicenseSKUJSONOutput	string	The list of subscribed Stock Keeping Units, in JSON format.
Count of SKUs found	CountOfSKUsFound	integer	The number of Azure AD subscribed Stock Keeping Units (SKUs).

Get Azure AD user admin role assignments

Operation ID:: AzureADv2GetAzureADUserRoleAssignments

Returns a list of Azure Active Directory admin roles the specified user is assigned to. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.

Parameters

Name	Key	Required	Type	Description
User object Id or UPN	ObjectId	True	string	The Id of an Azure Active Directory user. You can specify a user by UPN (e.g. user@mydomain.onmicrosoft.com) or ObjectId (e.g. UUID/GUID value).
Retrieve admin role names	RetrieveAdminRoleNames		boolean	If set to true, the IA-Connect Agent will retrieve the names of each role in addition to the role Ids. This takes longer, but provides more readable information. If set to false, the IA-Connect Agent will not retrieve role names.
Return assignment Ids	ReturnAssignmentIds		boolean	If set to true, the IA-Connect Agent will retrieve the assignment Ids for each role assignment. Assignment Ids are only needed if you intend to perform some custom actions on the role assignment (instead of using built-in IA-Connect actions).
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Role assignments JSON	PowerShellJSONOutput	string	The list of Azure AD admin roles the user is assigned to, in JSON format.
Count of role assignments found	CountOfRoleAssignmentsFound	integer	The number of Azure AD admin roles the user is assigned to.

Get Azure AD user group membership

Operation ID:: AzureADv2GetAzureADUserGroupMembership

Returns a list of Azure Active Directory groups the specified user is a member of. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.

Parameters

Name	Key	Required	Type	Description
User object Id or UPN	ObjectId	True	string	The Id of an Azure Active Directory user. You can specify a user by UPN (e.g. user@mydomain.onmicrosoft.com) or ObjectId (e.g. UUID/GUID value).
Properties to return	PropertiesToReturn		string	A comma separated list (CSV) of all group properties to return (retrieve). If blank (the default), IA-Connect will return all group properties.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Group membership JSON	PowerShellJSONOutput	string	The list of Azure AD groups the user is a member of, in JSON format.
Count of groups found	CountOfGroupsFound	integer	The number of Azure AD groups the user is a member of.

Get Azure AD user license service plans

Operation ID:: AzureADv2GetAzureADUserLicenseServicePlans

Retrieves a list of licenses plans assigned to a specified Azure AD user license (SKU). For example: If the user has the FLOW_FREE license assigned, this will allow you to view which service plans they have provisioned to that license. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.

Parameters

Name	Key	Required	Type	Description
User object Id or UPN	ObjectId	True	string	The Id of an Azure Active Directory user. You can specify a user by UPN (e.g. user@mydomain.onmicrosoft.com) or ObjectId (e.g. UUID/GUID value).
License SKU part number	LicenseSKUPartNumber	True	string	The part number of the license SKU. For example: FLOW_FREE or SPE_E3.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
User license SKU service plans JSON	UserLicenseSKUServicePlansJSONOutput	string	The list of service plans assigned to the specified Azure AD license SKU assigned to the user, in JSON format.
Count of license SKU service plans found	CountOfUserLicenseSKUServicePlansFound	integer	The number of Azure AD service plans assigned to the specified license SKU assigned to the user.

Get Azure AD user licenses

Operation ID:: AzureADv2GetAzureADUserLicenses

Retrieves a list of licenses (SKU) assigned to a Azure AD user. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.

Parameters

Name	Key	Required	Type	Description
User object Id or UPN	ObjectId	True	string	The Id of an Azure Active Directory user. You can specify a user by UPN (e.g. user@mydomain.onmicrosoft.com) or ObjectId (e.g. UUID/GUID value).
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
User license SKU JSON	UserLicenseSKUJSONOutput	string	The list of Azure AD license SKUs assigned to the user, in JSON format.
Count of user license SKUs found	CountOfUserLicenseSKUsFound	integer	The number of Azure AD license SKUs assigned to the user.

Get Azure AD users

Operation ID:: AzureADv2GetAzureADUsers

Returns the details of users in Azure Active Directory (also known as Microsoft Entra ID, Azure AD or AAD). You can search by object Id or using a filter. An object Id search should return 0 or 1 results. A filter search could return 0 or more results. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.

Parameters

Name	Key	Required	Type	Description
User object Id or UPN	ObjectId		string	The object Id of an Azure Active Directory user to search for. You can specify a user by UPN (e.g. user@mydomain.onmicrosoft.com) or ObjectId (e.g. UUID/GUID value).
Filter property name	FilterPropertyName		string	As an alternative to searching by user object Id, provide the name of the property to filter the users by. Common property names are: UserPrincipalName and DisplayName. If using a filter, you also need to populate the 'Filter property comparison' and 'Filter property value' fields.
Filter property comparison	FilterPropertyComparison		string	If searching by filter as an alternative to searching by user object Id, enter the type of comparison here (for example: If the filter property name is 'UserPrincipalName', the comparison could be 'equals' or 'starts with'). If you wish to enter a raw filter (in ODATA 3 format), choose a comparison type of 'Raw: Enter filter manually' and enter the full filter in the 'Filter property value' field.
Filter property value	FilterPropertyValue		string	If searching by filter as an alternative to searching by user object Id, enter the value of the filter property here (for example: If the filter property name is 'UserPrincipalName', the filter property value might be 'JohnDoe@mydomain.com').
Is no result an exception	NoResultIsAnException		boolean	Set to true to raise an exception if no users are found. Set to false to simply report a count of 0 if no mailboxes are found. Note the 'false' option may not work when used with Identity in non-English languages so consider searching using filters instead.
Properties to return	PropertiesToReturn		string	A comma separated list of user properties to return (retrieve). Common properties include: AccountEnabled, City, CompanyName, Country, Department, DisplayName, GivenName, JobTitle, PostalCode, State, StreetAddress, Surname, UserPrincipalName. If you leave this field blank, a default set of properties are retrieved. If you specify properties to retrieved, only those properties will be retrieved. Has no effect if using the Azure AD v2 PowerShell modules.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Search results JSON	PowerShellJSONOutput	string	A list of users which match the search filter, in JSON format.
Count of users found	CountOfUsersFound	integer	The number of users found which match the search object Id, UPN or filter.

Get Microsoft Exchange distribution group members

Operation ID:: ExchangeGetDistributionGroupMembers

Retrieve a list of the members of a Microsoft Exchange Distribution group.

Parameters

Name	Key	Required	Type	Description
Distribution group identity	Identity	True	string	The identity of the distribution group to search for. You can specify a distribution group by Name, Alias, Distinguished Name (e.g. CN=MyGroup,OU=My Groups,DC=mydomain,DC=local), Email address or GUID.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Distribution group members	DistributionGroupMembersJSON	string	A list of members of the Exchange Distribution group, in JSON format.
Count of distribution groups members	CountOfDistributionGroupsMembers	integer	The number of members of the Microsoft Exchange distribution group.

Get next available account name

Operation ID:: JMLGetNextAvailableAccountName

Given details regarding the naming format for Active Directory and Exchange account names, provides the details of the next available spare account name. Used to determine which Active Directory and Exchange account to create for a given user. This action does not create any accounts, it provides information regarding name availability.

Parameters

Name	Key	Required	Type	Description
First name	FirstName		string	The user's first name. Leave blank if a user's first name is not used to construct account names (rare).
Middle name	MiddleName		string	The user's middle name (optional). Leave blank if a user's middle name is not used to construct account names.
Last name	LastName		string	The user's last / family / sur name. Leave blank if a user's last name is not used to construct account names.
Field A	FieldA		string	An additional field used to construct account names. Leave blank if no additional fields are required to construct an account name.
Field B	FieldB		string	An additional field used to construct account names. Leave blank if no additional fields are required to construct an account name.
Field C	FieldC		string	An additional field used to construct account names. Leave blank if no additional fields are required to construct an account name.
Field D	FieldD		string	An additional field used to construct account names. Leave blank if no additional fields are required to construct an account name.
M start value	VariableMStartValue		integer	Optionally allows you to set the initial value for the {M} variable which can be used in the property format to represent a variable which increases with each iteration.
N start value	VariableNStartValue		integer	Optionally allows you to set the initial value for the {N} variable which can be used in the property format to represent a variable which increases with each iteration.
X start value	VariableXStartValue		integer	Optionally allows you to set the initial value for the {X} variable which can be used in the property format to represent a variable which increases with each iteration.
Maximum attempts	MaxAttempts		integer	The maximum number of attempts (trying different values) before IA-Connect gives up trying to find an available account.
Fallback causes retest	FallbackCausesRetest		boolean	If set to true: If any availability check for any rule requires falling back to a different format, tests will re-start from the top of the list to ensure that all properties use the same format (e.g. primary, primary, primary or fallback, fallback, fallback). This keeps the results in sync and is the recommended value. Only set to false if you know exactly what you are doing.
List of numbers not to use	NumbersNotToUse		string	A comma separated list of numbers not to use for values of M, N or X. For example: '13, 666'.
Characters to remove from inputs	CharactersToRemoveFromInputs		string	A string containing all of the characters you wish to remove from the inputs (for example if a user's name contains invalid characters). For example: !@&?^*.
Remove diacritics from inputs	RemoveDiacriticsFromInputs		boolean	If set to true, IA-Connect will attempt to remove all diacritics from the input fields, replacing characters with a diacritic with the same character minus the diacritic. For example: replacing 'acute accented a' with 'a'. In scenarios where there is no direct mapping to a simple character, the character is removed. For example: The German sharp S is removed.
Remove non alphanumeric from inputs	RemoveNonAlphaNumericFromInputs		boolean	If set to true, IA-Connect will remove all non-alphanumeric characters from the input fields.
Sequence A1	SequenceA1		string	A comma separated list of strings to use for the {A1} variable which can be used in the property format to represent a value which changes with each attempt to find an available account. For example: If you specify 'A,B,C,D,E,F' for this value, the format '{FirstName}{A1}' would check the availability of {FirstName}A followed by {FirstName}B etc.
Property	PropertyToCheck		string	Which account property to check for availability
Format	PropertyNameFormat		string	The format for the value of this property. For example: {FirstName}.{LastName} or {FirstName first 1}.{LastName}
Format fallback	PropertyNameFallbackFormat		string	The fallback format for the value of this property if the value is already taken. For example: {FirstName}.{LastName}{NN} or {FirstName first 1}.{LastName}{NN}
Format second fallback	PropertyNameFallbackFormat2		string	The second fallback format for the value of this property if the value and first fallback is already taken. For example: {FirstName}.{LastName}{NN} or {FirstName first 1}.{LastName}{NN}
Value max length	PropertyNameMaxLength		integer	The maximum length for the value of this field before something has to be cut
Field to cut if max length	PropertyNameMaxLengthFieldToCut		string	If the maximum length for the value of this field is exceeded, which input should be cut. For example: Choose LastName if you want to cut from the Last name / family name / surname to shorten the property value.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
AD User SAMAccountName	ActiveDirectorySAMAccountName	string	The available Active Directory user SAMAccountName (if it was one of the properties to check for availability).
AD User account name	ActiveDirectoryAccountName	string	The available Active Directory user account name (if it was one of the properties to check for availability).
AD User Principal Name	ActiveDirectoryUPN	string	The available Active Directory User Principal Name (if it was one of the properties to check for availability).
AD User Email Address	ActiveDirectoryEmailAddress	string	The available Active Directory Email Address (if it was one of the properties to check for availability).
Exchange mailbox email address	ExchangeMailboxAddress	string	The available Exchange email mailbox address (if it was one of the properties to check for availability).
Exchange mailbox alias	ExchangeMailboxAlias	string	The available Exchange mailbox alias (if it was one of the properties to check for availability).
Exchange remote mailbox address	ExchangeRemoteMailboxAddress	string	The available Exchange remote mailbox address (if it was one of the properties to check for availability).
Azure AD User Principal Name	AzureADUPN	string	The available Azure Active Directory User Principal Name (if it was one of the properties to check for availability).
Office 365 User Principal Name	Office365UPN	string	The available Office 365 User Principal Name (if it was one of the properties to check for availability).
Office 365 mailbox email address	Office365MailboxEmailAddress	string	The available Office 365 email mailbox address (if it was one of the properties to check for availability).
M final value	MValue	integer	The final value of the variable M, if it was used.
N final value	NValue	integer	The final value of the variable N, if it was used.
X final value	XValue	integer	The final value of the variable X, if it was used.
Format index used	FormatIndexUsed	integer	The index of the format that was used to match properties. 1 = Primary format, 2 = Fallback format, 3 = Second fallback format. This lets you know if your initial format resulted in an available account or if IA-Connect had to fallback to a different supplied format.

Get Office 365 distribution group

Operation ID:: O365GetO365DistributionGroup

Returns the properties of the specified Microsoft Exchange Online or Office 365 distribution groups or mail-enabled security groups. You can search by Identity or using a filter. An Identity search should return 0 or 1 results. A filter search could return 0 or more results.

Parameters

Name	Key	Required	Type	Description
Distribution group identity	Identity		string	The identity of the distribution group or mail-enabled security group. You can specify a distribution group by Name, Alias, Distinguished Name (e.g. CN=MyGroup,OU=My Groups,DC=mydomain,DC=local), Email address or GUID.
Filter property name	FilterPropertyName		string	As an alternative to searching by identity, provide the name of the property to filter the distribution groups by. Common property names are: DisplayName, Name, GroupType, PrimarySMTPAddress. If using a filter, you also need to populate the 'Filter property comparison' and 'Filter property value' fields.
Filter property comparison	FilterPropertyComparison		string	If searching by filter as an alternative to searching by identity, enter the type of comparison here (for example: If the filter property name is 'Alias', the comparison could be 'equals' or 'like'). If you wish to enter a raw filter (in OPATH format), choose a comparison type of 'Raw: Enter filter manually' and enter the full filter in the 'Filter property value' field.
Filter property value	FilterPropertyValue		string	If searching by filter as an alternative to searching by identity, enter the value of the filter property here (for example: If the filter property name is 'Alias', the filter property value might be 'JohnDoe').
Is no result an exception	NoResultIsAnException		boolean	Set to true to raise an exception if no distribution groups are found. Set to false to simply report a count of 0 if no distribution groups are found. Note the 'false' option may not work when used with Identity in non-English languages so consider searching using filters instead.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Search results JSON	PowerShellJSONOutput	string	The output of the PowerShell script, formatted as JSON.
Count of groups found	CountOfGroupsFound	integer	The number of distribution groups or mail-enabled security groups which match the search identity. Usually 1.

Get Office 365 distribution group members

Operation ID:: O365GetDistributionGroupMembers

Retrieve a list of the members of a Microsoft Exchange Online or Office 365 distribution group or mail-enabled security group.

Parameters

Name	Key	Required	Type	Description
Distribution group identity	GroupIdentity	True	string	The identity of the distribution group to search for. You can specify a distribution group by Name, Alias, Distinguished Name (e.g. CN=MyGroup,OU=My Groups,DC=mydomain,DC=local), Email address or GUID.
Properties to retrieve	PropertiesToRetrieveJSON		string	A list of member properties to retrieve, in JSON or CSV format. For example: ["Identity", "DistinguishedName"] (JSON array format), or "Identity","DistinguishedName" (CSV format). Common member properties include: Alias, DisplayName, DistinguishedName, Identity, Name, PrimarySMTPAddress, RecipientType and SamAccountName. If you leave this field blank, a default set of properties are retrieved.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Distribution group members	O365DistributionGroupMembersJSON	string	A list of members of the Microsoft Exchange Online or Office 365 distribution group or mail-enabled security group, in JSON format.
Count of distribution groups members	O365CountOfDistributionGroupsMembers	integer	The number of members of the Microsoft Exchange Online or Office 365 distribution group or mail-enabled security group.

Get Office 365 mailbox

Operation ID:: O365GetO365Mailbox

Returns the properties of the specified Microsoft Exchange Online or Office 365 mailbox.

Parameters

Name	Key	Required	Type	Description
Mailbox identity	Identity		string	The Id of a Microsoft Exchange Online or Office 365 mailbox. You can specify a mailbox by Name, Alias, Object Id (e.g. UUID/GUID value), Email address, GUID, SAMAccountName (even users in non Active Directory connected environments have a SAMAccountName) or User Principal Name (UPN).
Filter property name	FilterPropertyName		string	As an alternative to searching by identity, provide the name of the property to filter the mailboxes by. Common property names are: Name, Alias, PrimarySMTPAddress, DisplayName, SamAccountName. If using a filter, you also need to populate the 'Filter property comparison' and 'Filter property value' fields.
Filter property comparison	FilterPropertyComparison		string	If searching by filter as an alternative to searching by identity, enter the type of comparison here (for example: If the filter property name is 'Alias', the comparison could be 'equals' or 'like'). If you wish to enter a raw filter (in OPATH format), choose a comparison type of 'Raw: Enter filter manually' and enter the full filter in the 'Filter property value' field.
Filter property value	FilterPropertyValue		string	If searching by filter as an alternative to searching by identity, enter the value of the filter property here (for example: If the filter property name is 'Alias', the filter property value might be 'JohnDoe').
Recipient type details	RecipientTypeDetails		string	The type of mailbox to search for. If this field is left blank, all types of mailbox will be included in the search.
Is no result an exception	NoResultIsAnException		boolean	Set to true to raise an exception if no mailboxes are found. Set to false to simply report a count of 0 if no mailboxes are found. Note the 'false' option may not work when used with Identity in non-English languages so consider searching using filters instead.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Search results JSON	PowerShellJSONOutput	string	A list of mailboxes (and their properties) which match the search identity, in JSON format.
Count of mailboxes found	CountOfMailboxesFound	integer	The number of mailboxes found which match the search identity. Usually 1.

Is Azure AD PowerShell module installed

Operation ID:: IsAzureADv2PowerShellModuleInstalled

Reports if the PowerShell modules required for Azure Active Directory (also known as Microsoft Entra ID, Azure AD or AAD) are installed on the computer where the IA-Connect Agent is running. This action checks for the Azure AD v2 and Microsoft Graph Users PowerShell modules.

Parameters

Name	Key	Required	Type	Description
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Azure AD v2 PowerShell module is installed	AzureADv2PowerShellModuleInstalled	boolean	Set to true if the Azure AD v2 PowerShell module (AzureAD) is installed.
Microsoft Graph Users PowerShell module is installed	MSGraphUsersPowerShellModuleInstalled	boolean	Set to true if the Microsoft Graph Users PowerShell modules (Microsoft.Graph.Users and Microsoft.Graph.Authentication) is installed.

Is Azure AD user assigned to admin role

Operation ID:: AzureADv2IsUserInRole

Returns whether an Azure Active Directory user is assigned to an Azure Active Directory admin role. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.

Parameters

Name	Key	Required	Type	Description
User object Id or UPN	UserObjectId	True	string	The Id of an Azure Active Directory user. You can specify a user by UPN (e.g. user@mydomain.onmicrosoft.com) or ObjectId (e.g. UUID/GUID value).
Role object Id or display name	RoleObjectId	True	string	The Id or display name of an Azure Active Directory admin role. You can specify an AAD admin role by Display Name (e.g. "Application Developer") or ObjectId (e.g. UUID/GUID value).
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
User is assigned to role	UserIsAssignedToRole	boolean	Whether the user is assigned to the Azure Active Directory admin role.

Is connected to Active Directory

Operation ID:: IsActiveDirectoryPowerShellRunspaceOpen

Reports if IA-Connect is connected to Active Directory. By default, IA-Connect is automatically connected to the Domain the computer running the IA-Connect Agent is a member of, using the account the IA-Connect Agent is running as. Use the action 'Connect to Active Directory with credentials' to connect using alternative credentials or to an alternative domain.

