Using the Active Directory Destination Component

The Active Directory Destination Component is an SSIS data flow pipeline component that can be used to write data to Microsoft Azure Active Directory and Microsoft Active Directory. You can create, update, or delete objects with this component. There are three pages of configuration:

  • General
  • Columns
  • Error Handling

The General page is used to specify general settings for the Active Directory Destination Component. The Columns page allows you to map the columns from upstream components to Active Directory attributes in the destination object. The Error Handling page allows you to specify how errors should be handled when they occur.

General page

The General page allows you to specify general settings for the component.

Active Directory Destination Editor

Select the connection manager and destination object
Connection Manager

The Active Directory Destination Component requires a Active Directory connection. The Active Directory Connection Manager option will show all ActiveDirectory connection managers that have been created in the current SSIS package or project.

Action

The Action option allows you to specify how data should be written to Active Directory. There are currently five (5) supported action types available.

  • Create: Create new object(s).
  • Update: Update existing object(s) based on primary key field (UserPrincipalName).
  • Upsert(since v2.0, On-Premise only): Updates or creates object(s) based on primary key field (UserPrincipalName)
  • Delete: Delete object(s).
  • Move(since v2.3, On-Premise only): Move or rename an AD object.
Destination Object

The Destination Object option allows you to specify which object to write data to. The available destination objects include:

  • User: using User option, you can create, update or delete Active Directory users
  • Group: allows you to create, update or delete Active Directory groups
  • GroupMembership: using GroupMembership option, you can add users to Active Directory groups using Create action, and delete users from Active Directory groups using Delete action
Active Directory Settings (On-Premise Connections Only)
Container Path

The Container Path option specifies the Directory path in which you want to manipulate Active Directory data. Note that some combinations of Container Path, Destination Object and Action may not be supported, in some cases they may produce undesired results. Make sure to select the intended container path when configuring the destination component.

Note that the Container Path option is not used by the Move action.

Additonal Settings (Azure Connections Only)
Send DateTimeValues in UTC Format

Enabling this option allows you to send date time values to Azure Active Directory in UTC format. If left unchecked, any date time value passed into Azure Active Directory will be treated as integration user's local time.

Map Unmapped Fields Button

By clicking this button, the component will try to map any unmapped Active Directory attributes by matching their names with the input columns from upstream components. This is useful when your source component has recently added more columns, in which case you can use this button to automatically establish the association between input columns and unmapped destination attributes.

Clear All Mappings Button

By clicking this button, the component will reset all your mappings in the destination component.

Expression fx Icon

Click the blue fx icon to launch SSIS Expression Editor to enable dynamic update of the property at run time.

Generate Documentation Icon

Click the Generate Documentation icon to generate a Word document which describes the component's metadata including relevant mapping, and so on.

Columns page

The Columns page of the Active Directory Destination Component allows you to map the columns from upstream components to destination attributes.

In the Columns page, you would see a grid that contains three columns as shown below.

Active Directory Destination Editor

  • Input Column: You can select an input column from an upstream component here.
  • Destination Active Directory Field: The Active Directory attribute/field that you are writing data.
  • Data Type: This column indicates the type of value for the current attribute.
  • Unmap: This button provides a convenient way to set/unset the mapping for the selected attribute/field.

Tips: In order to clear up a field value, you should set the target field's input value to NULL.

Writing to Custom Attributes (On-Premise only)

It is possible to write data to custom attributes in Active Directory. By default, custom attributes cannot be detected in the Destination Component. In version 2.x and above, in the Columns page of the Active Directory Destination Component, there is an 'Add' button, to manually add the custom field. If you select this button, you can add custom fields by entering the following information:

Add Active Directory custom field

Field Name

Specify the Field Name of the custom field that you would like to write to.

Data Type

Select the Data Type drop down of the field type.

Length

Choose the Length of the Data Type for your custom field.

With previous versions, 1.1 and 1.2, if you open the Advanced Editor for the Active Directory Destination Component, and go to the `Input And Output Properties` tab, you can add columns for your custom attributes in the External Columns. The `Name` field can be used as the display name for your custom attribute, and most importantly of all, the `Description` field needs to be populated with the actual name of your custom attribute.

Advanced destination editor

Error Handling page

The Error Handling page allows you to specify how errors should be handled when they happen.

Active Directory Destination Editor

There are three options available.

  1. Fail on error
  2. Redirect rows to error output
  3. Ignore error

In the Error Handling page, there is also an option that can be used to enable or disable the following output field for the destination component.

  • IsNew: Contains value to indicate whether it is a newly created record, or an existing one. This is useful when you use Upsert action.
  • NewlyCreatedRecordId(since v4.0): Contains the newly created Azure directory object record's ID, which you can use to write to log or further process using additional data flow components.

When the Redirect rows to error output option is selected, rows that failed to write to Active Directory will be redirected to the 'Active Directory Destination Error Output' output of the Destination Component. As indicated in the screenshot below, the green output connection represent rows that were successfully written, and the red 'Active Directory Destination Error Output' connection represents rows that were erroneous. The 'ErrorMessage' output column found in the 'Active Directory Destination Error Output' may contain the error message that was reported by Active Directory or the component itself.

error output

Note: Use extra caution when selecting Ignore error option, since the component will remain silent for any errors that have occurred.

Adding Users as members to Groups

By selecting the GroupMembership destination object in the Destination Component, you can add members to groups. The GroupMembership object has 2 fields, GroupName and UserName. Often times, users and groups live in different container paths. In order to create membership between users and groups that live in different container paths, you will need to specify the DistingushedName property in the GroupName or UserName fields. If DistingushedNames are not used, the component will attempt to look for objects with matching Name in the specified container path.