Get AD Group users?

Does anyone know how to get a list of users in an AD group within ignition? It seems like this should be possible, but I can’t find a built in function that does this. My user source is a full active directory setup.


You could potentially build in a script like this:

usersInGroup = [user for user in system.user.getUsers('YourUserSource') if 'YourRole' in user.getRoles()]
1 Like

@zacht @lrose The system.user.getUsers function doesn’t appear to actually get users from our active directory. It just pulls some ignition users that were setup to show for all user sources.

When I go into the user source that I working with, no users show.

In that case, I think your user source connection is setup incorrectly. You probably shouldn’t show the settings for the connection to the internet, but I would double check those. Maybe have support help.


You can query a list of users from active directory using an ldap query. You will need to set up the AD server as a linked server though, I think. This works for me on SQL Server:

select * from OpenQuery (AD_Linked_Server_Name,
'SELECT mail, mobile, telephoneNumber, title, sn, givenName, SAMAccountName,  department
FROM ''LDAP://OU=YourOrganizationalUnit,DC=YourDC,DC=YourDC''
WHERE objectClass = ''user''

@chandler.teigen, that sounds interesting and would save adding Python LDAP libraries.

You will need to set up the AD server as a linked server though, I think.

How do you do that? ODBC connection? What driver? SQL Server?

@Transistor If you are using SQL Server and SQL Server Management Studio you can add them under a server connection. Expand Server Objects, then right click Linked Servers and click New Linked Server. Once you get it configured, you can reference the name you gave the linked server in the query I showed above.

Just to close the loop on this thread, the issue for this ended up being the username and password that our admin had used to setup the user source were incorrect. I was able to get them to switch to an appropriately setup username and password, and now the functionality works.