Parameters

Name	Key	Required	Type	Description
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Connected to Active Directory	ActiveDirectoryRunspaceOpen	boolean	Set to true if IA-Connect is connected to Active Directory. This should always return true since IA-Connect is automatically connected to the domain the computer running the Agent is a member of.
Local passthrough connection	ActiveDirectoryLocalPassthroughRunspace	boolean	Set to true if IA-Connect is connected to the Domain the computer running the IA-Connect Agent is a member of, using the account the IA-Connect Agent is running as.
Active Directory server	ActiveDirectoryServer	string	The Active Directory server connected to. If blank, IA-Connect is using the default Active Directory Domain Controller for the computer running the Agent, based on AD site settings.
Active Directory DNS domain	ActiveDirectoryDNSDomain	string	The Active Directory DNS domain for the Domain IA-Connect is connected to. If blank, IA-Connect is using the default Active Directory Domain for the computer running the Agent. For example: mydomain.local.
Active Directory domain DN	ActiveDirectoryDomainDN	string	The Active Directory domain DN for the Domain IA-Connect is connected to. If blank, IA-Connect is using the default Active Directory Domain for the computer running the Agent. For example: DC=mydomain,DC=local.
Authenticated username	AuthenticatedUsername	string	The authenticated username IA-Connect is using for the connection to Active Directory. If blank, IA-Connect is using the account the IA-Connect Agent is running as.

Is connected to Azure AD

Operation ID:: IsAzureADv2PowerShellRunspaceOpen

Reports if IA-Connect is connected to Azure Active Directory (also known as Microsoft Entra ID, Azure AD or AAD). Use one of the 'Connect to Azure AD' actions to connect.

Parameters

Name	Key	Required	Type	Description
Retrieve PowerShell runspace process Id	RetrievePowerShellRunSpacePID		boolean	If set to true: The IA-Connect Agent will retrieve information regarding the process Id of the process hosting the PowerShell runspace. This information will be provided in the outputs 'PowerShell runspace process Id' and 'Is Agent hosting PowerShell runspace'.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Azure AD PowerShell runspace is open	AzureADv2RunspaceOpen	boolean	Set to true if IA-Connect is connected to Azure AD. This could be using the Azure AD v2 or Microsoft Graph Users PowerShell modules.
Azure AD API	AzureADAPI	string	The name of the Azure AD API being used. This is set to 'AzureADv2' if using the Azure AD v2 PowerShell module, or 'MSGraphUsersPS' if using the Microsoft Graph Users PowerShell module.
PowerShell runspace process Id	PowerShellRunspacePID	integer	The PowerShell runspace process Id (PID). If the IA-Connect Agent is hosting the PowerShell runspace, this value will be the PID of the IA-Connect Agent. If the PowerShell runspace is isolated, this value will be the PID of the isolation process.
Is Agent hosting PowerShell runspace	IsAgentHostingPowerShellRunSpace	boolean	Returns true, if the IA-Connect Agent is hosting the PowerShell runspace (i.e. if the 'PowerShell runspace process Id' is the Agent PID).

Is connected to Microsoft Exchange

Operation ID:: IsExchangePowerShellRunspaceOpen

Reports if IA-Connect is connected to a Microsoft Exchange server. Use the action 'Connect to Microsoft Exchange' to connect.

Parameters

Name	Key	Required	Type	Description
Test communications	TestCommunications		boolean	If set to false: IA-Connect will not issue a test command to confirm the Exchange server connection is functional and will rely on the last-known state. If set to true (the default): IA-Connect will issue a test command to confirm the Exchange server connection is functional.
Retrieve PowerShell runspace process Id	RetrievePowerShellRunSpacePID		boolean	If set to true: The IA-Connect Agent will retrieve information regarding the process Id of the process hosting the PowerShell runspace. This information will be provided in the outputs 'PowerShell runspace process Id' and 'Is Agent hosting PowerShell runspace'.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Connected to Microsoft Exchange	ExchangeRunspaceOpen	boolean	Set to true if IA-Connect is connected to Microsoft Exchange.
Exchange connection method	ExchangeConnectionMethod	string	Holds the current Exchange connection method: Local or Remote.
PowerShell runspace process Id	PowerShellRunspacePID	integer	The PowerShell runspace process Id (PID). If the IA-Connect Agent is hosting the PowerShell runspace, this value will be the PID of the IA-Connect Agent. If the PowerShell runspace is isolated, this value will be the PID of the isolation process.
Is Agent hosting PowerShell runspace	IsAgentHostingPowerShellRunSpace	boolean	Returns true, if the IA-Connect Agent is hosting the PowerShell runspace (i.e. if the 'PowerShell runspace process Id' is the Agent PID).

Is connected to Office 365

Operation ID:: IsO365PowerShellRunspaceOpen

Reports if IA-Connect is connected to Office 365 using the Office 365 PowerShell modules. Use the action 'Connect to Office 365' to connect.

Parameters

Name	Key	Required	Type	Description
Test communications	TestCommunications		boolean	If set to false: IA-Connect will not issue a test command to confirm the Office 365 Exchange Online connection is functional and will rely on the last-known state. If set to true (the default): IA-Connect will issue a test command to confirm the Office 365 Exchange Online connection is functional.
Retrieve PowerShell runspace process Id	RetrievePowerShellRunSpacePID		boolean	If set to true: The IA-Connect Agent will retrieve information regarding the process Id of the process hosting the PowerShell runspace. This information will be provided in the outputs 'PowerShell runspace process Id' and 'Is Agent hosting PowerShell runspace'.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Connected to Office 365	O365RunspaceOpen	boolean	Set to true if IA-Connect is connected to Office 365 using the Office 365 PowerShell modules.
Office 365 connection method	Office365ConnectionMethod	string	Holds the current Office 365 connection method: EXOV1 or EXOV2.
PowerShell runspace process Id	PowerShellRunspacePID	integer	The PowerShell runspace process Id (PID). If the IA-Connect Agent is hosting the PowerShell runspace, this value will be the PID of the IA-Connect Agent. If the PowerShell runspace is isolated, this value will be the PID of the isolation process.
Is Agent hosting PowerShell runspace	IsAgentHostingPowerShellRunSpace	boolean	Returns true, if the IA-Connect Agent is hosting the PowerShell runspace (i.e. if the 'PowerShell runspace process Id' is the Agent PID).

Is user in Azure AD user group

Operation ID:: AzureADv2IsUserInAzureADUserGroup

Returns whether a user is a member of an Azure Active Directory group. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.

Parameters

Name	Key	Required	Type	Description
User object Id or UPN	ObjectId	True	string	The Id of an Azure Active Directory user. You can specify a user by UPN (e.g. user@mydomain.onmicrosoft.com) or ObjectId (e.g. UUID/GUID value).
Group object Id or display name	GroupObjectId	True	string	The Id or display name of an Azure Active Directory group. You can specify a group by Display Name (e.g. "Finance users") or ObjectId (e.g. UUID/GUID value).
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
User is in group	UserIsInGroup	boolean	Whether the user is a member of the Azure AD group.

Modify a Microsoft Exchange mailbox email addresses

Operation ID:: ExchangeSetMailboxEmailAddresses

Modify the email addresses on a Microsoft Exchange mailbox. You can add, remove and replace primary and alias email addresses.

Parameters

Name	Key	Required	Type	Description
Mailbox identity	Identity	True	string	The identity of the Microsoft Exchange mailbox. You can specify a mailbox by Name, Alias, Distinguished Name (e.g. CN=User1,OU=My Users,DC=mydomain,DC=local), DOMAIN\username, Email address, GUID, SAMAccountName or User Principal Name (UPN).
Alias	Alias		string	The Exchange alias (also known as mail nickname) for the user. If the email address policy is enabled, this will be used to generate the name component of the Primary SMTP email address (e.g. alias@mydomain.com). If the email address policy is not enabled, you may wish to set the primary SMTP address instead. Leave blank if you don't want to change the current value.
Primary SMTP address	PrimarySmtpAddress		string	The primary return email address that is used for the recipient. You are unlikely to be able to set this if the 'Email address policy' is enabled so either use 'Alias' instead (and the policy will create the Primary SMTP address from the alias) or disable the email address policy. Leave blank if you don't want to change the current value.
Email address policy enabled	EmailAddressPolicyEnabled		boolean	Set to true if you want to automatically update email addresses based on the email address policy applied to this recipient. If the email address policy is enabled, this generally will impact your ability to set the primary SMTP address. Set to false to disable the feature, giving you full control to manually setting email addresses. Leave blank if you don't want to set this option (i.e. leave at the existing or default value).
Email addresses to add	EmailAddressesToAddList		array of string	A list of additional (non-primary) email addresses to assign to the mailbox.
Replace email addresses	ReplaceEmailAddresses		boolean	Set to true if you want the supplied list of email addresses to replace all existing email addresses (not including the Primary SMTP address). Set to false if you want the supplied list of email addresses to add to any existing addresses.
Email addresses to remove	EmailAddressesToRemoveList		array of string	A list of additional (non-primary) email addresses to remove from the mailbox (if they are present). This only has a purpose if 'Replace email addresses' is set to false or if you aren't adding any email addresses.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Mailbox Email addresses	MailboxEmailAddresses	array of string	The mailbox email addresses after the modify action was performed. The primary SMTP email address will appear as SMTP:emailaddress, secondary (proxy) SMTP email addresses will appear as smtp:emailaddress, X.400 email addresses will appear as x400:address and Exchange Unified Messaging (EUM) addresses as eum:address.

Modify a Microsoft Exchange Online mailbox email addresses

Operation ID:: ExchangeSetRemoteMailboxEmailAddresses

Modify the email addresses on an existing Microsoft Exchange Online or Office 365 (remote) mailbox. You can add, remove and replace primary and alias email addresses. The request is sent via your on-premises Microsoft Exchange server which must be setup for a hybrid deployment.

Parameters

Name	Key	Required	Type	Description
Mailbox identity	Identity	True	string	The identity of the Microsoft Exchange Online or Office 365 (remote) mailbox. You can specify a Microsoft Exchange Online or Office 365 (remote) mailbox by Active Directory object Id, Alias, Distinguished Name (e.g. CN=User1,OU=My Users,DC=mydomain,DC=local), DOMAIN\username, Email address, GUID or User Principal Name (UPN).
Alias	Alias		string	The Exchange alias (also known as mail nickname) for the user. If the email address policy is enabled, this will be used to generate the name component of the Primary SMTP email address (e.g. alias@mydomain.com). If the email address policy is not enabled, you may wish to set the primary SMTP address instead. Leave blank if you don't want to change the current value.
Primary SMTP address	PrimarySmtpAddress		string	The primary return email address that is used for the recipient. You are unlikely to be able to set this if the 'Email address policy' is enabled so either use 'Alias' instead (and the policy will create the Primary SMTP address from the alias) or disable the email address policy. Leave blank if you don't want to change the current value.
Email address policy enabled	EmailAddressPolicyEnabled		boolean	Set to true if you want to automatically update email addresses based on the email address policy applied to this recipient. If the email address policy is enabled, this generally will impact your ability to set the primary SMTP address. Set to false to disable the feature, giving you full control to manually setting email addresses. Leave blank if you don't want to set this option (i.e. leave at the existing or default value).
Email addresses to add	EmailAddressesToAddList		array of string	A list of additional (non-primary) email addresses to assign to the mailbox.
Replace email addresses	ReplaceEmailAddresses		boolean	Set to true if you want the supplied list of email addresses to replace all existing email addresses (not including the Primary SMTP address). Set to false if you want the supplied list of email addresses to add to any existing addresses.
Email addresses to remove	EmailAddressesToRemoveList		array of string	A list of additional (non-primary) email addresses to remove from the mailbox (if they are present). This only has a purpose if 'Replace email addresses' is set to false or if you aren't adding any email addresses.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Mailbox Email addresses	MailboxEmailAddresses	array of string	The mailbox email addresses after the modify action was performed. The primary SMTP email address will appear as SMTP:emailaddress, secondary (proxy) SMTP email addresses will appear as smtp:emailaddress, X.400 email addresses will appear as x400:address and Exchange Unified Messaging (EUM) addresses as eum:address.

Modify Active Directory common user properties

Operation ID:: ActiveDirectoryModifyADUserProperties

Modify common properties of an Active Directory user. You can only assign values to properties, not set them to blank. To set properties to blank, use the action 'Modify Active Directory user string properties'.

Parameters

Name	Key	Required	Type	Description
User identity	UserIdentity	True	string	The identity of the Active Directory user. You can specify a user by Distinguished Name (e.g. CN=User1,OU=My Users,DC=mydomain,DC=local), GUID, SID, SAMAccountName / pre-2K name (e.g. 'User1') or Name (e.g. 'User1').
City	City		string	The user's 'City' property (in the 'Address' tab in AD users and computers).
Company	Company		string	The user's 'Company' property (in the 'Organization' tab in AD users and computers).
Country code	Country		string	The user's 'Country' property (in the 'Address' tab in AD users and computers). This must be a two character country code (e.g. GB for United Kingdom, US for United States, FR for France, ES for Spain, JP for Japan). This maps to the 'c' property in the Active Directory schema. IA-Connect will not automatically map 'Country code' to 'Country string' and 'Country ISO 3166 value' so you will need to use a lookup table.
Country string	CountryString		string	The full name of the user's 'Country' property (in the 'Address' tab in AD users and computers). This the the full localized display string (e.g. 'United Kingdom', 'United States', 'France', 'Spain' or 'Japan'). This maps to the 'co' property in the Active Directory schema. IA-Connect will not automatically map 'Country string' to 'Country code' and 'Country ISO 3166 value' so you will need to use a lookup table.
Country ISO 3166 value	CountryISO3166		string	The ISO3166 code for the user's 'Country' property (in the 'Address' tab in AD users and computers). This is a 3 digit integer value (e.g. 826 for United Kingdom, 840 for United States, 250 for France, 724 for Spain, 392 for Japan). This maps to the 'countryCode' property in the Active Directory schema. IA-Connect will not automatically map 'Country ISO 3166 value' to 'Country code' and 'Country string' so you will need to use a lookup table.
Department	Department		string	The user's 'Department' property (in the 'Organization' tab in AD users and computers).
Description	Description		string	The user's 'Description' property (in the 'General' tab in AD users and computers).
Display name	DisplayName		string	The user's display name (in the 'General' tab in AD users and computers).
Email address	EmailAddress		string	The user's 'E-mail' property (in the 'General' tab in AD users and computers).
First name	GivenName		string	The user's first name (in the 'General' tab in AD users and computers).
Home phone number	HomePhone		string	The user's 'Home' phone number property (in the 'Telephones' tab in AD users and computers).
Initials	Initials		string	The user's initials (in the 'General' tab in AD users and computers).
IP phone number	IPPhone		string	The user's 'IP phone' property (in the 'Telephones' tab in AD users and computers).
Manager	Manager		string	The user's Manager property (in the 'Organization' tab in AD users and computers). You can specify a Manager in Distinguished Name format (e.g. CN=MrBig,OU=London,DC=mydomain,DC=local), GUID format, SID or SAMAccountName (e.g. 'MrBig').
Mobile phone number	MobilePhone		string	The user's 'Mobile' phone number property (in the 'Telephones' tab in AD users and computers).
Notes	Notes		string	The user's 'Notes' property (in the 'Telephones' tab in AD users and computers). This maps to the 'info' property in the Active Directory schema.
Office	Office		string	The user's 'Office' property (in the 'General' tab in AD users and computers).
Telephone number (Office)	OfficePhone		string	The user's 'Telephone number' property (in the 'General' tab in AD users and computers).
Postal code / Zip code	PostalCode		string	The user's 'Zip/Postal Code' property (in the 'Address' tab in AD users and computers).
Profile path	ProfilePath		string	The user's 'Profile path' property (in the 'Profile' tab in AD users and computers).
Logon script	ScriptPath		string	The user's 'Logon script' property (in the 'Profile' tab in AD users and computers).
State / province	State		string	The user's 'State / province' property (in the 'Address' tab in AD users and computers).
Street address	StreetAddress		string	The user's 'Street address' property (in the 'Address' tab in AD users and computers).
Last name	Surname		string	The user's 'Last name' property (in the 'General' tab in AD users and computers).
Job title	Title		string	The user's 'Job title' property (in the 'Organization' tab in AD users and computers).
AD server	ADServer		string	The optional name or Fully Qualified Domain Name (FQDN) of an Active Directory Domain Controller (DC) to contact to perform the requested action. If left blank, the Active Directory Domain Controller (DC) is automatically determined using site settings.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	ActiveDirectoryModifyADUserPropertiesResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Modify Active Directory user boolean property

Operation ID:: ActiveDirectoryModifyADUserBooleanPropertyByIdentity

Modify an individual boolean (true / false) property of an Active Directory user. This allows you to modify a very specific user setting, including custom properties.

Parameters

Name	Key	Required	Type	Description
User identity	UserIdentity	True	string	The identity of the Active Directory user. You can specify a user by Distinguished Name (e.g. CN=User1,OU=My Users,DC=mydomain,DC=local), GUID, SID, SAMAccountName / pre-2K name (e.g. 'User1') or Name (e.g. 'User1').
Property name	PropertyName	True	string	The name of the individual user property to modify. Common boolean properties are: enabled, mTSAllowLogon, msExchHideFromAddressLists.
Property value	PropertyValue		boolean	The true / false value to assign to the specified property. If you need to set the value to null, use the action 'Modify Active Directory user string properties' instead, with a blank properties value, and setting 'Replace value' to 'Yes'.
AD server	ADServer		string	The optional name or Fully Qualified Domain Name (FQDN) of an Active Directory Domain Controller (DC) to contact to perform the requested action. If left blank, the Active Directory Domain Controller (DC) is automatically determined using site settings.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	ActiveDirectoryModifyADUserBooleanPropertyByIdentityResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Modify Active Directory user home folder

Operation ID:: ActiveDirectorySetADUserHomeFolderByIdentity

Sets the home folder / directory / drive for an Active Directory user.

Parameters

Name	Key	Required	Type	Description
User identity	UserIdentity	True	string	The identity of the Active Directory user. You can specify a user by Distinguished Name (e.g. CN=User1,OU=My Users,DC=mydomain,DC=local), GUID, SID, SAMAccountName / pre-2K name (e.g. 'User1') or Name (e.g. 'User1').
Home drive	HomeDrive		string	If the home directory / folder is on a network share, specify a drive letter which will be mapped to that location. The drive letter is typically a single character between 'F' and 'Z'. If the home directory / folder is local, leave this value blank. If you are setting the home directory / folder to blank, also leave this value blank.
Home directory	HomeDirectory		string	Specify the path for the home folder / directory. If you are also specifying a home drive letter then the home drive will be mapped to this folder / directory. If you are setting the home directory / folder to blank, set this value to blank.
Create folder	CreateFolder		boolean	Set to true if you want to create the home folder / directory if it doesn't exist.
AD server	ADServer		string	The optional name or Fully Qualified Domain Name (FQDN) of an Active Directory Domain Controller (DC) to contact to perform the requested action. If left blank, the Active Directory Domain Controller (DC) is automatically determined using site settings.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	ActiveDirectorySetADUserHomeFolderByIdentityResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Modify Active Directory user string properties

Operation ID:: ActiveDirectoryModifyADUserStringPropertyByIdentity

Modify individual string property(s) of an Active Directory user. This allows you to modify very specific user settings, including custom properties. You can also set individual user properties to blank.

Parameters

Name	Key	Required	Type	Description
User identity	UserIdentity	True	string	The identity of the Active Directory user. You can specify a user by Distinguished Name (e.g. CN=User1,OU=My Users,DC=mydomain,DC=local), GUID, SID, SAMAccountName / pre-2K name (e.g. 'User1') or Name (e.g. 'User1').
Property	Property		string
Value	Value		string
AD server	ADServer		string	The optional name or Fully Qualified Domain Name (FQDN) of an Active Directory Domain Controller (DC) to contact to perform the requested action. If left blank, the Active Directory Domain Controller (DC) is automatically determined using site settings.
Replace value	ReplaceValue		boolean	Set to true to replace the values. Set to false to add the value. Adding will not work if the value already exists (this only impacts custom properties) whereas replace can be used to create a new value or replace an existing value.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	ActiveDirectoryModifyADUserStringPropertyByIdentityResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Modify Azure AD user properties

Operation ID:: AzureADv2SetAzureADUser

Modify common properties of an Azure Active Directory user. You can only assign values to properties, not set them to blank, because a blank value is interpreted as a intent to leave the value unchanged. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.

