Look up user in Active Directory from Flow Designer

DylanB
Tera Guru

Hi all, we need to look up a user in Active Directory by their employee number attribute. What would be the best way to do this? 

For more info, this is what we've investigated so far:

  • We can't use Azure because the users aren't in Azure at this point in the workflow.
  • The Active Directory v2 spoke will only look up users by username, which could return inaccurate data.
    • "Guessing" the username and verifying the returned info isn't working because the returned info does not include the employee number attribute.
  • Powershell was also something we looked at but our Cyber Security team is concerned about the access the service account would need. 
  • I'm unsure if LDAP data can be accessible in Flow Designer. 

Thanks in advance!

1 ACCEPTED SOLUTION

Hey AJ,

 

Our PowerShell script action was set up with a different service account and it seems to run differently than the OOB AD lookup, but I was able to get this working by copying the existing ActionLookupUser_AD_v2.ps1 action and script and changing the script to below. I also added an employee_id variable to the new, copied action. 

 

I also changed the properties on the script to return all the attributes of the user by changing the normal -Properties filter to just "-Properties *", which can be seen below. Thanks for the help and I appreciate the reply!

 Import-Module ActiveDirectory -WarningAction SilentlyContinue

if (test-path env:\SNC_userName) {
    $username = $env:SNC_userName;
}

If(-Not $username){
    $result = "User Name field is empty"
    $status = "Error"  
} 
Else{

$username = $username -replace "%27", "'";

    try {
        $userdetails = Get-ADUser -Filter {EmployeeID -eq $employee_id} -Credential $cred -Server $computer -Properties *
        $result = $userdetails
        $status = "Success"
    }
    catch {
        $result = $_.Exception.Message
        $status = "Error"
    }
}

$response = @{
    status = $status
    body   = $result
} | convertTo-Json

Write-Output $response 

 

View solution in original post

2 REPLIES 2

anurag92
Kilo Sage

Hey Dylan,

 

PowerShell script action would require the same rights for the service account as the OOB AD lookup user action, right?

 

Also, you might be able to use the "Query AD" action that takes a search filter as an input and returns the AD object details, this should help.


Regards,
AJ

Hey AJ,

 

Our PowerShell script action was set up with a different service account and it seems to run differently than the OOB AD lookup, but I was able to get this working by copying the existing ActionLookupUser_AD_v2.ps1 action and script and changing the script to below. I also added an employee_id variable to the new, copied action. 

 

I also changed the properties on the script to return all the attributes of the user by changing the normal -Properties filter to just "-Properties *", which can be seen below. Thanks for the help and I appreciate the reply!

 Import-Module ActiveDirectory -WarningAction SilentlyContinue

if (test-path env:\SNC_userName) {
    $username = $env:SNC_userName;
}

If(-Not $username){
    $result = "User Name field is empty"
    $status = "Error"  
} 
Else{

$username = $username -replace "%27", "'";

    try {
        $userdetails = Get-ADUser -Filter {EmployeeID -eq $employee_id} -Credential $cred -Server $computer -Properties *
        $result = $userdetails
        $status = "Success"
    }
    catch {
        $result = $_.Exception.Message
        $status = "Error"
    }
}

$response = @{
    status = $status
    body   = $result
} | convertTo-Json

Write-Output $response