- Flexera Community
- :
- FlexNet Manager
- :
- FlexNet Manager Forum
- :
- Re: AD group member query business adapter.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm looking to see if anyone has a query they have used to pull in group membership through a business adapter on a beacon server.
I need to pull all members of a specific group and assign them to software entitlements.
I can't seem to get the filters correct.
Has anyone done this in the past and if so could you share your query and attributes.
Thanks,
Gavin
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Gavin,
Reading users and filtering from AD groups is pretty straight forward with the Business Adapter Studio (including the Beacon version).
This is super useful for instance if you manage your Adobe subscription through AD groups (AD integration for Adobe Portal).
You need in the filter to restrict on a group using "MemberOf", one example below. The grammar is cryptic but your AD admins should be able to help you. You filter on 1 group and multiple domains for instance. I was not able to filter on multiple groups using wildcards (Acrobat%)... so, you need as many Business Adapters as groups.
(&(objectCategory=user)(!cn=CHILD$)(memberof=CN=DG_Adobe_AcrobatPro-Users,OU=GRP,OU=Global,OU=PRD,DC=net,DC=fr,DC=ch))
One important item to note: the insert behavior will manage the type of insert... the following below will allocate each user that was reported in the AD group, and removes any user that is no longer reported.
Hope it helps!
Nicolas
This thread has been automatically locked due to inactivity.
To continue the discussion, please start a new thread.
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I usually do this in PowerShell, export the results to CSV and then use the CSV file as input for my business import.
Best regards,
Markward
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Gavin,
Reading users and filtering from AD groups is pretty straight forward with the Business Adapter Studio (including the Beacon version).
This is super useful for instance if you manage your Adobe subscription through AD groups (AD integration for Adobe Portal).
You need in the filter to restrict on a group using "MemberOf", one example below. The grammar is cryptic but your AD admins should be able to help you. You filter on 1 group and multiple domains for instance. I was not able to filter on multiple groups using wildcards (Acrobat%)... so, you need as many Business Adapters as groups.
(&(objectCategory=user)(!cn=CHILD$)(memberof=CN=DG_Adobe_AcrobatPro-Users,OU=GRP,OU=Global,OU=PRD,DC=net,DC=fr,DC=ch))
One important item to note: the insert behavior will manage the type of insert... the following below will allocate each user that was reported in the AD group, and removes any user that is no longer reported.
Hope it helps!
Nicolas
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@nrousseau1's answer on this topic is a solid direct approach to solving the problem that will work in many cases. On the other hand, a PowerShell script approach of saving Active Directory group membership information to a CSV file as described by @mfranz is a little more flexible as it can handle more complex membership scenarios like nested group memberships or cross-domain memberships. This data could then be subsequently imported or otherwise processed using a business adapter.
I've attached a sample of such a script that may be useful for others as a starting point here.
Example use and output:
PS> .\DumpADGroupMembers.ps1 -GroupNamePattern "FNMS-*" | Export-Csv c:\Temp\Members.csv -NoTypeInformation
Loading domain information
Local domain
acme.com (ACMECORP)
Domains trusted by the local domain's forest
Domains trusted directly by the local domain
Finding groups in the current domain with query: (&(objectCategory=Group)(cn=FNMS-*))
Found group: FNMS-Group 1
Searching for group members
Group: ACMECORP\FNMS-Group 1
Group: ACMECORP\ABC Nested Group
User: ACMECORP\user1
User: ACMECORP\user2
Found group: FNMS-Group 2
Searching for group members
Group: ACMECORP\FNMS-Group 2
User: ACMECORP\user3
User: ACMECORP\user4
PS> Get-Content C:\Temp\Members.csv
"groupName","Member","Mail","Name"
"FNMS-Group 1","ACMECORP\user1","",""
"FNMS-Group 1","ACMECORP\user2","",""
"FNMS-Group 2","ACMECORP\user3","",""
"FNMS-Group 2","ACMECORP\user4","",""
Note that this PowerShell script requires the ActiveDirectory PowerShell module to be installed.
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you combine this with a custom field for AD groups, you can avoid template files or hard-coding group names and have license managers update group names in their licenses themselves.