Parameters

Name	Key	Required	Type	Description
User object Id or UPN	ObjectId	True	string	The Id of an Azure Active Directory user. You can specify a user by UPN (e.g. user@mydomain.onmicrosoft.com) or ObjectId (e.g. UUID/GUID value).
First name	FirstName		string	The user's first name.
Last name	LastName		string	The user's family name / last name / surname.
Display name	DisplayName		string	The full display name for this user.
City	City		string	The name of the City the user lives in, or where their office is located.
Company name	CompanyName		string	The name of the company the user works for.
Country or region	Country		string	The Country or Region the user lives in, or where their office is located.
Department	Department		string	The name of the department the user works for within the Company.
Fax number	FaxNumber		string	The user's fax (facsimile) telephone number.
Job title	JobTitle		string	The user's job title.
Mobile phone number	MobilePhone		string	The user's mobile phone number.
Office	Office		string	The location of the office where the user works.
Telephone number	PhoneNumber		string	The user's telephone number.
ZIP or postal code	PostalCode		string	The ZIP or postal code where the user lives, or the office they work in.
Preferred language	PreferredLanguage		string	The user's preferred language. This is typically entered as a two letter language code (ISO 639-1), followed by a dash, followed by a two letter upper-case country code (ISO 3166). For example: en-US, en-GB, fr-FR, ja-JP.
State or province	State		string	The state, province or county the user lives in, or where their office located.
Street address	StreetAddress		string	The street address where the user lives, or their office street address.
Usage location	UsageLocation		string	A two letter country code (ISO 3166). Required for users that will be assigned licenses due to a legal requirement. For example: US (United States), JP (Japan), GB (United Kingdom), FR (France), IN (India). See https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes.
Age group	AgeGroup		string	The age group of the user, for parental control purposes.
Consent provided for minor	ConsentProvidedForMinor		string	If the 'Age group' is 'Minor', this field allows you to specify whether consent has been provided for the minor, for parental control purposes.
Mail nickname	MailNickName		string	The user's mail nickname.
Employee Id	EmployeeId		string	The employee Id. You might use this to uniquely distinguish between each user in your organisation.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	AzureADv2SetAzureADUserResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Move Active Directory user to OU

Operation ID:: ActiveDirectoryMoveADUserToOUByIdentity

Moves an Active Directory user to an existing Active Directory Organizational Unit (OU).

Parameters

Name	Key	Required	Type	Description
User identity	UserIdentity	True	string	The identity of the Active Directory user. You can specify a user by Distinguished Name (e.g. CN=User1,OU=My Users,DC=mydomain,DC=local), GUID, SID, SAMAccountName / pre-2K name (e.g. 'User1') or Name (e.g. 'User1').
Target path	TargetPath	True	string	The path to the target Organization Unit (OU) in Distinguished Name format (e.g. OU=Target OU,OU=London,DC=mydomain,DC=local), GUID format or as a path (e.g. MyUsers\London).
AD server	ADServer		string	The optional name or Fully Qualified Domain Name (FQDN) of an Active Directory Domain Controller (DC) to contact to perform the requested action. If left blank, the Active Directory Domain Controller (DC) is automatically determined using site settings.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	ActiveDirectoryMoveADUserToOUByIdentityResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Perform Active Directory DirSync

Operation ID:: ActiveDirectoryDirSync

Performs a synchronisation between Active Directory (on-premises) and Azure Active Directory (cloud). This command must be issued to the server with the 'DirSync' role (i.e. the computer performing the synchronisation).

Parameters

Name	Key	Required	Type	Description
Policy type	PolicyType		string	The type of synchronisation to perform. Options are 'Delta' to perform a sync of changes since the last sync (the default option) and 'Initial' to perform a full sync (do not do this unless you know exactly what you are doing).
Computer name	ComputerName		string	The server which has the 'DirSync' role (i.e. the computer performing the synchronisation).
Max retry attempts	MaxRetryAttempts		integer	If the directory sync receives a busy or time-out error, it can pause and retry. This input specifies the maximum number of retries. Set to 0 to disable retries. Be aware of potential IA-Connect action timeouts if you set this value too high.
Seconds between retries	SecondsBetweenRetries		integer	If the Agent retries a directory sync, how many seconds should there be between retries. If set to a value less than 1, the Agent ignores this input and uses a value of 1 second.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
DirSync result JSON	PowerShellJSONOutput	string	The result of the Active Directory sync operation, in JSON format.

Remove Active Directory group

Operation ID:: ActiveDirectoryRemoveADGroup

Removes a group from Active Directory. If there are objects (for example users, groups or computers) in the group, those objects will be removed as part of the group deletion.

Parameters

Name	Key	Required	Type	Description
Group identity	GroupIdentity	True	string	The identity of the Active Directory group. You can specify a group by Distinguished Name (e.g. CN=Group1,OU=My Groups,DC=mydomain,DC=local), GUID, SID, or SAMAccountName / pre-2K name (e.g. 'Group1'). You cannot use display name or group name (although group name will often be the same as pre-2K name which can be used).
Delete even if protected	DeleteEvenIfProtected		boolean	Set to true to delete the group, even if it is protected from deletion. Set to false to only delete the group if it is not protected from deletion, and raise an exception if the group is protected.
Raise exception if group does not exist	RaiseExceptionIfGroupDoesNotExist		boolean	If set to true and the group does not exist, an exception will be raised. If set to false and the group does not exist, the action will report success but the output will report that no groups were deleted.
AD server	ADServer		string	The optional name or Fully Qualified Domain Name (FQDN) of an Active Directory Domain Controller (DC) to contact to perform the requested action. If left blank, the Active Directory Domain Controller (DC) is automatically determined using site settings.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Number of groups deleted	NumberOfGroupsDeleted	integer	This output will hold the number of AD groups deleted which should be 0 or 1.

Remove Active Directory group member

Operation ID:: ActiveDirectoryRemoveADGroupMemberByGroupIdentity

Removes an Active Directory member (user, group or computer) from an Active Directory group.

Parameters

Name	Key	Required	Type	Description
Group identity	GroupIdentity		string	The identity of the Active Directory group. You can specify a group by Distinguished Name (e.g. CN=Group1,OU=My Groups,DC=mydomain,DC=local), GUID, SID, or SAMAccountName / pre-2K name (e.g. 'Group1'). You cannot use display name or group name (although group name will often be the same as pre-2K name which can be used).
Group name	GroupName		string	As an alternative to searching by identity, provide the pre-2K name (SAMAccountName) of the Active Directory group. Since the 'Group identity' input also accepts the pre-2K name, this input is now redundant, but maintained for backwards compatibility.
Group member	UserIdentity	True	string	The group member to remove. You can specify a user or group by Distinguished Name (e.g. CN=User1,OU=My Groups,DC=mydomain,DC=local), GUID, SID, or SAMAccountName / pre-2K name (e.g. 'User1'). You can specify a computer by Distinguished Name or computer name (pre-2K) followed by a $ (e.g. VM01$).
AD server	ADServer		string	The optional name or Fully Qualified Domain Name (FQDN) of an Active Directory Domain Controller (DC) to contact to perform the requested action. If left blank, the Active Directory Domain Controller (DC) is automatically determined using site settings.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	ActiveDirectoryRemoveADGroupMemberByGroupIdentityResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Remove Active Directory object from multiple groups

Operation ID:: ActiveDirectoryRemoveADUserFromMultipleADGroupsByName

Removes an Active Directory object (typically a user, group or computer) from multiple existing Active Directory groups. IA-Connect removes the object from as many groups as possible and reports on the outcome. If the object isn't a member of one or more of the specified groups, this is counted as a success.

Parameters

Name	Key	Required	Type	Description
Object identity	UserIdentity	True	string	The object (typically a user, group or computer) to remove from one or more groups. You can specify a user or group by Distinguished Name (e.g. CN=User1,OU=My Groups,DC=mydomain,DC=local), GUID, SID, or SAMAccountName / pre-2K name (e.g. 'User1'). You can specify a computer by Distinguished Name or computer name (pre-2K) followed by a $ (e.g. VM01$).
AD groups to remove	GroupNamesJSON		string	A list of the AD groups to remove the object from, in JSON or CSV format. For example: [{"GroupName": "Group 1"}, {"GroupName": "Group 2"}] (JSON table format), ["Group 1", "Group 2"] (JSON array format), or Group 1,Group 2 (CSV format). You can specify a user or group by Distinguished Name (e.g. CN=User1,OU=My Groups,DC=mydomain,DC=local), GUID, SID, or SAMAccountName / pre-2K name (e.g. 'User1'). You can specify a computer by Distinguished Name or computer name (pre-2K) followed by a $ (e.g. VM01$).
Exception if any groups fail to remove	ExceptionIfAnyGroupsFailToRemove		boolean	If set to true: An exception (failure) will be raised if any single group fails to remove (i.e. 100% success is a requirement). If no exception is raised, this action will report how many groups were removed successfully and how many failed to remove.
Exception if all groups fail to remove	ExceptionIfAllGroupsFailToRemove		boolean	If set to true: An exception (failure) will be raised only if all groups fail to remove (i.e. no successes and some failures). If no exception is raised, this action will report how many groups were removed successfully and how many failed to remove.
AD server	ADServer		string	The optional name or Fully Qualified Domain Name (FQDN) of an Active Directory Domain Controller (DC) to contact to perform the requested action. If left blank, the Active Directory Domain Controller (DC) is automatically determined using site settings.
Max groups per call	MaxGroupsPerCall		integer	If a large number of AD groups is specified for removal, this might cause a timeout. By setting the 'Max groups per call' value to 1 or higher, the IA-Connect Orchestrator will split this action into multiple calls to the IA-Connect Director and Agent with the specified maximum number of groups per call. First available in IA-Connect 9.3. For example: If you set a value of 5 and 14 groups are requested for removal, the Orchestrator will split this into requests of 5, 5, 4.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
AD groups removed successfully	ADGroupsRemovedSuccessfully	integer	The number of AD groups the object was successfully removed from.
AD groups failed to remove	ADGroupsFailedToRemove	integer	The number of AD groups that the object failed to remove from.
Remove AD groups error message	RemoveADGroupsMasterErrorMessage	string	If the object failed to remove from some of the AD groups, and no exception was raised, this error message provides details of the problem.

Remove Active Directory OU

Operation ID:: ActiveDirectoryRemoveOU

Removes an Organizational Unit (OU) from Active Directory. The OU cannot be deleted if there are objects (for example users, groups or computers) in the OU.

Parameters

Name	Key	Required	Type	Description
OU identity	OUIdentity	True	string	The identity of the Active Directory OU. You can specify an OU by Distinguished Name (e.g. OU=Servers,OU=London,DC=mydomain,DC=local), GUID format or as a path (e.g. London\Servers).
Delete even if protected	DeleteEvenIfProtected		boolean	Set to true to delete the OU, even if it is protected from deletion. Set to false to only delete the OU if it is not protected from deletion, and raise an exception if the OU is protected.
Raise exception if OU does not exist	RaiseExceptionIfOUDoesNotExist		boolean	If set to true and the OU does not exist, an exception will be raised. If set to false and the OU does not exist, the action will report success but the output will report that no OUs were deleted.
AD server	ADServer		string	The optional name or Fully Qualified Domain Name (FQDN) of an Active Directory Domain Controller (DC) to contact to perform the requested action. If left blank, the Active Directory Domain Controller (DC) is automatically determined using site settings.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Number of OUs deleted	NumberOfOUsDeleted	integer	This output will hold the number of AD OUs deleted which should be 0 or 1.

Remove Active Directory user

Operation ID:: ActiveDirectoryRemoveADUserByIdentity

Removes a user from Active Directory.

Parameters

Name	Key	Required	Type	Description
User identity	UserIdentity	True	string	The identity of the Active Directory user. You can specify a user by Distinguished Name (e.g. CN=User1,OU=My Users,DC=mydomain,DC=local), GUID, SID, SAMAccountName / pre-2K name (e.g. 'User1') or Name (e.g. 'User1').
Remove protection from accidental deletion	RemoveProtectionFromAccidentalDeletion		boolean	Set to true to attempt to remove protection from accidental deletion, before attempting to remove the user.
Remove even if user has sub-objects	DeleteEvenIfUserHasSubObjects		boolean	If a user account has sub-objects (i.e. the user is not a leaf object), the normal command to remove the user will fail. Set this input to true if you want to fall-back to an alternative deletion method if sub-objects are detected.
Force delete recursive	ForceDeleteRecursive		boolean	If a user account has sub-objects (i.e. the user is not a leaf object), the normal command to remove the user will fail. Set this input to true if you want to perform a recursive sub-object delete, without first attempting to remove the user normally. This could be useful if the fall-back detection doesn't work.
AD server	ADServer		string	The optional name or Fully Qualified Domain Name (FQDN) of an Active Directory Domain Controller (DC) to contact to perform the requested action. If left blank, the Active Directory Domain Controller (DC) is automatically determined using site settings.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	ActiveDirectoryRemoveADUserByIdentityResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Remove Active Directory user from all groups

Operation ID:: ActiveDirectoryRemoveADUserFromAllGroups

Removes an Active Directory user from all of the Active Directory groups they are a member of. IA-Connect removes the user from as many groups as possible and reports on the outcome. This action only works with user accounts, you cannot use this action to remove a group or computer's group memberships.

Parameters

Name	Key	Required	Type	Description
User identity	UserIdentity		string	The user to remove from all groups. You can specify a user by Distinguished Name (e.g. CN=User1,OU=My Users,DC=mydomain,DC=local), GUID, SID, SAMAccountName / pre-2K name (e.g. 'User1') or Name (e.g. 'User1').
AD groups to exclude	GroupsToExcludeJSON		string	A list of AD groups to exclude from removal, in JSON or CSV format. For example: [{"GroupName": "Group 1"}, {"GroupName": "Group 2"}] (JSON table format), ["Group 1", "Group 2"] (JSON array format), or Group 1,Group 2 (CSV format). You can specify a user or group by Distinguished Name (e.g. CN=User1,OU=My Groups,DC=mydomain,DC=local), GUID, SID, or SAMAccountName / pre-2K name (e.g. 'User1'). You can specify a computer by Distinguished Name or computer name (pre-2K) followed by a $ (e.g. VM01$).
Exception if an excluded group does not exist	ExceptionIfExcludedGroupDoesNotExist		boolean	If set to true: An exception (failure) will be raised if one of the excluded groups does not exist (IA-Connect has to look up the group to obtain the group DN). If set to false (the default): If an excluded group does not exist, it will be ignored, since the user cannot possibly be a member of that group.
AD server	ADServer		string	The optional name or Fully Qualified Domain Name (FQDN) of an Active Directory Domain Controller (DC) to contact to perform the requested action. If left blank, the Active Directory Domain Controller (DC) is automatically determined using site settings.
Run as thread	RunAsThread		boolean	If set to false (the default), the IA-Connect Agent will run the action immediately and return the results when the script completes. This action may time out if the system is slow to respond. If set to true, the IA-Connect Agent will run this action as an Agent thread and the IA-Connect Director (or Orchestrator, PowerShell module, Blue Prism) can monitor the status of this Agent thread, waiting for it to complete. This allows this action to run without timeouts.
Retrieve output data for thread Id	RetrieveOutputDataFromThreadId		integer	If you previously ran this action as an Agent thread and set 'Seconds to wait for thread' to 0, provide the Agent thread Id to retrieve the results. This Agent thread Id will have been provided by the earlier call to this action. Set to 0 (the default) if you are simply running this action (and hence not retrieving the results of a previous instance of this action run as an Agent thread).
Seconds to wait for thread	SecondsToWaitForThread		integer	If 'Run as thread' is set to true, how many seconds to wait for the Agent thread to complete. If the Agent thread running this action hasn't completed in this time, an exception will be raised. Set to 0 to bypass the wait: The Agent will continue to run the action, but also be available for the next action. You can then retrieve the action results at a later time by using the action 'Wait for Agent thread to complete successfully' to wait for the Agent thread to complete and then re-run this 'Remove Active Directory user from all groups' action with the input 'Retrieve output data for thread Id' set to the Agent thread Id.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
AD groups removed successfully	ADGroupsRemovedSuccessfully	integer	The number of AD groups the user was successfully removed from.
AD groups failed to remove	ADGroupsFailedToRemove	integer	The number of AD groups that the user failed to remove from.
AD groups excluded from removal	ADGroupsExcludedFromRemoval	integer	The number of AD groups excluded from removal.
Remove AD groups error message	RemoveADGroupsMasterErrorMessage	string	If the user failed to remove from some of the AD groups, this error message provides details of the problem.
Thread Id	ThreadId	integer	If this action is being run as an Agent thread, this output will hold the Agent thread Id which can be used to monitor the action execution and retrieve the results when the action has completed.

Remove all Azure AD user licenses

Operation ID:: AzureADv2RemoveAllAzureADUserLicense

Removes all Azure AD user license (SKU) assigned to a user. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.

Parameters

Name	Key	Required	Type	Description
User object Id or UPN	ObjectId	True	string	The Id of an Azure Active Directory user. You can specify a user by UPN (e.g. user@mydomain.onmicrosoft.com) or ObjectId (e.g. UUID/GUID value).
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	AzureADv2RemoveAllAzureADUserLicenseResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Remove Azure AD security or Microsoft 365 group

Operation ID:: AzureADv2RemoveSecurityGroup

Remove an Azure Active Directory security group or Microsoft 365 group. This action cannot remove mail enabled security groups or distribution lists: Use the action 'Remove Office 365 distribution group' instead. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.

Parameters

Name	Key	Required	Type	Description
Group object Id or display name	GroupObjectId	True	string	The Id or display name of an Azure Active Directory group. You can specify a group by Display Name (e.g. "Finance users") or ObjectId (e.g. UUID/GUID value).
Exception if group does not exist	ErrorIfGroupDoesNotExist		boolean	Should an exception occur if the group does not exist? Set to false to simply do nothing if the group doesn't exist (e.g. it may have already been deleted). Set to true if the group not existing is an error (i.e. it was expected to exist).
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Group existed	GroupExisted	boolean	If the group existed and was deleted, this will be set to true. If the group didn't exist (and 'Error if group does not exist' was set to false so no exception was raised), this will be set to false to inform you that the group did not exist and hence IA-Connect didn't have to perform any action.

Remove Azure AD user

Operation ID:: AzureADv2RemoveAzureADUser

Remove an Azure Active Directory user. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.

Parameters

Name	Key	Required	Type	Description
User object Id or UPN	ObjectId	True	string	The Id of an Azure Active Directory user. You can specify a user by UPN (e.g. user@mydomain.onmicrosoft.com) or ObjectId (e.g. UUID/GUID value).
Exception if user does not exist	ErrorIfUserDoesNotExist		boolean	Should an exception occur if the user does not exist? Set to false to simply do nothing if the user doesn't exist (e.g. it may have already been deleted). Set to true if the user not existing is an error (i.e. it was expected to exist).
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
User existed	UserExisted	boolean	If the user existed and was deleted, this will be set to true. If the user didn't exist (and 'Error if user does not exist' was set to false so no exception was raised), this will be set to false to inform you that the user did not exist and hence IA-Connect didn't have to perform any action.

Remove Azure AD user from admin role assignment

Operation ID:: AzureADv2RemoveUserFromRole

Remove an Azure Active Directory user (or other object) from an existing Azure Active Directory admin role assignment. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.

Parameters

Name	Key	Required	Type	Description
User object Id or UPN	UserObjectId	True	string	The Id of an Azure Active Directory user. You can specify a user by UPN (e.g. user@mydomain.onmicrosoft.com) or ObjectId (e.g. UUID/GUID value).
Role object Id or display name	RoleObjectId	True	string	The Id or display name of an Azure Active Directory admin role. You can specify an AAD admin role by Display Name (e.g. "Application Developer") or ObjectId (e.g. UUID/GUID value).
Directory scope Id	DirectoryScopeId		string	An optional directory scope Id which the role assignment specified for removal must match. For example: / represents the entire tenant (and will result in only named role assignments with a directory scope Id of / to be removed), /GUID represents an app registration, /administrativeUnits/GUID represents an administrative unit. If you want to remove a role assignment, regardless of directory scope, specify * or a blank value.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
User removed from role	UserRemovedFromRole	boolean	True if user removed from role. False if user wasn't assigned to the role (so there was nothing to do).

Remove Azure AD user from all admin role assignments

Operation ID:: AzureADv2RemoveUserFromAllRoles

Removes an Azure Active Directory user (or other object) from all of the Azure Active Directory admin roles they are assigned to. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.

