Using Active Directory Roles Sample

Download sample

The sample demonstrates how to use Active Directory roles in a workflow.

The high-level scenario is as follows:

  1. A workflow named PurchaseOrderWorkflow is instantiated.

  2. The employees who can initiate the PurchaseOrderWorkflow are limited to the persons who are specified by the ActiveDirectoryRole object that is created in the SetupRoles CodeActivity activity.

  3. The HandleExternalEventActivity activity invokes the purchase order request by using the InitiatePurchaseOrder event that is defined in the IStartPurchaseOrder interface. The HandleExternalEventActivity activity initiates a purchase order only if the initiator is a member of the configured ActiveDirectoryRole. The initiator (employee) identity is assumed to be the identity of the person who is running the workflow sample.


Role-based checks are done for the HandleExternalEventActivity activity by using the Active Directory groups in the host environment’s domain. Active Directory groups are supported by the deployment of Active Directory in a Windows NT domain or Active Directory Application Model (ADAM) on the local machine. Therefore, an AD or ADAM deployment is necessary for this sample to work as intended.

To set up, build, and run the sample

  1. Download the sample by clicking Download Sample.

    This extracts the sample project to your local hard disk.

  2. Open the ActiveDirectoryRoles.sln and modify the PurchaseOrderWorkflow.cs file as follows:

    • Change the following parameters to reflect the actual Active Directory group you want to check the logged-in user against.

      ActiveDirectoryRole poInitiatorsRole = ActiveDirectoryRoleFactory.CreateFromAlias("ADGroup");
      Visual Basic:
      Dim poInitiatorsRole As ActiveDirectoryRole = ActiveDirectoryRoleFactory.CreateFromAlias("ADGroup")


    Make sure that the logged-in user is part of this Active Directory group.

  3. Click Start, point to Programs, point to Microsoft Windows SDK, and then click CMD Shell.

  4. Go to the source directory of the sample.

  5. At the command prompt, type MSBUILD <Solution file name>.

  6. Run the .exe file in the PurchaseOrderWorkflow\bin\debug folder (or the PurchaseOrderWorkflow\bin folder for the Visual Basic version of the sample), which is located below the source folder of the sample.

    If the role check was successful, the output of the sample will look similar to the following:

    Purchase Order initiated by: <DOMAIN>\<username>
    PO Initiated successfully
    Workflow has completed.

For more information about Active Directory, see Directory and Identity Services.

See Also



Other Resources

Using Roles in Workflows

© 2007 Microsoft Corporation. All rights reserved.