- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-20-2024 11:35 AM
Hi all, we need to look up a user in Active Directory by their employee number attribute. What would be the best way to do this?
For more info, this is what we've investigated so far:
- We can't use Azure because the users aren't in Azure at this point in the workflow.
- The Active Directory v2 spoke will only look up users by username, which could return inaccurate data.
- "Guessing" the username and verifying the returned info isn't working because the returned info does not include the employee number attribute.
- Powershell was also something we looked at but our Cyber Security team is concerned about the access the service account would need.
- I'm unsure if LDAP data can be accessible in Flow Designer.
Thanks in advance!
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-21-2024 06:44 AM
Hey AJ,
Our PowerShell script action was set up with a different service account and it seems to run differently than the OOB AD lookup, but I was able to get this working by copying the existing ActionLookupUser_AD_v2.ps1 action and script and changing the script to below. I also added an employee_id variable to the new, copied action.
I also changed the properties on the script to return all the attributes of the user by changing the normal -Properties filter to just "-Properties *", which can be seen below. Thanks for the help and I appreciate the reply!
Import-Module ActiveDirectory -WarningAction SilentlyContinue
if (test-path env:\SNC_userName) {
$username = $env:SNC_userName;
}
If(-Not $username){
$result = "User Name field is empty"
$status = "Error"
}
Else{
$username = $username -replace "%27", "'";
try {
$userdetails = Get-ADUser -Filter {EmployeeID -eq $employee_id} -Credential $cred -Server $computer -Properties *
$result = $userdetails
$status = "Success"
}
catch {
$result = $_.Exception.Message
$status = "Error"
}
}
$response = @{
status = $status
body = $result
} | convertTo-Json
Write-Output $response
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-20-2024 05:19 PM
Hey Dylan,
PowerShell script action would require the same rights for the service account as the OOB AD lookup user action, right?
Also, you might be able to use the "Query AD" action that takes a search filter as an input and returns the AD object details, this should help.
Regards,
AJ
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-21-2024 06:44 AM
Hey AJ,
Our PowerShell script action was set up with a different service account and it seems to run differently than the OOB AD lookup, but I was able to get this working by copying the existing ActionLookupUser_AD_v2.ps1 action and script and changing the script to below. I also added an employee_id variable to the new, copied action.
I also changed the properties on the script to return all the attributes of the user by changing the normal -Properties filter to just "-Properties *", which can be seen below. Thanks for the help and I appreciate the reply!
Import-Module ActiveDirectory -WarningAction SilentlyContinue
if (test-path env:\SNC_userName) {
$username = $env:SNC_userName;
}
If(-Not $username){
$result = "User Name field is empty"
$status = "Error"
}
Else{
$username = $username -replace "%27", "'";
try {
$userdetails = Get-ADUser -Filter {EmployeeID -eq $employee_id} -Credential $cred -Server $computer -Properties *
$result = $userdetails
$status = "Success"
}
catch {
$result = $_.Exception.Message
$status = "Error"
}
}
$response = @{
status = $status
body = $result
} | convertTo-Json
Write-Output $response