Parameters

Name	Key	Required	Type	Description
User object Id or UPN	UserObjectId	True	string	The Id of an Azure Active Directory user. You can specify a user by UPN (e.g. user@mydomain.onmicrosoft.com) or ObjectId (e.g. UUID/GUID value).
Exception if any roles fail to remove	ExceptionIfAnyRolesFailToRemove		boolean	If set to true: An exception (failure) will be raised if any single admin role fails to remove (i.e. 100% success is a requirement). If no exception is raised, this action will report how many roles were successfully removed and how many failed to remove.
Exception if all roles fail to remove	ExceptionIfAllRolesFailToRemove		boolean	If set to true (the default): An exception (failure) will be raised if all admin roles failed to remove (i.e. no successes and some failures). If no exception is raised, this action will report how many roles were successfully removed and how many failed to remove.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Azure AD roles removed successfully	AzureADRolesRemovedSuccessfully	integer	The number of Azure AD roles the user was successfully removed from.
Azure AD roles failed to remove	AzureADRolesFailedToRemove	integer	The number of Azure AD roles that the user failed to remove from.
Remove Azure AD roles master error message	RemoveAzureADRolesErrorMessage	string	If the user failed to remove from some of the Azure AD roles, and no exception was raised, this error message provides details of the problem.

Remove Azure AD user from all groups

Operation ID:: AzureADv2RemoveUserFromAllGroups

Removes an Azure Active Directory user from all of the Azure Active Directory groups they are a member of. This action cannot modify distribution lists or mail-enabled security groups - use the Office 365 Exchange Online actions instead. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.

Parameters

Name	Key	Required	Type	Description
User object Id or UPN	UserObjectId	True	string	The Id of an Azure Active Directory user. You can specify a user by UPN (e.g. user@mydomain.onmicrosoft.com) or ObjectId (e.g. UUID/GUID value).
Exception if any groups fail to remove	ExceptionIfAnyGroupsFailToRemove		boolean	If set to true: An exception (failure) will be raised if any single group fails to remove (i.e. 100% success is a requirement). Some groups (for example: Office 365 groups) might not remove so an exception could be common. If no exception is raised, this action will report how many groups were deleted successfully and how many failed to delete.
Exception if all groups fail to remove	ExceptionIfAllGroupsFailToRemove		boolean	If set to true: An exception (failure) will be raised if all groups fail to remove (i.e. no successes and some failures). If no exception is raised, this action will report how many groups were deleted successfully and how many failed to delete.
Max Azure AD groups per call	MaxAzureADGroupsPerCall		integer	If the user is a member of a large number of Azure AD groups, this might cause a timeout. By setting the 'Max Azure AD groups per call' value to 1 or higher, the IA-Connect Orchestrator will split this action into multiple calls to the IA-Connect Director and Agent with the specified maximum number of groups per call. For example: If you set a value of 5 and 14 groups need to be removed, the Orchestrator will split this into requests of 5, 5, 4.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Azure AD groups removed successfully	AzureADGroupsRemovedSuccessfully	integer	The number of Azure AD groups the user was successfully removed from.
Azure AD groups failed to remove	AzureADGroupsFailedToRemove	integer	The number of Azure AD groups that the user failed to remove from.
Remove Azure AD groups master error message	RemoveAzureADGroupsErrorMessage	string	If the user failed to remove from some of the Azure AD groups, and no exception was raised, this error message provides details of the problem.

Remove Azure AD user from group

Operation ID:: AzureADv2RemoveUserFromGroup

Removes an Azure Active Directory user from an Azure Active Directory group. This action cannot modify distribution lists or mail-enabled security groups - use the Office 365 Exchange Online actions instead. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.

Parameters

Name	Key	Required	Type	Description
User object Id or UPN	UserObjectId	True	string	The Id of an Azure Active Directory user. You can specify a user by UPN (e.g. user@mydomain.onmicrosoft.com) or ObjectId (e.g. UUID/GUID value).
Group object Id or display name	GroupObjectId	True	string	The Id or display name of an Azure Active Directory group. You can specify a group by Display Name (e.g. "Finance users") or ObjectId (e.g. UUID/GUID value).
Check user group memberships first	CheckUserGroupMembershipsFirst		boolean	If set to true, IA-Connect will check the user's group memberships before attempting to remove them from the group. If the user is not a member of the group, IA-Connect will simply report success without having to do anything. If set to false, IA-Connect will immediately remove the user from the group without checking, resulting in an error if the user is not in the group.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	AzureADv2RemoveUserFromGroupResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Remove Azure AD user from multiple admin roles

Operation ID:: AzureADv2RemoveUserFromMultipleRoles

Removes an Azure Active Directory user (or other object) from one or more existing Azure Active Directory admin roles. This action iterates through the list of user's role assignments and removes matching items, so if you specify non-existent roles to remove, this doesn't trigger an error (since if the user isn't in that role, nothing is attempted). This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.

Parameters

Name	Key	Required	Type	Description
User object Id or UPN	UserObjectId	True	string	The Id of an Azure Active Directory user. You can specify a user by UPN (e.g. user@mydomain.onmicrosoft.com) or ObjectId (e.g. UUID/GUID value).
Role object Ids or display names	RolesJSON		string	A list of the admin roles to assign to the user, in JSON or CSV format. For example: [{"Role": "Application Developer"}, {"Role": "Exchange Administrator"}] (JSON table format), ["Application Developer", "Exchange Administrator"] (JSON array format) or Application Developer,Exchange Administrator (CSV format). You can specify an AAD admin role by Display Name (e.g. "Application Developer") or ObjectId (e.g. UUID/GUID value).
Directory scope Id	DirectoryScopeId		string	An optional directory scope Id which the role assignments specified for removal must match. For example: / represents the entire tenant (and will result in only named role assignments with a directory scope Id of / to be removed), /GUID represents an app registration, /administrativeUnits/GUID represents an administrative unit. If you want to remove a named role assignment, regardless of directory scope, specify * or a blank value.
Exception if any roles fail to remove	ExceptionIfAnyRolesFailToRemove		boolean	If set to true: An exception (failure) will be raised if any single Azure AD admin role fails to remove (i.e. 100% success is a requirement). If no exception is raised, this action will report how many Azure AD admin roles were removed successfully and how many failed to remove.
Exception if all roles fail to remove	ExceptionIfAllRolesFailToRemove		boolean	If set to true: An exception (failure) will be raised only if all Azure AD admin roles fail to remove (i.e. no successes and some failures). If no exception is raised, this action will report how many Azure AD admin roles were removed successfully and how many failed to remove.
Exception if a role does not exist	ExceptionIfRoleDoesNotExist		boolean	If set to true: An exception (failure) will be raised if one of the roles specified for removal does not exist. If set to false (the default): If a role specified for removal does not exist, it will be ignored, since the user cannot possibly be assigned to it.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Azure AD roles removed successfully	AzureADRolesRemovedSuccessfully	integer	The number of Azure AD roles removed. This only counts roles which were actually removed (roles the user wasn't in don't count).
Azure AD roles failed to remove	AzureADRolesFailedToRemove	integer	The number of Azure AD roles which failed to remove.
Remove Azure AD roles error message	RemoveAzureADRolesMasterErrorMessage	string	If some roles failed to remove, and no exception was raised, this error message provides details of the problem.

Remove Azure AD user from multiple groups

Operation ID:: AzureADv2RemoveADUserFromMultipleADGroups

Removes an Azure Active Directory user from multiple existing Azure Active Directory groups where the groups are specified by object Id or display name. IA-Connect removes the user from as many groups as possible and reports on the outcome. This action cannot modify distribution lists or mail-enabled security groups - use the Office 365 Exchange Online actions instead. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.

Parameters

Name	Key	Required	Type	Description
User object Id or UPN	UserObjectId	True	string	The Id of an Azure Active Directory user. You can specify a user by UPN (e.g. user@mydomain.onmicrosoft.com) or ObjectId (e.g. UUID/GUID value).
Azure AD groups to remove	GroupNamesJSON		string	A list of the Ids or display names of Azure AD groups to remove the user from, in JSON or CSV format. For example: [{"GroupName": "Group 1"}, {"GroupName": "Group 2"}] (JSON table format), ["Group 1", "Group 2"] (JSON array format), or Group 1,Group 2 (CSV format).
Exception if any groups fail to remove	ExceptionIfAnyGroupsFailToRemove		boolean	If set to true: An exception (failure) will be raised if any single group fails to remove (i.e. 100% success is a requirement). Some groups (for example: Office 365 groups) might not remove so an exception could be common. If no exception is raised, this action will report how many groups were deleted successfully and how many failed to delete.
Exception if all groups fail to remove	ExceptionIfAllGroupsFailToRemove		boolean	If set to true: An exception (failure) will be raised if all groups fail to remove (i.e. no successes and some failures). If no exception is raised, this action will report how many groups were deleted successfully and how many failed to delete.
Check user group memberships first	CheckUserGroupMembershipsFirst		boolean	If set to true, IA-Connect will check the user's group memberships before attempting to remove them from each group. If the user is not a member of a particular group, IA-Connect will simply report success for that group without having to do anything. If set to false, IA-Connect will immediately remove the user from each specified group without checking, resulting in an error if the user is not in the group.
Max Azure AD groups per call	MaxAzureADGroupsPerCall		integer	If the user is a member of a large number of Azure AD groups, this might cause a timeout. By setting the 'Max Azure AD groups per call' value to 1 or higher, the IA-Connect Orchestrator will split this action into multiple calls to the IA-Connect Director and Agent with the specified maximum number of groups per call. For example: If you set a value of 5 and 14 groups need to be removed, the Orchestrator will split this into requests of 5, 5, 4.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Azure AD groups removed successfully	AzureADGroupsRemovedSuccessfully	integer	The number of Azure AD groups the user was successfully removed from.
Azure AD groups failed to remove	AzureADGroupsFailedToRemove	integer	The number of Azure AD groups that the user failed to remove from.
Remove Azure AD groups master error message	RemoveAzureADGroupsErrorMessage	string	If the user failed to remove from some of the Azure AD groups, and no exception was raised, this error message provides details of the problem.

Remove Microsoft Exchange distribution group

Operation ID:: ExchangeRemoveDistributionGroup

Remove a Microsoft Exchange distribution group.

Parameters

Name	Key	Required	Type	Description
Distribution group identity	Identity	True	string	The identity of the distribution group. You can specify a distribution group by Name, Alias, Distinguished Name (e.g. CN=MyGroup,OU=My Groups,DC=mydomain,DC=local), Email address or GUID.
Bypass security group manager check	BypassSecurityGroupManagerCheck		boolean	By default, if the IA-Connect Agent automation account is not an owner of the Distribution Group, it will be unable to remove the Distribution Group. Alternatively, you can set this option to true and this will remove that check, but it requires the automation account to be in the Exchange 'Organization Management' role group or have the 'Role Management' role assigned - this is a single role to give you permissions to modify any Exchange Distribution group instead of being an owner of all Distribution groups you need to modify.
Exception if group does not exist	ErrorIfGroupDoesNotExist		boolean	Should an exception occur if the group does not exist? Set to false to simply do nothing if the group doesn't exist (e.g. it may have already been deleted). Set to true if the group not existing is an error (i.e. it was expected to exist).
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	ExchangeRemoveDistributionGroupResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Remove Microsoft Exchange mailbox permission from user

Operation ID:: ExchangeRemoveMailboxPermission

Remove mailbox permissions from a specified mailbox user, user or security group.

Parameters

Name	Key	Required	Type	Description
Mailbox identity	Identity	True	string	The identity of the Microsoft Exchange mailbox. You can specify a mailbox by Name, Alias, Distinguished Name (e.g. CN=User1,OU=My Users,DC=mydomain,DC=local), DOMAIN\username, Email address, GUID, SAMAccountName or User Principal Name (UPN).
User	User	True	string	The user to remove from the mailbox permissions. You can specify a user by Name, Alias, Distinguished Name (e.g. CN=User1,OU=My Users,DC=mydomain,DC=local), DOMAIN\username, Email address, GUID, SAMAccountName or User Principal Name (UPN).
Access rights	AccessRights	True	string	The access rights to remove from the user's permissions on the mailbox. Available options are 'ChangeOwner', 'ChangePermission', 'DeleteItem', 'ExternalAccount', 'FullAccess' and 'ReadPermission'. To remove multiple permissions, specify them as a comma-separated list.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	ExchangeRemoveMailboxPermissionResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Remove Microsoft Exchange member from distribution group

Operation ID:: ExchangeRemoveDistributionGroupMember

Remove a member (for example a user) from an Exchange distribution group. If the member is not in the group, no action is taken.

Parameters

Name	Key	Required	Type	Description
Distribution group identity	Identity	True	string	The identity of the distribution group to add to. You can specify a distribution group by Name, Alias, Distinguished Name (e.g. CN=MyGroup,OU=My Groups,DC=mydomain,DC=local), Email address or GUID.
Member to remove	Member	True	string	The identity of the member to remove from the distribution group. You can specify a mailbox by Name, Alias, Distinguished Name (e.g. CN=User1,OU=My Users,DC=mydomain,DC=local), DOMAIN\username, Email address, GUID, SAMAccountName or User Principal Name (UPN).
Bypass security group manager check	BypassSecurityGroupManagerCheck		boolean	By default, if the IA-Connect Agent automation account is not an owner of the Distribution Group, it will be unable to modify the Distribution Group. Alternatively, you can set this option to true and this will remove that check, but it requires the automation account to be in the Exchange 'Organization Management' role group or have the 'Role Management' role assigned - this is a single role to give you permissions to modify any Exchange Distribution group instead of being an owner of all Distribution groups you need to modify.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	ExchangeRemoveDistributionGroupMemberResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Remove multiple Active Directory group members

Operation ID:: ActiveDirectoryRemoveMultipleADGroupMembersByIdentity

Remove one or more Active Directory objects (typically users, groups or computers) from an existing Active Directory group. IA-Connect removes as many members from the group as possible and reports on the outcome. If group and group member are in different domains, you will need to specify the Distinguished Name (DN) for both group and members. If some of the objects aren't a member of the group, this is counted as a success.

Parameters

Name	Key	Required	Type	Description
Group identity	GroupIdentity		string	The identity of the Active Directory group. You can specify a group by Distinguished Name (e.g. CN=Group1,OU=My Groups,DC=mydomain,DC=local), GUID, SID, or SAMAccountName / pre-2K name (e.g. 'Group1'). You cannot use display name or group name (although group name will often be the same as pre-2K name which can be used).
Group members	GroupMembersJSON		string	A list of the members (typically users, groups or computers) to remove from the AD group, in JSON or CSV format. For example: [{"MemberName": "User 1"}, {"MemberName": "User 2"}] (JSON table format), ["User 1", "User 2"] (JSON array format), or User 1,User 2 (CSV format). You can specify a user or group by Distinguished Name (e.g. CN=User1,OU=My Groups,DC=mydomain,DC=local), GUID, SID, or SAMAccountName / pre-2K name (e.g. 'User1'). You can specify a computer by Distinguished Name or computer name (pre-2K) followed by a $ (e.g. VM01$).
Exception if any members fail to remove	ExceptionIfAnyMembersFailToRemove		boolean	If set to true: An exception (failure) will be raised if any single members fails to remove (i.e. 100% success is a requirement). If no exception is raised, this action will report how many members were removed successfully and how many failed to remove.
Exception if all members fail to remove	ExceptionIfAllMembersFailToRemove		boolean	If set to true: An exception (failure) will be raised only if all members fail to remove (i.e. no successes and some failures). If no exception is raised, this action will report how many members were removed successfully and how many failed to remove.
Remove all members in a single call	RemoveAllMembersInASingleCall		boolean	If set to true, all members will be removed from the group in a single action. This will be faster, but if a single member doesn't exist or fails to remove, no members will be removed and an exception will be raised, regardless of the 'Exception' input options. If set to false (the default), each member will be removed individually and the IA-Connect Agent will count how many removed successfully and how many failed to remove. If removing members from groups across domains, it is recommended to set this input to false.
AD server	ADServer		string	The optional name or Fully Qualified Domain Name (FQDN) of an Active Directory Domain Controller (DC) to contact to perform the requested action. If left blank, the Active Directory Domain Controller (DC) is automatically determined using site settings.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
AD group members removed successfully	ADGroupMembersRemovedSuccessfully	integer	The number of members successfully removed from the AD group.
AD group members failed to remove	ADGroupMembersFailedToRemove	integer	The number of members which failed to remove from the AD group.
Remove AD group members error message	RemoveADGroupMembersMasterErrorMessage	string	If some members failed to remove from the AD group, and no exception was raised, this error message provides details of the problem.

Remove Office 365 distribution group

Operation ID:: O365RemoveDistributionGroup

Remove a Microsoft Exchange Online or Office 365 distribution group or mail-enabled security group.

Parameters

Name	Key	Required	Type	Description
Distribution group identity	Identity	True	string	The identity of the distribution group or mail-enabled security group to remove. You can specify a distribution group by Name, Alias, Distinguished Name (e.g. CN=MyGroup,OU=My Groups,DC=mydomain,DC=local), Email address or GUID.
Bypass security group manager check	BypassSecurityGroupManagerCheck		boolean	If the IA-Connect Agent automation account is not an owner of the Distribution Group or mail-enabled security group, it will be unable to remove the group. If you set this option to true (the default) the owner check will be bypassed, but it requires the automation account to be in the Exchange 'Organization Management' role group or have the 'Role Management' role assigned - this is a single role to give you permissions to modify any Office 355 Exchange Online group instead of being an owner of all groups you need to modify.
Exception if group does not exist	ErrorIfGroupDoesNotExist		boolean	Should an exception occur if the group does not exist? Set to false to simply do nothing if the group doesn't exist (e.g. it may have already been deleted). Set to true if the group not existing is an error (i.e. it was expected to exist).
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	O365RemoveDistributionGroupResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Remove Office 365 mailbox from all distribution groups

Operation ID:: O365RemoveMailboxFromAllDistributionGroups

Remove a mailbox from all Microsoft Exchange Online or Office 365 distribution groups or mail-enabled security groups that it is a member of.

Parameters

Name	Key	Required	Type	Description
Mailbox identity	MailboxIdentity		string	The identity of the mailbox to remove from all distribution groups or mail-enabled security groups it is a member of. You can specify a mailbox by Name, Alias, Object Id (e.g. UUID/GUID value), Email address, GUID, SAMAccountName (even users in non Active Directory connected environments have a SAMAccountName) or User Principal Name (UPN).
Bypass security group manager check	BypassSecurityGroupManagerCheck		boolean	If the IA-Connect Agent automation account is not an owner of a Distribution Group or mail-enabled security group, it will be unable to remove a member from that group. If you set this option to true (the default) the owner check will be bypassed, but it requires the automation account to be in the Exchange 'Organization Management' role group or have the 'Role Management' role assigned - this is a single role to give you permissions to modify any Office 355 Exchange Online group instead of being an owner of all groups you need to modify.
Exception if any groups fail to remove	ExceptionIfAnyGroupsFailToRemove		boolean	If set to true: An exception (failure) will be raised if the mailbox fails to remove from any individual group (i.e. 100% success is a requirement). If no exception is raised, this action will report how many groups were successfully removed and how many failed to remove.
Exception if all groups fail to remove	ExceptionIfAllGroupsFailToRemove		boolean	If set to true (the default): An exception (failure) will be raised if the mailbox fails to remove from all groups (i.e. no successes and some failures). If no exception is raised, this action will report how many groups were successfully removed and how many failed to remove.
Group DNs to exclude	GroupDNsToExcludeJSON		string	A list of group Distinguished Names (DN) to exclude from removal, in JSON or CSV format. For example: [{"GroupDN": "Group DN 1"}, {"GroupName": "Group DN 2"}] (JSON table format), ["Group DN 1", "Group DN 2"] (JSON array format), or "Group DN 1","Group DN 2" (CSV format).
Run as thread	RunAsThread		boolean	If set to false (the default), the IA-Connect Agent will run the action immediately and return the results when the script completes. This action may time out if the system is slow to respond. If set to true, the IA-Connect Agent will run this action as an Agent thread and the IA-Connect Director (or Orchestrator, PowerShell module, Blue Prism) can monitor the status of this Agent thread, waiting for it to complete. This allows this action to run without timeouts.
Retrieve output data for thread Id	RetrieveOutputDataFromThreadId		integer	If you previously ran this action as an Agent thread and set 'Seconds to wait for thread' to 0, provide the Agent thread Id to retrieve the results. This Agent thread Id will have been provided by the earlier call to this action. Set to 0 (the default) if you are simply running this action (and hence not retrieving the results of a previous instance of this action run as an Agent thread).
Seconds to wait for thread	SecondsToWaitForThread		integer	If 'Run as thread' is set to true, how many seconds to wait for the Agent thread to complete. If the Agent thread running this action hasn't completed in this time, an exception will be raised. Set to 0 to bypass the wait: The Agent will continue to run the action, but also be available for the next action. You can then retrieve the action results at a later time by using the action 'Wait for Agent thread to complete successfully' to wait for the Agent thread to complete and then re-run this 'Remove Office 365 mailbox from all distribution groups' action with the input 'Retrieve output data for thread Id' set to the Agent thread Id.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
O365 groups removed successfully	O365GroupsRemovedSuccessfully	integer	The number of O365 groups the mailbox was successfully removed from.
O365 groups failed to remove	O365GroupsFailedToRemove	integer	The number of O365 groups the mailbox failed to remove from.
O365 groups excluded from removal	O365GroupsExcludedFromRemoval	integer	The number of O365 groups excluded from removal (i.e. matched one of the specified group DNs to exclude).
Remove O365 groups master error message	RemoveO365GroupsErrorMessage	string	If the mailbox failed to remove from some O365 groups, and no exception was raised, this error message provides details of the problem.
Thread Id	ThreadId	integer	If this action is being run as an Agent thread, this output will hold the Agent thread Id which can be used to monitor the action execution and retrieve the results when the action has completed.

