1 Reply Latest reply on Feb 19, 2019 3:47 AM by 8paul

    [Tool]ARM Template Generator

    8paul

      Hi Everyone,

       

      In the following paragraphs I´m going to do a step-by-step tutorial to creating your own User-Templates with this new generator tool. You can find the Download-Link at the bottom of this post.

      At the moment you can only create Templates for user provisioning with this, no Group- or OpenTemplates. It doesn´t cover 100% of the possibilities that the template provides but for most use cases this should be sufficient.

       

      If anything is unclear or you have suggestions for improvements feel free to leave a comment.

       

           A. Start the program on any Windows-PC that can establish a network connection to one of the domain controllers of the target domain. It does not require elevated permissions to work.
           B. You will be greeted with this view:
               

                     1. Enter the FQDN of the target domain, for example “contoso.local”

                     2. Confirm your entry, if the account you are running the program under is not a member of the target domain it will ask you for credentials:

                    

       

       

           C. After successfully connecting to the domain you will see all OUs from the target domain appear:
                         

         1. You can filter by Name here, just type and click the asterisk to clear the filter if needed

         2. With these buttons you can move OUs from the left to the right list and back, OUs in the right list will be available as a Target-OU option in the template. If only one Value is entered the template will use a fixed value for the OU selection. If multiple are selected the first one in the         list will be used as default value for the Dropdown.

         3. You can edit the Display Name with which the OU will be shown in the Template, use this to assign friendly names or link OUs up to a department or location.

         4. Help shows you hopefully relevant documentation on the current step (not perfect)

             Cancel cancels the current execution and closes the program

             Next brings you to the next page – depending on the number of groups in the domain the loading time might vary

       

           D. After the page has finished loading you should see a selection of groups:

                         

                     1. Type text to filter, click asterisk to clear

                     2. Move groups from left to right, groups on the right will be included in the groups section of the template

                     3. As before plus “Back” brings you back to the previous page

       

           E. Property definitions:

                         

                     1. Here you see a list of all currently selected properties that will be included in the template. The ones already set are default properties that are required, they can be edited but not removed.

                     2. Click to either add a new property, or edit / remove an existing one

                           When adding or editing a property you will see this window:

                              

                   

                     From Top to bottom:

          • Name of the property in AD (for example “telephoneNumber”) this has autocomplete for standard properties
          • Label which will be displayed in front of the input field in the template
          • Description which will be shown in a mouseover info popup
          • Sets if the property is required – required properties can not be disabled or hidden
          • Sets if the property is enabled – disabled properties can not be edited by the user
          • Hide the property in the fat client
          • Hide the property in the web interface
          • Select the type of input element to represent the property. Depending on the selection the type specific settings will appear.

       

                     Available types and type-specific settings are:

       

       

                     1. Dropdownlist:

                              

                          Dropdown items consist of a “Value” and a “DisplayValue” the first one is the value that the ad property will be set to, the other will be shown to the user for selection. With the Buttons on the right you can add / edit / delete dropdown items.

                          If you set a DefaultValue it´s value must match the value field of one of your entries.

       

                     2. TextField / TextArea / MultiValueText

                         

                          From top to bottom:

      - Defines if the value of the field must be unique in AD

      - Max length of the field

      - Characters that are not allowed in the string, separated by semicolon

      - Creation rule, see template documentation for details

      - Validation rule is a normal regular expression

      - Validation Info is the text the user gets to see in case of error, can be multilanguage

       

       

                     3. FixedValue

                              

                          Value is the value set to the property, Displayvalue will be shown to user

       

                     4. Checkbox

                              

                          Sets if the checkbox is checked by default

                    

           F. Lookup Tables

                          Lookup Tables allow to set dependencies between ad attributes, for example between the street address and the zip code. You can create lookup tables once you have created a property with the input type of DropDown. Once the property is created you can click on “Lookup                     Tables” on Page 3.

                              

                          Select the dropdown menu you want to set dependencies on the left side, then click on “Create” to create a lookup table based on the selected dropdown. After clicking on create / edit you will be able to assign the values the lookup table should resolve to.

                          You can use lookup tables in creation rules with the <lookup>() function. You can find more details on that in the template documentation.

       

       

           G. Activation- , Password- and Script Options
                          Activation and Password Options

                              

                           Enabling these will allow the user to define if the account should be activated immediately,

               On a specific date or not at all. It also allows to set a end date where the account will be disabled.

       

                          Password Options - from top to bottom:

                             

          • Default password, no random password will be generated if this is set
          • Validation rule for password – normal regex
          • Validation info that will be shown to the user on error
          • check this if you want randomly generated passwords
          • check this to add more complexity to the passwords
          • check if “Password must be changed at next logon” should be enabled by default
          • check if “Password can not be changed” should be enabled by default
          • check if “Password never expires” should be enabled by default

       

                     Script options

                              

                     From top to bottom:

          • check if the script section should be hidden in the fat client
          • check if the script section should be hidden in the web client
          • check to enable script by default
          • Displayname for the script execution
          • Script path, for example “C:\\scripts\\script.ps1” or “\\\\server\\share\\script.ps1”
          • Parameters that will be passed to script, to pass attributes use the usual variable syntax (for example “{givenname} {sn}”) (see documentation)

       

       

           H. Exchange Options

                              

                     From top to bottom, left to right:

       

          • Check this to enable the exchange section, if not checked the exchange module will not be loaded and no mailbox can be created with that template
          • Allow users to select if a mailbox is created or not, by default one is created
          • Mailbox Database, currently only single values are supported by the generator
          • Creationrule for emailaddress(es), can contain multiple addresses split by “\r\n”
          • Validationrule, will be matched to whole string including “\r\n”
          • Allow users to manually change the address, the validationrule still applies
          • Enable Archiving – if not selected archiving related fields will not be included in template and archiving will be disabled
          • Allow users to change if archiving is enabled, by default it is
          • Archive Database, currently only single values are supported by the generator
          • Enable ActiveSync – if not selected ActiveSync related fields will not be included in template, ActiveSync will be enabled and the default policy will be used.
          • Allow users to change if ActiveSync is enabled, by default it is
          • Active Sync Policy, currently only single values are supported by the generator
          • Enable OWA – if not selected OWA related fields will not be included in template, OWA will be enabled and the default policy will be used.
          • Allow users to change if OWA is enabled, by default it is
          • OWA Policy, currently only single values are supported by the generator
          • Enable IMAP – if not selected the IMAP option will not be included in template, IMAP will be active
          • Enable POP – if not selected the POP option will not be included in template, POP will be active
          • Enable MAPI – if not selected the MAPI option will not be included in template, MAPI will be active

       

       

           I. Last steps

                              

      1. Enter the Displayname of the template here, this will be shown in the web interface / fat client as main identifier

      2. Enter the Description of the template here, this will be shown as additional info in the web interface / fat client

                  3. Choose where the template should be saved, the name will be automatically generated

                  4. Click save to save the template to disk, after that you can either exit or continue working with your data (you can go back and do slight changes and export again so you can pump out similar templates without having to go through the whole process again)

       

       

      Downloadlink:

      http://bit.ly/ARMtemplate

       

      Virustotal:

      VirusTotal