This post is in continuation to my previous post Automate the provision of Azure AD Account & License assignment – Part 1 for creating account in Azure active directory using Power Automate. On this post I will highlight the feature available in Azure Automation account which can be leveraged to create an On-premise AD account. Refer to this post for the usage of Azure automation account to interact with SharePoint online in Microsoft 365 using Power Automate.
Azure Automation is so easy to setup for automating tasks that interacts with
- Azure (Azure AD, SQL etc)
- M365 services (SharePoint etc).
Automation runbooks in Azure might not have access to resources in other clouds or in your on-premises environment because they run on the Azure cloud platform. To access local resources like On-premise Active Directory which lives behind the firewall, there is a feature within Azure Automation called as Hybrid runbook worker. Azure Automation Hybrid Workers extends Azure Automation into your private networks and allows running runbooks that interacts with resources such as on-premises Active Directory, SharePoint etc.
Hybrid Runbook Worker feature to run runbooks directly on the
- Computer in On-premise network
- Any secured network like a virtual machine in Azure behind the firewall
- Cloud services like AWS etc
that’s hosting the role and against resources in the environment to manage local resources. Refer to this documentation about Hybrid runbook worker for more information.
The following image from Microsoft documentation illustrates this functionality:
- Azure Subscription to create
- Automation Account
- Log Analytics Workspace
- Server (Windows or Linux based)
- Internet access
- Port: Only TCP 443 required for outbound internet access
The deployment instructions from Microsoft for
I’ve found a really interesting video on Youtube from Travis Robert regarding this topic to set this up on Windows workstation.
Once the Hybrid runbook worker is setup, you can write PowerShell script to create account in On premise Active directory. Find the link to the script to add a user to Active directory in Onpremise. The parameters for the AD account (attributes like name, location, jobtitle, manager etc) to the runbook can be passed from a SharePoint List in Office 365 which could then be triggered using a Flow.
Summary: I was not able to give you a complete walkthrough but I hope had given some pointers to connect on-premise AD. Forgive my ignorance if I have made some mistakes since I don’t have much experience with IT infrastructure. Hope you find this post useful & informational. Let me know if there is any comments or feedback below.