Remove Office 365 mailbox permission from user

Operation ID:: O365RemoveMailboxPermission

Remove Microsoft Exchange Online or Office 365 mailbox permissions from a specified mailbox user, user or security group.

Parameters

Name	Key	Required	Type	Description
Mailbox identity	Identity	True	string	The Id of a Microsoft Exchange Online or Office 365 mailbox. You can specify a mailbox by Name, Alias, Object Id (e.g. UUID/GUID value), Email address, GUID, SAMAccountName (even users in non Active Directory connected environments have a SAMAccountName) or User Principal Name (UPN).
User	User	True	string	The mailbox user, user or mail-enabled security group to remove from the mailbox permissions. You can specify a mailbox by Name, Alias, Object Id (e.g. UUID/GUID value), Email address, GUID, SAMAccountName (even users in non Active Directory connected environments have a SAMAccountName) or User Principal Name (UPN).
Access rights	AccessRights	True	string	The access rights to remove from the user's permissions on the mailbox. Available options are 'ChangeOwner', 'ChangePermission', 'DeleteItem', 'ExternalAccount', 'FullAccess' and 'ReadPermission'. To remove multiple permissions, specify them as a comma-separated list.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	O365RemoveMailboxPermissionResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Remove Office 365 member from distribution group

Operation ID:: O365RemoveDistributionGroupMember

Remove a member from a Microsoft Exchange Online or Office 365 distribution group or mail-enabled security group.

Parameters

Name	Key	Required	Type	Description
Distribution group identity	GroupIdentity	True	string	The identity of the distribution group or mail-enabled security group to remove from. You can specify a distribution group by Name, Alias, Distinguished Name (e.g. CN=MyGroup,OU=My Groups,DC=mydomain,DC=local), Email address or GUID.
Member to remove	Member	True	string	The identity of the member to remove from the distribution group or mail-enabled security group. You can specify a mailbox by Name, Alias, Object Id (e.g. UUID/GUID value), Email address, GUID, SAMAccountName (even users in non Active Directory connected environments have a SAMAccountName) or User Principal Name (UPN).
Bypass security group manager check	BypassSecurityGroupManagerCheck		boolean	If the IA-Connect Agent automation account is not an owner of the Distribution Group or mail-enabled security group, it will be unable to remove a member from the group. If you set this option to true (the default) the owner check will be bypassed, but it requires the automation account to be in the Exchange 'Organization Management' role group or have the 'Role Management' role assigned - this is a single role to give you permissions to modify any Office 355 Exchange Online group instead of being an owner of all groups you need to modify.
Exception if member not in group	ExceptionIfMemberNotInGroup		boolean	Should an exception occur if the member is not in the group? Set to false (the default) to simply do nothing if the member is not in the group (e.g. it may have already been removed, or was never in the group). Set to true if the member not being in the group is an error (i.e. it was expected to be in the group).
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	O365RemoveDistributionGroupMemberResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Reset Active Directory user password

Operation ID:: ActiveDirectoryResetADUserPasswordByIdentity

Resets an Active Directory user's password with a new password and optionally set password properties.

Parameters

Name	Key	Required	Type	Description
User identity	UserIdentity	True	string	The identity of the Active Directory user. You can specify a user by Distinguished Name (e.g. CN=User1,OU=My Users,DC=mydomain,DC=local), GUID, SID, SAMAccountName / pre-2K name (e.g. 'User1') or Name (e.g. 'User1').
New password	NewPassword	True	password	The new password. This must be specified and meet the Active Directory password complexity rules. If this is a 'Stored' password, enter in the format {IAConnectPassword:StoredPasswordIdentifier} and set the 'stored password' input to true. If this is an Orchestrator generic credential, enter in the format {OrchestratorCredential:FriendlyName} and set the 'stored password' input to true.
Account password is stored password	AccountPasswordIsStoredPassword		boolean	Set to true if the password is an IA-Connect stored password identifier (for example: generated by the 'Generate password' action) or an IA-Connect Orchestrator generic credential (for example: If using IA-Connect with a PA flow).
Set user password properties	SetUserPasswordProperties		boolean	Set to Yes (the default) if you want to set specified user password properties in additional to changing the password. User password properties are 'Change password at logon', 'User cannot change password' and 'Password never expires'. Set to No to only change the user's password, ignoring the other inputs to this action.
User must change password at next logon	ChangePasswordAtLogon		boolean	Set to Yes (the default) if you want to force the user to change their password when they login (i.e. the new password being set here is a one-time password to get the user logged-in). Set to No if this is the password the user will use until they manually change it. Set to blank / empty to leave this password option unchanged (new in IA-Connect 9.4). You cannot set this option to Yes at the same time as setting either 'User cannot change password' or 'Password never expires' to Yes.
User cannot change password	CannotChangePassword		boolean	Set to Yes to stop the user from being able to change their password. Set to No (the default) if the user can change the password. Set to blank / empty to leave this password option unchanged (new in IA-Connect 9.4). You cannot set this option to Yes at the same time as setting 'User must change password at next login' to Yes.
Password never expires	PasswordNeverExpires		boolean	Set to Yes if the password never expires (i.e. the user will never be prompted to change the password). Set to No (the default) if the password can expire as set in Active Directory Domain policy. Set to blank / empty to leave this password option unchanged (new in IA-Connect 9.4). You cannot set this option to Yes at the same time as setting 'User must change password at next login' to Yes.
Reset password twice	ResetPasswordTwice		boolean	Set to Yes to reset the password twice, the first reset being a randomisation of the requested new password (same number of uppercase, lowercase, numbers and the same symbols but in a random order). This mitigates the risk of a pass-the-hash vulnerability if you are synchronising this user to Azure Active Directory. Set to No (the default) to set the requested password without first setting a randomised password.
AD server	ADServer		string	The optional name or Fully Qualified Domain Name (FQDN) of an Active Directory Domain Controller (DC) to contact to perform the requested action. If left blank, the Active Directory Domain Controller (DC) is automatically determined using site settings.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	ActiveDirectoryResetADUserPasswordByIdentityResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Reset Azure AD user password

Operation ID:: AzureADv2ResetAzureADUserPassword

Resets an Azure Active Directory user's password with a new password. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.

Parameters

Name	Key	Required	Type	Description
User Principal Name	UserPrincipalName	True	string	The user logon name in Azure Active Directory. This generally should be in the format 'name@domainFQDN' (e.g. 'TestUser1@mydomain.onmicrosoft.com').
New password	NewPassword	True	password	The new password. This must be specified and meet the Azure Active Directory password complexity rules. If this is a 'Stored' password, enter in the format {IAConnectPassword:StoredPasswordIdentifier} and set the 'stored password' input to true. If this is an Orchestrator generic credential, enter in the format {OrchestratorCredential:FriendlyName} and set the 'stored password' input to true.
Account password is stored password	AccountPasswordIsStoredPassword		boolean	Set to true if the password is an IA-Connect stored password identifier (for example: generated by the 'Generate password' action) or an IA-Connect Orchestrator generic credential (for example: If using IA-Connect with a PA flow).
Force change password at next login	ForceChangePasswordNextLogin		boolean	Set to true if you want to force the user to change their password when they next login (i.e. the new password being set here is a one-time password to allow the user to log in). Set to false if this is the password the user will use until they manually change it.
Enforce change password policy	EnforceChangePasswordPolicy		boolean	Set to true to enforce the Azure Active Directory change password policy which (depending on your environment) can define how often the user should change their password, password recovery options and additional security verification. This may cause the user to be prompted for additional information.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	AzureADv2ResetAzureADUserPasswordResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Reset Azure AD user properties

Operation ID:: AzureADv2ResetAzureADUserProperties

Reset common properties of an Azure Active Directory user to a blank value. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.

Parameters

Name	Key	Required	Type	Description
User object Id or UPN	ObjectId	True	string	The Id of an Azure Active Directory user. You can specify a user by UPN (e.g. user@mydomain.onmicrosoft.com) or ObjectId (e.g. UUID/GUID value).
Reset first name	ResetFirstName		boolean	Set to true to reset the user's first name to blank.
Reset last name	ResetLastName		boolean	Set to true to reset the user's family name / last name / surname to blank.
Reset city	ResetCity		boolean	Set to true to reset the name of the City the user lives in, or where their office is located to blank.
Reset company name	ResetCompanyName		boolean	Set to true to reset the name of the company the user works for to blank.
Reset country or region	ResetCountry		boolean	Set to true to reset the Country or Region the user lives in, or where their office is located to blank.
Reset department	ResetDepartment		boolean	Set to true to reset the name of the department the user works for within the Company to blank.
Reset fax number	ResetFaxNumber		boolean	Set to true to reset the fax (facsimile) telephone number to blank.
Reset job title	ResetJobTitle		boolean	Set to true to reset the user's job title to blank.
Reset mobile phone number	ResetMobilePhone		boolean	Set to true to reset the user's mobile phone number to blank.
Reset office	ResetOffice		boolean	Set to true to reset the name of the office where the user works to blank.
Reset telephone number	ResetPhoneNumber		boolean	Set to true to reset the user's telephone number to blank.
Reset ZIP or postal code	ResetPostalCode		boolean	Set to true to reset the ZIP or postal code where the user lives, or the office they work in to blank.
Reset preferred language	ResetPreferredLanguage		boolean	Set to true to reset the user's preferred language to blank.
Reset state or province	ResetState		boolean	Set to true to reset the state, province or county the user lives in, or where their office located to blank.
Reset street address	ResetStreetAddress		boolean	Set to true to reset the street address where the user lives, or their office street address to blank.
Reset usage location	ResetUsageLocation		boolean	Set to true to reset the usage location to blank. This is required for users that will be assigned licenses due to a legal requirement, so resetting to blank is likely to break things.
Reset age group	ResetAgeGroup		boolean	Set to true to reset the age group of the user, for parental control purposes, to blank.
Reset consent provided for minor	ResetConsentProvidedForMinor		boolean	Set to true to reset whether consent has been provided for the minor, for parental control purposes, to blank.
Reset employee Id	ResetEmployeeId		boolean	Set to true to reset the employee Id to blank. You might use this to uniquely distinguish between each user in your organisation.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	AzureADv2ResetAzureADUserPropertiesResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Reset the properties on a Microsoft Exchange mailbox

Operation ID:: ExchangeResetMailboxAttributes

Set the specified properties of an existing Microsoft Exchange mailbox to blank.

Parameters

Name	Key	Required	Type	Description
Mailbox identity	Identity	True	string	The identity of the Microsoft Exchange mailbox. You can specify a mailbox by Name, Alias, Distinguished Name (e.g. CN=User1,OU=My Users,DC=mydomain,DC=local), DOMAIN\username, Email address, GUID, SAMAccountName or User Principal Name (UPN).
Reset Custom attribute 1	ResetCustomAttribute1		boolean	Set to true if you want to reset the custom attribute field (set to a blank value).
Reset Custom attribute 2	ResetCustomAttribute2		boolean	Set to true if you want to reset the custom attribute field (set to a blank value).
Reset Custom attribute 3	ResetCustomAttribute3		boolean	Set to true if you want to reset the custom attribute field (set to a blank value).
Reset Custom attribute 4	ResetCustomAttribute4		boolean	Set to true if you want to reset the custom attribute field (set to a blank value).
Reset Custom attribute 5	ResetCustomAttribute5		boolean	Set to true if you want to reset the custom attribute field (set to a blank value).
Reset Custom attribute 6	ResetCustomAttribute6		boolean	Set to true if you want to reset the custom attribute field (set to a blank value).
Reset Custom attribute 7	ResetCustomAttribute7		boolean	Set to true if you want to reset the custom attribute field (set to a blank value).
Reset Custom attribute 8	ResetCustomAttribute8		boolean	Set to true if you want to reset the custom attribute field (set to a blank value).
Reset Custom attribute 9	ResetCustomAttribute9		boolean	Set to true if you want to reset the custom attribute field (set to a blank value).
Reset Custom attribute 10	ResetCustomAttribute10		boolean	Set to true if you want to reset the custom attribute field (set to a blank value).
Reset Custom attribute 11	ResetCustomAttribute11		boolean	Set to true if you want to reset the custom attribute field (set to a blank value).
Reset Custom attribute 12	ResetCustomAttribute12		boolean	Set to true if you want to reset the custom attribute field (set to a blank value).
Reset Custom attribute 13	ResetCustomAttribute13		boolean	Set to true if you want to reset the custom attribute field (set to a blank value).
Reset Custom attribute 14	ResetCustomAttribute14		boolean	Set to true if you want to reset the custom attribute field (set to a blank value).
Reset Custom attribute 15	ResetCustomAttribute15		boolean	Set to true if you want to reset the custom attribute field (set to a blank value).
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	ExchangeResetMailboxAttributesResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Reset the properties on a Microsoft Exchange Online mailbox

Operation ID:: ExchangeResetRemoteMailboxAttributes

Set the specified properties of an existing Microsoft Exchange Online or Office 365 (remote) mailbox to blank. The request is sent via your on-premises Microsoft Exchange server which must be setup for a hybrid deployment.

Parameters

Name	Key	Required	Type	Description
Mailbox identity	Identity	True	string	The identity of the Microsoft Exchange Online or Office 365 (remote) mailbox. You can specify a Microsoft Exchange Online or Office 365 (remote) mailbox by Active Directory object Id, Alias, Distinguished Name (e.g. CN=User1,OU=My Users,DC=mydomain,DC=local), DOMAIN\username, Email address, GUID or User Principal Name (UPN).
Reset Custom attribute 1	ResetCustomAttribute1		boolean	Set to true if you want to reset the custom attribute field (set to a blank value).
Reset Custom attribute 2	ResetCustomAttribute2		boolean	Set to true if you want to reset the custom attribute field (set to a blank value).
Reset Custom attribute 3	ResetCustomAttribute3		boolean	Set to true if you want to reset the custom attribute field (set to a blank value).
Reset Custom attribute 4	ResetCustomAttribute4		boolean	Set to true if you want to reset the custom attribute field (set to a blank value).
Reset Custom attribute 5	ResetCustomAttribute5		boolean	Set to true if you want to reset the custom attribute field (set to a blank value).
Reset Custom attribute 6	ResetCustomAttribute6		boolean	Set to true if you want to reset the custom attribute field (set to a blank value).
Reset Custom attribute 7	ResetCustomAttribute7		boolean	Set to true if you want to reset the custom attribute field (set to a blank value).
Reset Custom attribute 8	ResetCustomAttribute8		boolean	Set to true if you want to reset the custom attribute field (set to a blank value).
Reset Custom attribute 9	ResetCustomAttribute9		boolean	Set to true if you want to reset the custom attribute field (set to a blank value).
Reset Custom attribute 10	ResetCustomAttribute10		boolean	Set to true if you want to reset the custom attribute field (set to a blank value).
Reset Custom attribute 11	ResetCustomAttribute11		boolean	Set to true if you want to reset the custom attribute field (set to a blank value).
Reset Custom attribute 12	ResetCustomAttribute12		boolean	Set to true if you want to reset the custom attribute field (set to a blank value).
Reset Custom attribute 13	ResetCustomAttribute13		boolean	Set to true if you want to reset the custom attribute field (set to a blank value).
Reset Custom attribute 14	ResetCustomAttribute14		boolean	Set to true if you want to reset the custom attribute field (set to a blank value).
Reset Custom attribute 15	ResetCustomAttribute15		boolean	Set to true if you want to reset the custom attribute field (set to a blank value).
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	ExchangeResetRemoteMailboxAttributesResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Retrieve a Microsoft Exchange mailbox email addresses

Operation ID:: ExchangeGetMailboxEmailAddresses

Retrieves a list of all email addresses assigned to a Microsoft Exchange mailbox. This includes the primary SMTP address, proxy email addresses, X.400 addresses and EUM (Exchange Unified Messaging) addresses.

Parameters

Name	Key	Required	Type	Description
Mailbox identity	Identity	True	string	The identity of the Microsoft Exchange mailbox. You can specify a mailbox by Name, Alias, Distinguished Name (e.g. CN=User1,OU=My Users,DC=mydomain,DC=local), DOMAIN\username, Email address, GUID, SAMAccountName or User Principal Name (UPN).
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Mailbox Email addresses	MailboxEmailAddresses	array of string	The mailbox email addresses. The primary SMTP email address will appear as SMTP:emailaddress, secondary (proxy) SMTP email addresses will appear as smtp:emailaddress, X.400 email addresses will appear as x400:address and Exchange Unified Messaging (EUM) addresses as eum:address.

Retrieve a Microsoft Exchange Online mailbox email addresses

Operation ID:: ExchangeGetRemoteMailboxEmailAddresses

Retrieves a list of all email addresses assigned to an existing Microsoft Exchange Online or Office 365 (remote) mailbox. This includes the primary SMTP address, proxy email addresses, X.400 addresses and EUM (Exchange Unified Messaging) addresses. The request is sent via your on-premises Microsoft Exchange server which must be setup for a hybrid deployment.

Parameters

Name	Key	Required	Type	Description
Mailbox identity	Identity	True	string	The identity of the Microsoft Exchange Online or Office 365 (remote) mailbox. You can specify a Microsoft Exchange Online or Office 365 (remote) mailbox by Active Directory object Id, Alias, Distinguished Name (e.g. CN=User1,OU=My Users,DC=mydomain,DC=local), DOMAIN\username, Email address, GUID or User Principal Name (UPN).
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Mailbox Email addresses	MailboxEmailAddresses	array of string	The mailbox email addresses. The primary SMTP email address will appear as SMTP:emailaddress, secondary (proxy) SMTP email addresses will appear as smtp:emailaddress, X.400 email addresses will appear as x400:address and Exchange Unified Messaging (EUM) addresses as eum:address.

Retrieve Microsoft Exchange distribution group details

Operation ID:: ExchangeGetDistributionGroup

Retrieve the details of a Microsoft Exchange Distribution group. You can search by Identity or using a filter. An Identity search should return 0 or 1 results. A filter search could return 0 or more results.

