Get AD Group users?

iceberg · October 13, 2021, 1:56pm

Does anyone know how to get a list of users in an AD group within ignition? It seems like this should be possible, but I can’t find a built in function that does this. My user source is a full active directory setup.

zacht · October 13, 2021, 2:23pm

system.user.getUsers(userSource)

lrose · October 13, 2021, 2:24pm

You could potentially build in a script like this:

usersInGroup = [user for user in system.user.getUsers('YourUserSource') if 'YourRole' in user.getRoles()]

iceberg · October 13, 2021, 3:37pm

@zacht @lrose The system.user.getUsers function doesn’t appear to actually get users from our active directory. It just pulls some ignition users that were setup to show for all user sources.

When I go into the user source that I working with, no users show.

zacht · October 13, 2021, 3:51pm

In that case, I think your user source connection is setup incorrectly. You probably shouldn’t show the settings for the connection to the internet, but I would double check those. Maybe have support help.

chandler.teigen · October 13, 2021, 4:11pm

You can query a list of users from active directory using an ldap query. You will need to set up the AD server as a linked server though, I think. This works for me on SQL Server:

select * from OpenQuery (AD_Linked_Server_Name,
'SELECT mail, mobile, telephoneNumber, title, sn, givenName, SAMAccountName,  department
FROM ''LDAP://OU=YourOrganizationalUnit,DC=YourDC,DC=YourDC''
WHERE objectClass = ''user''
)

Transistor · October 20, 2021, 9:54pm

@chandler.teigen, that sounds interesting and would save adding Python LDAP libraries.

You will need to set up the AD server as a linked server though, I think.

How do you do that? ODBC connection? What driver? SQL Server?

chandler.teigen · October 20, 2021, 10:59pm

@Transistor If you are using SQL Server and SQL Server Management Studio you can add them under a server connection. Expand Server Objects, then right click Linked Servers and click New Linked Server. Once you get it configured, you can reference the name you gave the linked server in the query I showed above.

iceberg · January 28, 2022, 12:56pm

Just to close the loop on this thread, the issue for this ended up being the username and password that our admin had used to setup the user source were incorrect. I was able to get them to switch to an appropriately setup username and password, and now the functionality works.