Enable HR to Create a new User Account in Active Directory with Nintex Workflow 2010

A common business process scenario for onboarding a new employee within a company is for Human Resources to notify the IT department of the new employee joining the organization, and then for the IT department to create the Active Directory (AD) account and either notify HR, or wait to provide the information to the new employees themselves. This type of business process might look like the following:

However, given the option, most businesses would like to see this process streamlined to enable HR to create the Active Directory account themselves, in an easy, pre-defined manner. The streamlined business process could look like the following:

This can be accomplished without any custom development using Nintex Workflow and Microsoft SharePoint.

Using Nintex Workflow to Enable HR to Create AD Accounts

Using a simple SharePoint list, and a couple of the provided Nintex Workflow actions, you could create a simple form for HR that looks like this that enables HR to create Active Directory accounts for new employees:

Using just these simple pieces of information about the new employee, the "Create AD User" Nintex Workflow action can be configured to do the following:

• Create the Active Directory account
• Assign the account name (SAMAccountName)
• Assign the first name and last name
• Assign the manager
• If provided, assign the work phone #
• Create a generated password
• Force the employee to change their password at the first logon

Many other pieces of information could be easily assigned as well with a few changes to the form and the workflow. The basic configuration screen for the "Create AD User" action essentially looks like the following:

Each of these properties could be preconfigured or populated by fields on the initiating form.

Additional Low-Hanging Fruit to Enhance the Business Process

Additional enhancements that could easily be made using out-of-the-box Nintex Workflow actions include enabling the workflow to:

• Create the new user account "Like" another account (using another employee as a model for assignments)
• Assign the user account as a member of Security Groups
• Creating an Exchange mailbox to provision e-mail for the new employee
• Notify IT and the hiring manager
• Enable Lync / Office Communicator for the employee
• Assign the user account to specific AD Organization Units (OUs) based on Department
• And of course, extend the workflow to include more of the onboarding process