Parameters

Name	Key	Required	Type	Description
Distribution group identity	Identity		string	The identity of the distribution group to search for. You can specify a distribution group by Name, Alias, Distinguished Name (e.g. CN=MyGroup,OU=My Groups,DC=mydomain,DC=local), Email address or GUID.
Filter property name	FilterPropertyName		string	As an alternative to searching by identity, provide the name of the property to filter the distribution groups by. Common property names are: DisplayName, Name, GroupType, PrimarySMTPAddress. If using a filter, you also need to populate the 'Filter property comparison' and 'Filter property value' fields.
Filter property comparison	FilterPropertyComparison		string	If searching by filter as an alternative to searching by identity, enter the type of comparison here (for example: If the filter property name is 'Alias', the comparison could be 'equals' or 'like'). If you wish to enter a raw filter (in OPATH format), choose a comparison type of 'Raw: Enter filter manually' and enter the full filter in the 'Filter property value' field.
Filter property value	FilterPropertyValue		string	If searching by filter as an alternative to searching by identity, enter the value of the filter property here (for example: If the filter property name is 'Alias', the filter property value might be 'JohnDoe').
Is no result an exception	NoResultIsAnException		boolean	Set to true to raise an exception if no distribution groups are found. Set to false to simply report a count of 0 if no distribution groups are found. Note the 'false' option may not work when used with Identity in non-English languages so consider searching using filters instead.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Search results JSON	PowerShellJSONOutput	string	A list of Microsoft Exchange distribution groups which match the search identity or filter, in JSON format.
Count of distribution groups found	CountOfDistributionGroupsFound	integer	The number of Microsoft Exchange distribution groups found which match the search identity or filter. Usually 1.

Retrieve Microsoft Exchange mailbox details

Operation ID:: ExchangeGetMailbox

Returns the properties of the specified Exchange mailbox. You can search by Identity or using a filter. An Identity search should return 0 or 1 results. A filter search could return 0 or more results.

Parameters

Name	Key	Required	Type	Description
Mailbox identity	Identity		string	The identity of the Microsoft Exchange mailbox. You can specify a mailbox by Name, Alias, Distinguished Name (e.g. CN=User1,OU=My Users,DC=mydomain,DC=local), DOMAIN\username, Email address, GUID, SAMAccountName or User Principal Name (UPN).
Filter property name	FilterPropertyName		string	As an alternative to searching by identity, provide the name of the property to filter the mailboxes by. Common property names are: Name, Alias, PrimarySMTPAddress, DisplayName, SamAccountName. If using a filter, you also need to populate the 'Filter property comparison' and 'Filter property value' fields.
Filter property comparison	FilterPropertyComparison		string	If searching by filter as an alternative to searching by identity, enter the type of comparison here (for example: If the filter property name is 'Alias', the comparison could be 'equals' or 'like'). If you wish to enter a raw filter (in OPATH format), choose a comparison type of 'Raw: Enter filter manually' and enter the full filter in the 'Filter property value' field.
Filter property value	FilterPropertyValue		string	If searching by filter as an alternative to searching by identity, enter the value of the filter property here (for example: If the filter property name is 'Alias', the filter property value might be 'JohnDoe').
Recipient type details	RecipientTypeDetails		string	The type of mailbox to search for. If this field is left blank, all types of mailbox will be included in the search.
Is no result an exception	NoResultIsAnException		boolean	Set to true to raise an exception if no mailboxes are found. Set to false to simply report a count of 0 if no mailboxes are found. Note the 'false' option may not work when used with Identity in non-English languages so consider searching using filters instead.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Search results JSON	PowerShellJSONOutput	string	A list of Exchange mailboxes (and their requested properties) which match the search identity, in JSON format.
Count of mailboxes found	CountOfMailboxesFound	integer	The number of Exchange mailboxes found which match the search identity or filter. 1 result is expected if searching by identity. 0 or more results are expected if searching by filter.

Retrieve Microsoft Exchange mailbox distribution group membership

Operation ID:: ExchangeGetMailboxDistributionGroupMembership

Retrieve which distribution groups a mailbox is a member of.

Parameters

Name	Key	Required	Type	Description
Mailbox identity	Identity	True	string	The identity of the Microsoft Exchange mailbox. You can specify a mailbox by Name, Alias, Distinguished Name (e.g. CN=User1,OU=My Users,DC=mydomain,DC=local), DOMAIN\username, Email address, GUID, SAMAccountName or User Principal Name (UPN).
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Search results JSON	PowerShellJSONOutput	string	A list of Microsoft Exchange distribution groups the mailbox is a member of, in JSON format.
Count of distribution groups found	CountOfDistributionGroupsFound	integer	The number of Microsoft Exchange distribution groups the mailbox is a member of.

Retrieve Microsoft Exchange Online mailbox details

Operation ID:: ExchangeGetRemoteMailbox

Returns the properties of the specified Microsoft Exchange Online or Office 365 (remote) mailbox. The request is sent via your on-premises Microsoft Exchange server which must be setup for a hybrid deployment. You can search by Identity or using a filter. An Identity search should return 0 or 1 results. A filter search could return 0 or more results.

Parameters

Name	Key	Required	Type	Description
Mailbox identity	Identity		string	The identity of the Microsoft Exchange Online or Office 365 (remote) mailbox. You can specify a Microsoft Exchange Online or Office 365 (remote) mailbox by Active Directory object Id, Alias, Distinguished Name (e.g. CN=User1,OU=My Users,DC=mydomain,DC=local), DOMAIN\username, Email address, GUID or User Principal Name (UPN).
Filter property name	FilterPropertyName		string	As an alternative to searching by identity, provide the name of the property to filter the mailboxes by. Common property names are: Name, Alias, PrimarySMTPAddress, DisplayName. If using a filter, you also need to populate the 'Filter property comparison' and 'Filter property value' fields.
Filter property comparison	FilterPropertyComparison		string	If searching by filter as an alternative to searching by identity, enter the type of comparison here (for example: If the filter property name is 'Alias', the comparison could be 'equals' or 'like'). If you wish to enter a raw filter (in OPATH format), choose a comparison type of 'Raw: Enter filter manually' and enter the full filter in the 'Filter property value' field.
Filter property value	FilterPropertyValue		string	If searching by filter as an alternative to searching by identity, enter the value of the filter property here (for example: If the filter property name is 'Alias', the filter property value might be 'JohnDoe').
Is no result an exception	NoResultIsAnException		boolean	Set to true to raise an exception if no mailboxes are found. Set to false to simply report a count of 0 if no mailboxes are found. Note the 'false' option may not work when used with Identity in non-English languages so consider searching using filters instead.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Search results JSON	PowerShellJSONOutput	string	A list of Microsoft Exchange Online or Office 365 mailboxes (and their requested properties) which match the search identity, in JSON format.
Count of mailboxes found	CountOfMailboxesFound	integer	The number of Microsoft Exchange Online or Office 365 mailboxes found which match the search identity or filter. Usually 1.

Retrieve Office 365 mailbox distribution group membership

Operation ID:: O365GetMailboxDistributionGroupMembership

Retrieve which distribution groups or mail-enabled security groups an Office 365 or Exchange Online mailbox is a member of.

Parameters

Name	Key	Required	Type	Description
Mailbox identity	MailboxIdentity	True	string	The Id of a Microsoft Exchange Online or Office 365 mailbox. You can specify a mailbox by Name, Alias, Object Id (e.g. UUID/GUID value), Email address, GUID, SAMAccountName (even users in non Active Directory connected environments have a SAMAccountName) or User Principal Name (UPN).
Properties to retrieve	PropertiesToRetrieveJSON		string	A list of member properties to retrieve, in JSON or CSV format. For example: ["Identity", "DistinguishedName"] (JSON array format), or "Identity","DistinguishedName" (CSV format). Common group properties include: Alias, DisplayName, DistinguishedName, GroupType, Identity, Name, PrimarySmtpAddress and SamAcountName. If you leave this field blank, a default set of properties are retrieved.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Search results JSON	PowerShellJSONOutput	string	A list of Office 365 or Exchange Online distribution groups or mail-enabled security groups the mailbox is a member of, in JSON format.
Count of distribution groups found	CountOfDistributionGroupsFound	integer	The number of Office 365 or Exchange Online distribution groups or mail-enabled security groups the mailbox is a member of.

Run Active Directory PowerShell script

Operation ID:: RunActiveDirectoryPowerShellAutomationScript

Runs a PowerShell script in the Active Directory runspace in the session where the IA-Connect Agent is running, where the script contents are passed to the IA-Connect Agent as part of the command. This is the recommended action for running your own custom Active Directory PowerShell code. This action can also be used to retrieve the results from a previous execution of a PowerShell script, run as an Agent thread.

Parameters

Name	Key	Required	Type	Description
PowerShell script contents	PowerShellScriptContents		string	The contents of the PowerShell script to execute in the Active Directory runspace. IA-Connect will execute this script as-is by passing directly to the PowerShell automation engine. No PowerShell script is actually created on-disk.
Is no result an error	IsNoResultAnError		boolean	If no data is returned by the PowerShell command, does this suggest an error?
Return complex types	ReturnComplexTypes		boolean	If the PowerShell return data contains 'complex' properties (for example, collections of values, arrays, tables, or classes), these properties are not returned, by default, in the IA-Connect PowerShell response. The inputs 'Properties to return as collection', 'Property names to serialize' and 'Property types to serialize' allow you to specify which 'complex' properties should be returned, and the method used to format the data (on a property-by-property basis, pick the one which works best). This input allows you to specify what should be done with any remaining properties (i.e. Properties which are 'complex' and not explicitly named). If set to true, IA-Connect will try to return a string representation of the data, using ToString(). If set to false (the default), IA-Connect will not return the property.
Return boolean as boolean	ReturnBooleanAsBoolean		boolean	Should Boolean properties be returned as a Booleans? If false, these are returned as strings.
Return numeric as decimal	ReturnNumericAsDecimal		boolean	Should Numeric properties be returned as a Numerics? If false, these are returned as strings.
Return date as date	ReturnDateAsDate		boolean	Should Date properties be returned as a Dates? If false, these are returned as strings.
Properties to return as collection	PropertiesToReturnAsCollectionJSON		string	If the PowerShell return data contains 'complex' properties (for example, collections of values, arrays, tables, or classes), these properties are not returned, by default, in the IA-Connect PowerShell response. This option allows you to specify which 'complex' properties (by name) IA-Connect should attempt to return as a collection. Depending on the property, its type and values, you should also consider using the alternative inputs 'Property names to serialize' and 'Property types to serialize' (pick one). This input can be entered in JSON or CSV format. For example: To return the EmailAddresses and MemberOf array properties, enter [{"PropertyName": "EmailAddresses"}, {"PropertyName": "MemberOf"}] (JSON table format), ["EmailAddresses", "MemberOf"] (JSON array format), or EmailAddresses,MemberOf (CSV format).
Run script as thread	RunScriptAsThread		boolean	If set to false (the default), the IA-Connect Agent will run the PowerShell script immediately and return the results to the Director when the script completes. If running a long or complex PowerShell script, this action may time out. If set to true, the IA-Connect Agent will run the PowerShell script as an Agent thread and the IA-Connect Director (or Orchestrator, PowerShell module, Blue Prism) can monitor the status of this Agent thread, waiting for it to complete. This allows long or complex PowerShell scripts to run without timeouts. IA-Connect Agents 9.3 and earlier cannot run PowerShell scripts as an Agent thread.
Retrieve output data for thread Id	RetrieveOutputDataFromThreadId		integer	If you previously ran a PowerShell script as an Agent thread and set 'Seconds to wait for thread' to 0, provide the Agent thread Id to retrieve the results. This Agent thread Id will have been provided by the earlier call to this action. Set to 0 (the default) if you are simply running a PowerShell script (and hence not retrieving the results of a previous PowerShell script run as an Agent thread).
Seconds to wait for thread	SecondsToWaitForThread		integer	If 'Run script as thread' is set to true, how many seconds to wait for the Agent thread to complete. If the Agent thread running the PowerShell script hasn't completed in this time, an exception will be raised. Set to 0 to bypass the wait: The Agent will continue to run the PowerShell script, but also be available for the next action. You can then retrieve the script results at a later time by using the action 'Wait for Agent thread to complete successfully' to wait for the Agent thread to complete and then re-run this 'Run PowerShell script' action with the input 'Retrieve output data for thread Id' set to the Agent thread Id.
Script contains stored password	ScriptContainsStoredPassword		boolean	Set to true if the script contains an IA-Connect stored password identifier, in the format {IAConnectPassword:StoredPasswordIdentifier} or an IA-Connect Orchestrator generic credential, in the format {OrchestratorCredential:FriendlyName}. The { } phrase will be replaced by the specified password, escaped and placed in single quotes (unless it is already in quotes in the script).
Log verbose output	LogVerboseOutput		boolean	Set to true to log any PowerShell verbose output into the IA-Connect logs. This could be useful for debugging. To log verbosely in your script, use the following PowerShell: Write-Verbose 'My message' -Verbose.
Property names to serialize	PropertyNamesToSerializeJSON		string	If the PowerShell return data contains 'complex' properties (for example, collections of values, arrays, tables, or classes), these properties are not returned, by default, in the IA-Connect PowerShell response. This option allows you to specify which 'complex' properties (by name) IA-Connect should serialize as JSON, so they are returned as a string type (which you can deserialize, once received). Depending on the property, its type and values, you should also consider using the alternative inputs 'Properties to return as collection' and 'Property types to serialize' (pick one). For example: To serialize the EmailAddresses and MemberOf properties, enter [{"PropertyName": "EmailAddresses"}, {"PropertyName": "MemberOf"}] (JSON table format), ["EmailAddresses", "MemberOf"] (JSON array format), or EmailAddresses,MemberOf (CSV format).
Property types to serialize	PropertyTypesToSerializeJSON		string	If the PowerShell return data contains 'complex' properties (for example, collections of values, arrays, tables, or classes), these properties are not returned, by default, in the IA-Connect PowerShell response. This option allows you to specify which 'complex' properties (by type) IA-Connect should serialize as JSON, so they are returned as a string type (which you can deserialize, once received). Depending on the property, its type and values, you should also consider using the alternative inputs 'Properties to return as collection' and 'Property names to serialize' (pick one). This input is a collection with a single 'PropertyType' field. For example: To serialize any property of type Microsoft.Graph.PowerShell.Models.IMicrosoftGraphServicePlanInfo[], enter [{"PropertyType": "Microsoft.Graph.PowerShell.Models.IMicrosoftGraphServicePlanInfo[]"}] (JSON table format), ["Microsoft.Graph.PowerShell.Models.IMicrosoftGraphServicePlanInfo[]"] (JSON array format), or 'Microsoft.Graph.PowerShell.Models.IMicrosoftGraphServicePlanInfo[] (CSV format).
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
PowerShell output JSON	PowerShellJSONOutput	string	The output of the PowerShell script, formatted as JSON.
Thread Id	ThreadId	integer	If the PowerShell script is being run as an Agent thread, this output will hold the Agent thread Id which can be used to monitor the PowerShell script execution and retrieve the PowerShell script results when the script has completed.

Run Azure AD PowerShell script

Operation ID:: RunAzureADv2PowerShellAutomationScript

Runs a PowerShell script in the Azure Active Directory (also known as Microsoft Entra ID, Azure AD or AAD) runspace in the session where the IA-Connect Agent is running, where the script contents are passed to the IA-Connect Agent as part of the command. This is the recommended action for running your own custom Azure AD PowerShell scripts. This action can also be used to retrieve the results from a previous execution of a PowerShell script, run as an Agent thread. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules.

Parameters

Name	Key	Required	Type	Description
PowerShell script contents	PowerShellScriptContents		string	The contents of the PowerShell script to execute in the Azure AD v2 runspace. IA-Connect will execute this script as-is by passing directly to the PowerShell automation engine. No PowerShell script is actually created on-disk.
Is no result an error	IsNoResultAnError		boolean	If no data is returned by the PowerShell command, does this suggest an error?
Return complex types	ReturnComplexTypes		boolean	If the PowerShell return data contains 'complex' properties (for example, collections of values, arrays, tables, or classes), these properties are not returned, by default, in the IA-Connect PowerShell response. The inputs 'Properties to return as collection', 'Property names to serialize' and 'Property types to serialize' allow you to specify which 'complex' properties should be returned, and the method used to format the data (on a property-by-property basis, pick the one which works best). This input allows you to specify what should be done with any remaining properties (i.e. Properties which are 'complex' and not explicitly named). If set to true, IA-Connect will try to return a string representation of the data, using ToString(). If set to false (the default), IA-Connect will not return the property.
Return boolean as boolean	ReturnBooleanAsBoolean		boolean	Should Boolean properties be returned as a Booleans? If false, these are returned as strings.
Return numeric as decimal	ReturnNumericAsDecimal		boolean	Should Numeric properties be returned as a Numerics? If false, these are returned as strings.
Return date as date	ReturnDateAsDate		boolean	Should Date properties be returned as a Dates? If false, these are returned as strings.
Properties to return as collection	PropertiesToReturnAsCollectionJSON		string	If the PowerShell return data contains 'complex' properties (for example, collections of values, arrays, tables, or classes), these properties are not returned, by default, in the IA-Connect PowerShell response. This option allows you to specify which 'complex' properties (by name) IA-Connect should attempt to return as a collection. Depending on the property, its type and values, you should also consider using the alternative inputs 'Property names to serialize' and 'Property types to serialize' (pick one). This input can be entered in JSON or CSV format. For example: To return the EmailAddresses and MemberOf array properties, enter [{"PropertyName": "EmailAddresses"}, {"PropertyName": "MemberOf"}] (JSON table format), ["EmailAddresses", "MemberOf"] (JSON array format), or EmailAddresses,MemberOf (CSV format).
Run script as thread	RunScriptAsThread		boolean	If set to false (the default), the IA-Connect Agent will run the PowerShell script immediately and return the results to the Director when the script completes. If running a long or complex PowerShell script, this action may time out. If set to true, the IA-Connect Agent will run the PowerShell script as an Agent thread and the IA-Connect Director (or Orchestrator, PowerShell module, Blue Prism) can monitor the status of this Agent thread, waiting for it to complete. This allows long or complex PowerShell scripts to run without timeouts. IA-Connect Agents 9.3 and earlier cannot run PowerShell scripts as an Agent thread.
Retrieve output data for thread Id	RetrieveOutputDataFromThreadId		integer	If you previously ran a PowerShell script as an Agent thread and set 'Seconds to wait for thread' to 0, provide the Agent thread Id to retrieve the results. This Agent thread Id will have been provided by the earlier call to this action. Set to 0 (the default) if you are simply running a PowerShell script (and hence not retrieving the results of a previous PowerShell script run as an Agent thread).
Seconds to wait for thread	SecondsToWaitForThread		integer	If 'Run script as thread' is set to true, how many seconds to wait for the Agent thread to complete. If the Agent thread running the PowerShell script hasn't completed in this time, an exception will be raised. Set to 0 to bypass the wait: The Agent will continue to run the PowerShell script, but also be available for the next action. You can then retrieve the script results at a later time by using the action 'Wait for Agent thread to complete successfully' to wait for the Agent thread to complete and then re-run this 'Run PowerShell script' action with the input 'Retrieve output data for thread Id' set to the Agent thread Id.
Script contains stored password	ScriptContainsStoredPassword		boolean	Set to true if the script contains an IA-Connect stored password identifier, in the format {IAConnectPassword:StoredPasswordIdentifier} or an IA-Connect Orchestrator generic credential, in the format {OrchestratorCredential:FriendlyName}. The { } phrase will be replaced by the specified password, escaped and placed in single quotes (unless it is already in quotes in the script).
Log verbose output	LogVerboseOutput		boolean	Set to true to log any PowerShell verbose output into the IA-Connect logs. This could be useful for debugging. To log verbosely in your script, use the following PowerShell: Write-Verbose 'My message' -Verbose.
Property names to serialize	PropertyNamesToSerializeJSON		string	If the PowerShell return data contains 'complex' properties (for example, collections of values, arrays, tables, or classes), these properties are not returned, by default, in the IA-Connect PowerShell response. This option allows you to specify which 'complex' properties (by name) IA-Connect should serialize as JSON, so they are returned as a string type (which you can deserialize, once received). Depending on the property, its type and values, you should also consider using the alternative inputs 'Properties to return as collection' and 'Property types to serialize' (pick one). For example: To serialize the EmailAddresses and MemberOf properties, enter [{"PropertyName": "EmailAddresses"}, {"PropertyName": "MemberOf"}] (JSON table format), ["EmailAddresses", "MemberOf"] (JSON array format), or EmailAddresses,MemberOf (CSV format).
Property types to serialize	PropertyTypesToSerializeJSON		string	If the PowerShell return data contains 'complex' properties (for example, collections of values, arrays, tables, or classes), these properties are not returned, by default, in the IA-Connect PowerShell response. This option allows you to specify which 'complex' properties (by type) IA-Connect should serialize as JSON, so they are returned as a string type (which you can deserialize, once received). Depending on the property, its type and values, you should also consider using the alternative inputs 'Properties to return as collection' and 'Property names to serialize' (pick one). This input is a collection with a single 'PropertyType' field. For example: To serialize any property of type Microsoft.Graph.PowerShell.Models.IMicrosoftGraphServicePlanInfo[], enter [{"PropertyType": "Microsoft.Graph.PowerShell.Models.IMicrosoftGraphServicePlanInfo[]"}] (JSON table format), ["Microsoft.Graph.PowerShell.Models.IMicrosoftGraphServicePlanInfo[]"] (JSON array format), or 'Microsoft.Graph.PowerShell.Models.IMicrosoftGraphServicePlanInfo[] (CSV format).
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
PowerShell output JSON	PowerShellJSONOutput	string	The output of the PowerShell script, formatted as JSON.
Thread Id	ThreadId	integer	If the PowerShell script is being run as an Agent thread, this output will hold the Agent thread Id which can be used to monitor the PowerShell script execution and retrieve the PowerShell script results when the script has completed.

