How to Copy user and create in different Domain with workflow[ or policy.

Our ARS manages both Dev and Prod. We get requests for users to be created in Dev domain which has to have the same FirstName,LastName,SamAccountName and a few other attributes as PROD. How would I create a process for Admins to search the Prod user name in the ARS Website, select it and have a form button that they can click "Create in DEV". Workflow triggered of a attribute change or Policy..? Any ideas to approach would be appreciated especially if you have done similar. 

  • I implemented something like this...

    The way it works is that you create a custom user properties page that contains the properties of the original user you want the destination user to have.  You link this page with a custom user-associated command.  The command becomes available when they check the box beside the user in the listview.  They just use the regular Search to find the user in the first place

    On the custom properties page, I added one extra virtual attribute for the destination domain name which I populate  using a dropdown from a provisioning policy.

    When the user hits "Save", the destination domain gets written to the originating user object and this is what I used to trigger a change workflow  which contains a script activity to create the user based on the properties I received from the Save operation - the script knows where to create the user because you chose the destination domain on the custom properties page.

    This solution requires very little code in the script activity - really just enough to obtain the attributes from the custom properties page in the $Request object and another command to create the user - i.e. New-QADUser.

  • I have also done this but instead of a script i used the workflows to create the user in the destination domain. Did this with no scripting. 

    I actually had them create /modify and deprovision the associated users in other domains simply by using the workflows

  • Yup good point - I always forget that there's that Create Object activity!

  • I would recommend ARSync Service. 

    1. Create new Prod\user with Virtual Attribute VA_DEV_WORKFLOW = "NEW_USER"

    2. ARSync Service runs jobs and syncs/create/updates DEV\users from PROD\users IF PROD\user.VA_DEV_WORKFLOW -eq NEW_USER".

  • I ended up doing with work flows. Thank you for your help.