Run Exchange PowerShell script

Operation ID:: RunExchangePowerShellAutomationScript

Runs a PowerShell script in the Exchange runspace in the session where the IA-Connect Agent is running, where the script contents are passed to the IA-Connect Agent as part of the command. This is the recommended action for running your own custom Exchange PowerShell code. This action can also be used to retrieve the results from a previous execution of a PowerShell script, run as an Agent thread.

Parameters

Name	Key	Required	Type	Description
PowerShell script contents	PowerShellScriptContents		string	The contents of the PowerShell script to execute in the Exchange runspace. IA-Connect will execute this script as-is by passing directly to the PowerShell automation engine. No PowerShell script is actually created on-disk.
Is no result an error	IsNoResultAnError		boolean	If no data is returned by the PowerShell command, does this suggest an error?
Return complex types	ReturnComplexTypes		boolean	If the PowerShell return data contains 'complex' properties (for example, collections of values, arrays, tables, or classes), these properties are not returned, by default, in the IA-Connect PowerShell response. The inputs 'Properties to return as collection', 'Property names to serialize' and 'Property types to serialize' allow you to specify which 'complex' properties should be returned, and the method used to format the data (on a property-by-property basis, pick the one which works best). This input allows you to specify what should be done with any remaining properties (i.e. Properties which are 'complex' and not explicitly named). If set to true, IA-Connect will try to return a string representation of the data, using ToString(). If set to false (the default), IA-Connect will not return the property.
Return boolean as boolean	ReturnBooleanAsBoolean		boolean	Should Boolean properties be returned as a Booleans? If false, these are returned as strings.
Return numeric as decimal	ReturnNumericAsDecimal		boolean	Should Numeric properties be returned as a Numerics? If false, these are returned as strings.
Return date as date	ReturnDateAsDate		boolean	Should Date properties be returned as a Dates? If false, these are returned as strings.
Properties to return as collection	PropertiesToReturnAsCollectionJSON		string	If the PowerShell return data contains 'complex' properties (for example, collections of values, arrays, tables, or classes), these properties are not returned, by default, in the IA-Connect PowerShell response. This option allows you to specify which 'complex' properties (by name) IA-Connect should attempt to return as a collection. Depending on the property, its type and values, you should also consider using the alternative inputs 'Property names to serialize' and 'Property types to serialize' (pick one). This input can be entered in JSON or CSV format. For example: To return the EmailAddresses and MemberOf array properties, enter [{"PropertyName": "EmailAddresses"}, {"PropertyName": "MemberOf"}] (JSON table format), ["EmailAddresses", "MemberOf"] (JSON array format), or EmailAddresses,MemberOf (CSV format).
Run script as thread	RunScriptAsThread		boolean	If set to false (the default), the IA-Connect Agent will run the PowerShell script immediately and return the results to the Director when the script completes. If running a long or complex PowerShell script, this action may time out. If set to true, the IA-Connect Agent will run the PowerShell script as an Agent thread and the IA-Connect Director (or Orchestrator, PowerShell module, Blue Prism) can monitor the status of this Agent thread, waiting for it to complete. This allows long or complex PowerShell scripts to run without timeouts. IA-Connect Agents 9.3 and earlier cannot run PowerShell scripts as an Agent thread.
Retrieve output data for thread Id	RetrieveOutputDataFromThreadId		integer	If you previously ran a PowerShell script as an Agent thread and set 'Seconds to wait for thread' to 0, provide the Agent thread Id to retrieve the results. This Agent thread Id will have been provided by the earlier call to this action. Set to 0 (the default) if you are simply running a PowerShell script (and hence not retrieving the results of a previous PowerShell script run as an Agent thread).
Seconds to wait for thread	SecondsToWaitForThread		integer	If 'Run script as thread' is set to true, how many seconds to wait for the Agent thread to complete. If the Agent thread running the PowerShell script hasn't completed in this time, an exception will be raised. Set to 0 to bypass the wait: The Agent will continue to run the PowerShell script, but also be available for the next action. You can then retrieve the script results at a later time by using the action 'Wait for Agent thread to complete successfully' to wait for the Agent thread to complete and then re-run this 'Run PowerShell script' action with the input 'Retrieve output data for thread Id' set to the Agent thread Id.
Script contains stored password	ScriptContainsStoredPassword		boolean	Set to true if the script contains an IA-Connect stored password identifier, in the format {IAConnectPassword:StoredPasswordIdentifier} or an IA-Connect Orchestrator generic credential, in the format {OrchestratorCredential:FriendlyName}. The { } phrase will be replaced by the specified password, escaped and placed in single quotes (unless it is already in quotes in the script).
Log verbose output	LogVerboseOutput		boolean	Set to true to log any PowerShell verbose output into the IA-Connect logs. This could be useful for debugging. To log verbosely in your script, use the following PowerShell: Write-Verbose 'My message' -Verbose.
Property names to serialize	PropertyNamesToSerializeJSON		string	If the PowerShell return data contains 'complex' properties (for example, collections of values, arrays, tables, or classes), these properties are not returned, by default, in the IA-Connect PowerShell response. This option allows you to specify which 'complex' properties (by name) IA-Connect should serialize as JSON, so they are returned as a string type (which you can deserialize, once received). Depending on the property, its type and values, you should also consider using the alternative inputs 'Properties to return as collection' and 'Property types to serialize' (pick one). For example: To serialize the EmailAddresses and MemberOf properties, enter [{"PropertyName": "EmailAddresses"}, {"PropertyName": "MemberOf"}] (JSON table format), ["EmailAddresses", "MemberOf"] (JSON array format), or EmailAddresses,MemberOf (CSV format).
Property types to serialize	PropertyTypesToSerializeJSON		string	If the PowerShell return data contains 'complex' properties (for example, collections of values, arrays, tables, or classes), these properties are not returned, by default, in the IA-Connect PowerShell response. This option allows you to specify which 'complex' properties (by type) IA-Connect should serialize as JSON, so they are returned as a string type (which you can deserialize, once received). Depending on the property, its type and values, you should also consider using the alternative inputs 'Properties to return as collection' and 'Property names to serialize' (pick one). This input is a collection with a single 'PropertyType' field. For example: To serialize any property of type Microsoft.Graph.PowerShell.Models.IMicrosoftGraphServicePlanInfo[], enter [{"PropertyType": "Microsoft.Graph.PowerShell.Models.IMicrosoftGraphServicePlanInfo[]"}] (JSON table format), ["Microsoft.Graph.PowerShell.Models.IMicrosoftGraphServicePlanInfo[]"] (JSON array format), or 'Microsoft.Graph.PowerShell.Models.IMicrosoftGraphServicePlanInfo[] (CSV format).
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
PowerShell output JSON	PowerShellJSONOutput	string	The output of the PowerShell script, formatted as JSON.
Thread Id	ThreadId	integer	If the PowerShell script is being run as an Agent thread, this output will hold the Agent thread Id which can be used to monitor the PowerShell script execution and retrieve the PowerShell script results when the script has completed.

Run Office 365 PowerShell script

Operation ID:: RunO365PowerShellAutomationScript

Runs a PowerShell script in the Office 365 runspace in the session where the IA-Connect Agent is running, where the script contents are passed to the IA-Connect Agent as part of the command. This is the recommended action for running your own custom Office 365 Exchange Online PowerShell code. This action can also be used to retrieve the results from a previous execution of a PowerShell script, run as an Agent thread.

Parameters

Name	Key	Required	Type	Description
PowerShell script contents	PowerShellScriptContents		string	The contents of the PowerShell script to execute in the Office 365 runspace. IA-Connect will execute this script as-is by passing directly to the PowerShell automation engine. No PowerShell script is actually created on-disk.
Is no result an error	IsNoResultAnError		boolean	If no data is returned by the PowerShell command, does this suggest an error?
Return complex types	ReturnComplexTypes		boolean	If the PowerShell return data contains 'complex' properties (for example, collections of values, arrays, tables, or classes), these properties are not returned, by default, in the IA-Connect PowerShell response. The inputs 'Properties to return as collection', 'Property names to serialize' and 'Property types to serialize' allow you to specify which 'complex' properties should be returned, and the method used to format the data (on a property-by-property basis, pick the one which works best). This input allows you to specify what should be done with any remaining properties (i.e. Properties which are 'complex' and not explicitly named). If set to true, IA-Connect will try to return a string representation of the data, using ToString(). If set to false (the default), IA-Connect will not return the property.
Return boolean as boolean	ReturnBooleanAsBoolean		boolean	Should Boolean properties be returned as a Booleans? If false, these are returned as strings.
Return numeric as decimal	ReturnNumericAsDecimal		boolean	Should Numeric properties be returned as a Numerics? If false, these are returned as strings.
Return date as date	ReturnDateAsDate		boolean	Should Date properties be returned as a Dates? If false, these are returned as strings.
Properties to return as collection	PropertiesToReturnAsCollectionJSON		string	If the PowerShell return data contains 'complex' properties (for example, collections of values, arrays, tables, or classes), these properties are not returned, by default, in the IA-Connect PowerShell response. This option allows you to specify which 'complex' properties (by name) IA-Connect should attempt to return as a collection. Depending on the property, its type and values, you should also consider using the alternative inputs 'Property names to serialize' and 'Property types to serialize' (pick one). This input can be entered in JSON or CSV format. For example: To return the EmailAddresses and MemberOf array properties, enter [{"PropertyName": "EmailAddresses"}, {"PropertyName": "MemberOf"}] (JSON table format), ["EmailAddresses", "MemberOf"] (JSON array format), or EmailAddresses,MemberOf (CSV format).
PowerShell local scope	LocalScope		boolean	Should the underlying Office 365 PowerShell command be run in the local scope. By default this is not set and hence PowerShell falls back to defaults.
Run script as thread	RunScriptAsThread		boolean	If set to false (the default), the IA-Connect Agent will run the PowerShell script immediately and return the results to the Director when the script completes. If running a long or complex PowerShell script, this action may time out. If set to true, the IA-Connect Agent will run the PowerShell script as an Agent thread and the IA-Connect Director (or Orchestrator, PowerShell module, Blue Prism) can monitor the status of this Agent thread, waiting for it to complete. This allows long or complex PowerShell scripts to run without timeouts. IA-Connect Agents 9.3 and earlier cannot run PowerShell scripts as an Agent thread.
Retrieve output data for thread Id	RetrieveOutputDataFromThreadId		integer	If you previously ran a PowerShell script as an Agent thread and set 'Seconds to wait for thread' to 0, provide the Agent thread Id to retrieve the results. This Agent thread Id will have been provided by the earlier call to this action. Set to 0 (the default) if you are simply running a PowerShell script (and hence not retrieving the results of a previous PowerShell script run as an Agent thread).
Seconds to wait for thread	SecondsToWaitForThread		integer	If 'Run script as thread' is set to true, how many seconds to wait for the Agent thread to complete. If the Agent thread running the PowerShell script hasn't completed in this time, an exception will be raised. Set to 0 to bypass the wait: The Agent will continue to run the PowerShell script, but also be available for the next action. You can then retrieve the script results at a later time by using the action 'Wait for Agent thread to complete successfully' to wait for the Agent thread to complete and then re-run this 'Run PowerShell script' action with the input 'Retrieve output data for thread Id' set to the Agent thread Id.
Script contains stored password	ScriptContainsStoredPassword		boolean	Set to true if the script contains an IA-Connect stored password identifier, in the format {IAConnectPassword:StoredPasswordIdentifier} or an IA-Connect Orchestrator generic credential, in the format {OrchestratorCredential:FriendlyName}. The { } phrase will be replaced by the specified password, escaped and placed in single quotes (unless it is already in quotes in the script).
Log verbose output	LogVerboseOutput		boolean	Set to true to log any PowerShell verbose output into the IA-Connect logs. This could be useful for debugging. To log verbosely in your script, use the following PowerShell: Write-Verbose 'My message' -Verbose.
Property names to serialize	PropertyNamesToSerializeJSON		string	If the PowerShell return data contains 'complex' properties (for example, collections of values, arrays, tables, or classes), these properties are not returned, by default, in the IA-Connect PowerShell response. This option allows you to specify which 'complex' properties (by name) IA-Connect should serialize as JSON, so they are returned as a string type (which you can deserialize, once received). Depending on the property, its type and values, you should also consider using the alternative inputs 'Properties to return as collection' and 'Property types to serialize' (pick one). For example: To serialize the EmailAddresses and MemberOf properties, enter [{"PropertyName": "EmailAddresses"}, {"PropertyName": "MemberOf"}] (JSON table format), ["EmailAddresses", "MemberOf"] (JSON array format), or EmailAddresses,MemberOf (CSV format).
Property types to serialize	PropertyTypesToSerializeJSON		string	If the PowerShell return data contains 'complex' properties (for example, collections of values, arrays, tables, or classes), these properties are not returned, by default, in the IA-Connect PowerShell response. This option allows you to specify which 'complex' properties (by type) IA-Connect should serialize as JSON, so they are returned as a string type (which you can deserialize, once received). Depending on the property, its type and values, you should also consider using the alternative inputs 'Properties to return as collection' and 'Property names to serialize' (pick one). This input is a collection with a single 'PropertyType' field. For example: To serialize any property of type Microsoft.Graph.PowerShell.Models.IMicrosoftGraphServicePlanInfo[], enter [{"PropertyType": "Microsoft.Graph.PowerShell.Models.IMicrosoftGraphServicePlanInfo[]"}] (JSON table format), ["Microsoft.Graph.PowerShell.Models.IMicrosoftGraphServicePlanInfo[]"] (JSON array format), or 'Microsoft.Graph.PowerShell.Models.IMicrosoftGraphServicePlanInfo[] (CSV format).
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
PowerShell output JSON	PowerShellJSONOutput	string	The output of the PowerShell script, formatted as JSON.
Thread Id	ThreadId	integer	If the PowerShell script is being run as an Agent thread, this output will hold the Agent thread Id which can be used to monitor the PowerShell script execution and retrieve the PowerShell script results when the script has completed.

Set Active Directory server

Operation ID:: ActiveDirectorySetADServer

Sets a specific Active Directory server to use for all further Active Directory actions.

Parameters

Name	Key	Required	Type	Description
Predefined AD server choice	PredefinedADServerChoice		string	User PDC: The PDC emulator for the domain the currently logged in user belongs to will be used. Computer PDC: The PDC emulator for the domain the computer (on which the IA-Connect session is running on) belongs to will be used. Manual: Enter the Active Directory Domain Controller (DC) in the 'AD server' field. If this field is blank and the 'AD server' field has a value, that value will be used.
AD server	ADServer		string	This field is only used if the 'Predefined AD server choice' is set to 'Manual' (or blank). The name or Fully Qualified Domain Name (FQDN) of an Active Directory Domain Controller (DC) to contact for all further Active Directory actions. If left blank, the Active Directory Domain Controller (DC) is automatically determined using site settings.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	ActiveDirectorySetADServerResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Set Active Directory user account expiration end of date

Operation ID:: ActiveDirectorySetADUserAccountExpirationEndOfDate

Sets the account expiration end of date for an Active Directory user account. This is the last full day in which the account is usable, so technically the account expires at the start of the next day. The IA-Connect Agent is aware of this and automatically adds 1 day to the provided input date when storing the date in Active Directory.

Parameters

Name	Key	Required	Type	Description
User identity	UserIdentity	True	string	The identity of the Active Directory user. You can specify a user by Distinguished Name (e.g. CN=User1,OU=My Users,DC=mydomain,DC=local), GUID, SID, SAMAccountName / pre-2K name (e.g. 'User1') or Name (e.g. 'User1').
Year	Year	True	integer	The year the account should expire. For example: 2023.
Month	Month	True	integer	The number of the month the account should expire. January = 1, December = 12. For example: 6.
Day	Day	True	integer	The number of the day the account should expire. First day of the month = 1. For example: 19.
AD server	ADServer		string	The optional name or Fully Qualified Domain Name (FQDN) of an Active Directory Domain Controller (DC) to contact to perform the requested action. If left blank, the Active Directory Domain Controller (DC) is automatically determined using site settings.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	ActiveDirectorySetADUserAccountExpirationEndOfDateResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Set Active Directory user protected from accidental deletion

Operation ID:: ActiveDirectorySetADUserProtectedFromAccidentalDeletionByIdentity

Sets an Active Directory account to be protected (or not protected) from accidental deletion. If you protect an account from accidental deletion, you cannot delete that account until you remove the protection.

Parameters

Name	Key	Required	Type	Description
User identity	UserIdentity	True	string	The identity of the Active Directory user. You can specify a user by Distinguished Name (e.g. CN=User1,OU=My Users,DC=mydomain,DC=local), GUID, SID, SAMAccountName / pre-2K name (e.g. 'User1') or Name (e.g. 'User1').
Protected from accidental deletion	ProtectedFromAccidentalDeletion	True	boolean	Set to true to protect a user from accidental deletion. Set to false to remove protection from accidental deletion.
AD server	ADServer		string	The optional name or Fully Qualified Domain Name (FQDN) of an Active Directory Domain Controller (DC) to contact to perform the requested action. If left blank, the Active Directory Domain Controller (DC) is automatically determined using site settings.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	ActiveDirectorySetADUserProtectedFromAccidentalDeletionByIdentityResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Set automatic replies (Out of Office) for a Microsoft Exchange mailbox

Operation ID:: ExchangeSetMailboxAutoReplyConfiguration

Set automatic replies (Out of Office) for a Microsoft Exchange mailbox. This action won't work for remote mailbox in Microsoft Exchange Online or Office 365: Use the action 'Set automatic replies (Out of Office) for an Office 365 mailbox' instead.

Parameters

Name	Key	Required	Type	Description
Mailbox identity	Identity	True	string	The identity of the Microsoft Exchange mailbox. You can specify a mailbox by Name, Alias, Distinguished Name (e.g. CN=User1,OU=My Users,DC=mydomain,DC=local), DOMAIN\username, Email address, GUID, SAMAccountName or User Principal Name (UPN).
Automatic reply state	AutoReplyState	True	string	Allows you to enable or disable automatic replies.
Internal message	InternalMessage		string	The automatic reply (Out of Office) message to send to internal senders. Set to blank to remove the message.
External audience	ExternalAudience		string	Allows you to specify whether automatic replies are sent to external audiences. By default, replies are sent to all external senders.
External message	ExternalMessage		string	The automatic reply (Out of Office) message to send to external senders, if the external audience was set to 'All' or 'Known'. Set to blank to remove the message.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	ExchangeSetMailboxAutoReplyConfigurationResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Set automatic replies (Out of Office) for an Office 365 mailbox

Operation ID:: O365SetO365MailboxAutoReplyConfiguration

Set automatic replies (Out of Office) for a Microsoft Exchange Online or Office 365 mailbox.

Parameters

Name	Key	Required	Type	Description
Mailbox identity	Identity	True	string	The Id of a Microsoft Exchange Online or Office 365 mailbox. You can specify a mailbox by Name, Alias, Object Id (e.g. UUID/GUID value), Email address, GUID, SAMAccountName (even users in non Active Directory connected environments have a SAMAccountName) or User Principal Name (UPN).
Automatic reply state	AutoReplyState	True	string	Allows you to enable or disable automatic replies.
Internal message	InternalMessage		string	The automatic reply (Out of Office) message to send to internal senders. Set to blank to remove the message.
External audience	ExternalAudience		string	Allows you to specify whether automatic replies are sent to external audiences. By default, replies are sent to all external senders.
External message	ExternalMessage		string	The automatic reply (Out of Office) message to send to external senders, if the external audience was set to 'All' or 'Known'. Set to blank to remove the message.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	O365SetO365MailboxAutoReplyConfigurationResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Set Azure AD user's manager

Operation ID:: AzureADv2SetAzureADUserManager

Set an Azure Active Directory user's manager. This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.

Parameters

Name	Key	Required	Type	Description
User object Id or UPN	ObjectId	True	string	The Id of an Azure Active Directory user. You can specify a user by UPN (e.g. user@mydomain.onmicrosoft.com) or ObjectId (e.g. UUID/GUID value).
Manager	Manager		string	To add a manager, specify the user's manager Object Id (e.g. UUID/GUID value) or UPN (e.g. myboss@mydomain.com). To remove the user's manager, set this field to blank.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	AzureADv2SetAzureADUserManagerResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Set Azure AD user license

Operation ID:: AzureADv2SetAzureADUserLicense

Adds or removes an Azure AD user license (SKU). This action uses Azure AD v2 or Microsoft Graph Users PowerShell modules, whichever was used to connect to Azure.

Parameters

Name	Key	Required	Type	Description
User object Id or UPN	ObjectId	True	string	The Id of an Azure Active Directory user. You can specify a user by UPN (e.g. user@mydomain.onmicrosoft.com) or ObjectId (e.g. UUID/GUID value).
License to add	LicenseToAdd		string	A single Azure AD license SKU to add. This can be entered as a SKU Id (a GUID) or a SKU part number (a word). For example: TEAMS_EXPLORATORY. If you wish to enable multiple licenses, call this action once per license.
License plans to add	LicensePlansChoice		string	Some licenses have plans: If you wish to enable all plans (or don't know), choose 'All'. If you wish to only enable certain named plans, choose 'Opt-in' and enter the plans to enable in the 'License plans CSV' field. If you wish to enable all plans except those you specify, choose 'Opt-out' and enter the plans to disable in the 'License plans CSV' field.
License plans	LicensePlansCSV		string	A comma separated list (CSV) of the license plans (a component of the license) to enable or disable. If you leave this field blank, all license plans will be enabled. This can be entered as a SKU Id (a GUID) or a SKU part number (a word). For example: YAMMER_ENTERPRISE,SHAREPOINTSTANDARD.
Licenses to remove	LicensesToRemoveCSV		string	A comma separated list of Azure AD license SKUs to remove. This can be entered as a comma separated list of SKU Id (a GUID) or SKU part number (a word). For example: TEAMS_EXPLORATORY,FLOW_FREE.
Usage location	UsageLocation		string	A two letter country code (ISO 3166). Required for users that will be assigned licenses due to a legal requirement. For example: US (United States), JP (Japan), GB (United Kingdom), FR (France), IN (India). See https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes. If you don't set this value, the user must already have their usage location set or the license will fail to apply.
PowerShell local scope	LocalScope		boolean	Should the underlying Azure AD v2 PowerShell command be run in the local scope. By default this is not set and hence PowerShell falls back to defaults.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	AzureADv2SetAzureADUserLicenseResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Set Exchange mailbox send on behalf of

Operation ID:: ExchangeSetMailboxSendOnBehalfOfPermission

Specify who can send on behalf of this existing mailbox.

Parameters

Name	Key	Required	Type	Description
Mailbox identity	Identity	True	string	The identity of the Microsoft Exchange mailbox. You can specify a mailbox by Name, Alias, Distinguished Name (e.g. CN=User1,OU=My Users,DC=mydomain,DC=local), DOMAIN\username, Email address, GUID, SAMAccountName or User Principal Name (UPN).
Grant send on behalf to	GrantSendOnBehalfTo	True	string	The identify of a user, group or mailbox that can send emails on behalf of this mailbox. You can specify a user by Name, Alias, Distinguished Name (e.g. CN=User1,OU=My Users,DC=mydomain,DC=local), DOMAIN\username, Email address, GUID, SAMAccountName or User Principal Name (UPN).
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	ExchangeSetMailboxSendOnBehalfOfPermissionResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Set Exchange to view entire Active Directory forest

Operation ID:: ExchangeSetADServerToViewEntireForest

Specify whether the entire Active Directory forest (including sub-domains) is searched / viewed when performing Exchange actions. You may need to use this action if you have multiple linked domains.

Parameters

Name	Key	Required	Type	Description
View entire forest	ViewEntireForest	True	boolean	Set to true if you want to search the entire Active Directory forest, false if you only want to search the current Active Directory domain.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	ExchangeSetADServerToViewEntireForestResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Set the properties on a Microsoft Exchange mailbox

Operation ID:: ExchangeSetMailbox

Set the properties of an existing Microsoft Exchange mailbox.

Parameters

Name	Key	Required	Type	Description
Mailbox identity	Identity	True	string	The identity of the Microsoft Exchange mailbox. You can specify a mailbox by Name, Alias, Distinguished Name (e.g. CN=User1,OU=My Users,DC=mydomain,DC=local), DOMAIN\username, Email address, GUID, SAMAccountName or User Principal Name (UPN).
Account disabled	AccountDisabled		boolean	Set to true if you want to disable the account, false if you want to enable the account or don't specify a value to leave the current setting untouched.
Alias	Alias		string	The Exchange alias (also known as mail nickname) for the user. If the email address policy is enabled, this will be used to generate the name component of the Primary SMTP email address (e.g. alias@mydomain.com). If the email address policy is not enabled, you may wish to set the primary SMTP address instead. Leave blank if you don't want to change the current value.
Display name	DisplayName		string	The display name of the mailbox. This is visible in address lists.
Primary SMTP address	PrimarySmtpAddress		string	The primary return email address that is used for the recipient. You are unlikely to be able to set this if the 'Email address policy' is enabled so either use 'Alias' instead (and the policy will create the Primary SMTP address from the alias) or disable the email address policy. Leave blank if you don't want to change the current value.
Hidden from address lists	HiddenFromAddressListsEnabled		boolean	Set to true to hide the mailbox from address lists, false to show the mailbox in address lists or don't specify a value to leave the current setting untouched.
Custom attribute 1	CustomAttribute1		string	A value for the custom attribute field. Leave blank if you don't want to specify a value. If you want to set the value to blank (i.e. it already has a value and you want to reset it), use the 'Reset' action.
Custom attribute 2	CustomAttribute2		string	A value for the custom attribute field. Leave blank if you don't want to specify a value. If you want to set the value to blank (i.e. it already has a value and you want to reset it), use the 'Reset' action.
Custom attribute 3	CustomAttribute3		string	A value for the custom attribute field. Leave blank if you don't want to specify a value. If you want to set the value to blank (i.e. it already has a value and you want to reset it), use the 'Reset' action.
Custom attribute 4	CustomAttribute4		string	A value for the custom attribute field. Leave blank if you don't want to specify a value. If you want to set the value to blank (i.e. it already has a value and you want to reset it), use the 'Reset' action.
Custom attribute 5	CustomAttribute5		string	A value for the custom attribute field. Leave blank if you don't want to specify a value. If you want to set the value to blank (i.e. it already has a value and you want to reset it), use the 'Reset' action.
Custom attribute 6	CustomAttribute6		string	A value for the custom attribute field. Leave blank if you don't want to specify a value. If you want to set the value to blank (i.e. it already has a value and you want to reset it), use the 'Reset' action.
Custom attribute 7	CustomAttribute7		string	A value for the custom attribute field. Leave blank if you don't want to specify a value. If you want to set the value to blank (i.e. it already has a value and you want to reset it), use the 'Reset' action.
Custom attribute 8	CustomAttribute8		string	A value for the custom attribute field. Leave blank if you don't want to specify a value. If you want to set the value to blank (i.e. it already has a value and you want to reset it), use the 'Reset' action.
Custom attribute 9	CustomAttribute9		string	A value for the custom attribute field. Leave blank if you don't want to specify a value. If you want to set the value to blank (i.e. it already has a value and you want to reset it), use the 'Reset' action.
Custom attribute 10	CustomAttribute10		string	A value for the custom attribute field. Leave blank if you don't want to specify a value. If you want to set the value to blank (i.e. it already has a value and you want to reset it), use the 'Reset' action.
Custom attribute 11	CustomAttribute11		string	A value for the custom attribute field. Leave blank if you don't want to specify a value. If you want to set the value to blank (i.e. it already has a value and you want to reset it), use the 'Reset' action.
Custom attribute 12	CustomAttribute12		string	A value for the custom attribute field. Leave blank if you don't want to specify a value. If you want to set the value to blank (i.e. it already has a value and you want to reset it), use the 'Reset' action.
Custom attribute 13	CustomAttribute13		string	A value for the custom attribute field. Leave blank if you don't want to specify a value. If you want to set the value to blank (i.e. it already has a value and you want to reset it), use the 'Reset' action.
Custom attribute 14	CustomAttribute14		string	A value for the custom attribute field. Leave blank if you don't want to specify a value. If you want to set the value to blank (i.e. it already has a value and you want to reset it), use the 'Reset' action.
Custom attribute 15	CustomAttribute15		string	A value for the custom attribute field. Leave blank if you don't want to specify a value. If you want to set the value to blank (i.e. it already has a value and you want to reset it), use the 'Reset' action.
Email address policy enabled	EmailAddressPolicyEnabled		boolean	Set to true if you want to automatically update email addresses based on the email address policy applied to this recipient. If the email address policy is enabled, this generally will impact your ability to set the primary SMTP address. Set to false to disable the feature, giving you full control to manually setting email addresses. Leave blank if you don't want to set this option (i.e. leave at the existing or default value).
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	ExchangeSetMailboxResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Set the properties on a Microsoft Exchange Online mailbox

Operation ID:: ExchangeSetRemoteMailbox

Set the properties of an existing Microsoft Exchange Online or Office 365 (remote) mailbox. The request is sent via your on-premises Microsoft Exchange server which must be setup for a hybrid deployment.

Parameters

Name	Key	Required	Type	Description
Mailbox identity	Identity	True	string	The identity of the Microsoft Exchange Online or Office 365 (remote) mailbox. You can specify a Microsoft Exchange Online or Office 365 (remote) mailbox by Active Directory object Id, Alias, Distinguished Name (e.g. CN=User1,OU=My Users,DC=mydomain,DC=local), DOMAIN\username, Email address, GUID or User Principal Name (UPN).
Alias	Alias		string	The Exchange alias (also known as mail nickname) for the user. If the email address policy is enabled, this will be used to generate the name component of the Primary SMTP email address (e.g. alias@mydomain.com). If the email address policy is not enabled, you may wish to set the primary SMTP address instead. Leave blank if you don't want to change the current value.
Display name	DisplayName		string	The display name of the mailbox. This is visible in address lists. Leave blank if you don't want to change the current value.
Primary SMTP address	PrimarySmtpAddress		string	The primary return email address that is used for the recipient. You are unlikely to be able to set this if the 'Email address policy' is enabled so either use 'Alias' instead (and the policy will create the Primary SMTP address from the alias) or disable the email address policy. Leave blank if you don't want to change the current value.
Mailbox type	Type		string	The type of mailbox. Leave blank if you don't want to change the current value.
Hidden from address lists	HiddenFromAddressListsEnabled		boolean	Set to true to hide the mailbox from address lists, false to show the mailbox in address lists or don't specify a value to leave the current setting untouched.
Custom attribute 1	CustomAttribute1		string	A value for the custom attribute field. Leave blank if you don't want to specify a value. If you want to set the value to blank (i.e. it already has a value and you want to reset it), use the 'Reset' action.
Custom attribute 2	CustomAttribute2		string	A value for the custom attribute field. Leave blank if you don't want to specify a value. If you want to set the value to blank (i.e. it already has a value and you want to reset it), use the 'Reset' action.
Custom attribute 3	CustomAttribute3		string	A value for the custom attribute field. Leave blank if you don't want to specify a value. If you want to set the value to blank (i.e. it already has a value and you want to reset it), use the 'Reset' action.
Custom attribute 4	CustomAttribute4		string	A value for the custom attribute field. Leave blank if you don't want to specify a value. If you want to set the value to blank (i.e. it already has a value and you want to reset it), use the 'Reset' action.
Custom attribute 5	CustomAttribute5		string	A value for the custom attribute field. Leave blank if you don't want to specify a value. If you want to set the value to blank (i.e. it already has a value and you want to reset it), use the 'Reset' action.
Custom attribute 6	CustomAttribute6		string	A value for the custom attribute field. Leave blank if you don't want to specify a value. If you want to set the value to blank (i.e. it already has a value and you want to reset it), use the 'Reset' action.
Custom attribute 7	CustomAttribute7		string	A value for the custom attribute field. Leave blank if you don't want to specify a value. If you want to set the value to blank (i.e. it already has a value and you want to reset it), use the 'Reset' action.
Custom attribute 8	CustomAttribute8		string	A value for the custom attribute field. Leave blank if you don't want to specify a value. If you want to set the value to blank (i.e. it already has a value and you want to reset it), use the 'Reset' action.
Custom attribute 9	CustomAttribute9		string	A value for the custom attribute field. Leave blank if you don't want to specify a value. If you want to set the value to blank (i.e. it already has a value and you want to reset it), use the 'Reset' action.
Custom attribute 10	CustomAttribute10		string	A value for the custom attribute field. Leave blank if you don't want to specify a value. If you want to set the value to blank (i.e. it already has a value and you want to reset it), use the 'Reset' action.
Custom attribute 11	CustomAttribute11		string	A value for the custom attribute field. Leave blank if you don't want to specify a value. If you want to set the value to blank (i.e. it already has a value and you want to reset it), use the 'Reset' action.
Custom attribute 12	CustomAttribute12		string	A value for the custom attribute field. Leave blank if you don't want to specify a value. If you want to set the value to blank (i.e. it already has a value and you want to reset it), use the 'Reset' action.
Custom attribute 13	CustomAttribute13		string	A value for the custom attribute field. Leave blank if you don't want to specify a value. If you want to set the value to blank (i.e. it already has a value and you want to reset it), use the 'Reset' action.
Custom attribute 14	CustomAttribute14		string	A value for the custom attribute field. Leave blank if you don't want to specify a value. If you want to set the value to blank (i.e. it already has a value and you want to reset it), use the 'Reset' action.
Custom attribute 15	CustomAttribute15		string	A value for the custom attribute field. Leave blank if you don't want to specify a value. If you want to set the value to blank (i.e. it already has a value and you want to reset it), use the 'Reset' action.
Email address policy enabled	EmailAddressPolicyEnabled		boolean	Set to true if you want to automatically update email addresses based on the email address policy applied to this recipient. If the email address policy is enabled, this generally will impact your ability to set the primary SMTP address. Set to false to disable the feature, giving you full control to manually setting email addresses. Leave blank if you don't want to set this option (i.e. leave at the existing or default value).
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	ExchangeSetRemoteMailboxResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Set the properties on a Office 365 mailbox

Operation ID:: O365SetO365Mailbox

Set the properties on a Microsoft Exchange Online or Office 365 mailbox.

Parameters

Name	Key	Required	Type	Description
Mailbox identity	Identity	True	string	The Id of a Microsoft Exchange Online or Office 365 mailbox. You can specify a mailbox by Name, Alias, Object Id (e.g. UUID/GUID value), Email address, GUID, SAMAccountName (even users in non Active Directory connected environments have a SAMAccountName) or User Principal Name (UPN).
Account disabled	AccountDisabled		boolean	Set to true if you want to disable the account, false if you want to enable the account or don't specify a value to leave the current setting untouched.
Alias	Alias		string	The Exchange alias (also known as mail nickname) for the user.
Display name	DisplayName		string	The display name of the mailbox. This is visible in address lists.
Hidden from address lists	HiddenFromAddressListsEnabled		boolean	Set to true to hide the mailbox from address lists, false to show the mailbox in address lists or don't specify a value to leave the current setting untouched.
Custom attribute 1	CustomAttribute1		string	A value for the custom attribute 1 field.
Custom attribute 2	CustomAttribute2		string	A value for the custom attribute 2 field.
Custom attribute 3	CustomAttribute3		string	A value for the custom attribute 3 field.
Custom attribute 4	CustomAttribute4		string	A value for the custom attribute 4 field.
Mailbox type	Type		string	The type of mailbox. Leave blank if you don't want to change the current value.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	O365SetO365MailboxResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Unlock Active Directory account

Operation ID:: ActiveDirectoryUnlockADAccountByIdentity

Unlock an Active Directory account. If the account is not locked, this command does nothing.

Parameters

Name	Key	Required	Type	Description
User identity	UserIdentity	True	string	The identity of the Active Directory user. You can specify a user by Distinguished Name (e.g. CN=User1,OU=My Users,DC=mydomain,DC=local), GUID, SID, SAMAccountName / pre-2K name (e.g. 'User1') or Name (e.g. 'User1').
AD server	ADServer		string	The optional name or Fully Qualified Domain Name (FQDN) of an Active Directory Domain Controller (DC) to contact to perform the requested action. If left blank, the Active Directory Domain Controller (DC) is automatically determined using site settings.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Command result	ActiveDirectoryUnlockADAccountByIdentityResult	boolean	The result of the command (success or failure).
Error message	ErrorMessage	string	If the command was not successful, this will contain the error message that was returned.

Wait for a Office 365 mailbox

Operation ID:: O365WaitForO365Mailbox

Wait for a specified Microsoft Exchange Online or Office 365 mailbox to exist. This is common if you are waiting for an AD sync or license setting to take effect. If the mailbox already existed, the action will immediately return successful.

Parameters

Name	Key	Required	Type	Description
Mailbox identity	Identity	True	string	The Id of a Microsoft Exchange Online or Office 365 mailbox. You can specify a mailbox by Name, Alias, Object Id (e.g. UUID/GUID value), Email address, GUID, SAMAccountName (even users in non Active Directory connected environments have a SAMAccountName) or User Principal Name (UPN).
Recipient type details	RecipientTypeDetails		string	The type of mailbox to search for. If this field is left blank, all types of mailbox will be included in the search.
Number of times to check	NumberOfTimesToCheck	True	integer	The number of times to check for the mailbox to exist. Each check is separated by a configurable amount of time.
Seconds between tries	SecondsBetweenTries	True	integer	How many seconds to wait between each check.
Workflow	Workflow	True	string	Add the following expression here: workflow()

Returns

Name	Path	Type	Description
Search results JSON	PowerShellJSONOutput	string	The properties of the located mailbox if it already existed or existed after waiting, in JSON format.
Count of mailboxes found	CountOfMailboxesFound	integer	The number of mailboxes found which match the search identity. 1 would represent a successful wait (or the mailbox already existed). 0 would represent the mailbox not existing, even after waiting.

Share via

IA-Connect JML

Prerequisites

Available IA-Connect Connectors

How to get credentials

Get started with your connector

Support

Known issues, common errors and FAQs

Creating a connection

Default

Throttling Limits

Actions

Add Active Directory group

Parameters

Returns

Add Active Directory group member

Parameters

Returns

Add Active Directory object to multiple groups

Parameters

Returns

Add Active Directory OU

Parameters

Returns

Add Active Directory user

Parameters

Returns

Add Azure AD user

Parameters

Returns

Add Azure AD user to group

Parameters

Returns

Add Azure AD user to multiple groups

Parameters

Returns

Add Microsoft Exchange mailbox permission

Parameters

Returns

Add Microsoft Exchange mailbox permission to user

Parameters

Returns

Add Microsoft Exchange member to distribution group

Parameters

Returns

Add multiple Active Directory group members

Parameters

Returns

Add Office 365 mailbox permission to user

Parameters

Returns

Add Office 365 member to distribution group

Parameters

Returns

Assign Azure AD user to admin role

Parameters

Returns

Assign Azure AD user to multiple admin roles

Parameters

Returns

Check Active Directory OU exists

Parameters

Returns

Clear Active Directory user account expiration

Parameters

Returns

Clone Active Directory user group membership

Parameters

Returns

Clone Active Directory user properties

Parameters

Returns

Connect to Active Directory with credentials

Parameters

Returns

Connect to Azure AD with certificate

Parameters

Returns

Connect to Azure AD with credentials

Parameters