A new Flexera Community experience is coming on November 18th, click here for more information.
I have a Business Adapter that I use to pull in additional information from our AD, and I want to pull in the field Enabled so that I can deactivate users that are no longer working for the company (since for some reason the AD import doesn't pull this information in). When I add the field to the Business Adapter and run the Staging batch file, it pulls the information into the Staging Table, but it doesn't pull in anything for this field. The field is either True or False according to our AD administrator. When I look in the Staging Table, the field says Null in every single record. I checked, and there should be many that say False. How do I get this data into the Staging Table? I'm attaching the XML file for the Business Adapter.
‎Apr 23, 2019 10:00 AM
We used 'useraccountcontrol' field to accomplish this; it returns a number and that number corresponds to the account either being active or inactive. A simple case statement in the business adapter sets the account in Flexnet as active or inactive.
,case
when u.[useraccountcontrol] = '514' then 'Inactive'
when u.[useraccountcontrol] = '546' then 'Inactive'
when u.[useraccountcontrol] = '66050' then 'Inactive'
when u.[useraccountcontrol] = '66082' then 'Inactive'
when u.[useraccountcontrol] = '512' then 'Active'
‎Apr 24, 2019 10:29 AM
@EHacking - userAccountControl is a bit field, so you need to check if bit #2 ("ACCOUNTDISABLE") is on, not check that the entire field value is 2.
The following filter expression in the LDAP query filters out disabled accounts from the results by only returning objects where bit #2 is not set:
(!userAccountControl:1.2.840.113556.1.4.803:=2)
Information on the following pages may give you some insight into the LDAP query:
‎Apr 25, 2019 08:53 PM
We used 'useraccountcontrol' field to accomplish this; it returns a number and that number corresponds to the account either being active or inactive. A simple case statement in the business adapter sets the account in Flexnet as active or inactive.
,case
when u.[useraccountcontrol] = '514' then 'Inactive'
when u.[useraccountcontrol] = '546' then 'Inactive'
when u.[useraccountcontrol] = '66050' then 'Inactive'
when u.[useraccountcontrol] = '66082' then 'Inactive'
when u.[useraccountcontrol] = '512' then 'Active'
‎Apr 24, 2019 10:29 AM
Bit #2 in useraccountcontrol marks disabled accounts (https://support.microsoft.com/en-us/help/305144/how-to-use-useraccountcontrol-to-manipulate-user-account-properties). There might be a few more decimal numbers where #2 is potentially set. So directly looking for that bit might be easier and safer. In TSQL this can be done using "&". This example should list inactive accounts.
userAccountControl & 2 <> 0
‎Apr 24, 2019 03:07 PM
Looking at the XML it looks like the field you tried to use is "Enabled" and you need "UserAccessControl"
‎Apr 24, 2019 03:28 PM
I would verify you have the field header correct. Unfortunately with AD if the field doesn't match the AD schema it will just bring in NULLs and not error out. So for example, if you said LastName instead of SN you woudl get lots of NULLS.
‎Apr 24, 2019 02:48 PM
Here is my Properties to load:
displayname,Surname,Givenname,OfficePhone,samaccountname,employeeID,Title,Mail,telephonenumber,sn,userAccountControl
Here's the line from the filter:
(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))
When I run this as-is, it almost doubled the number of records that it pulls into the Staging Table, but none of them have a 2 in the userAccountControl field.
I'm not a query expert, but I think that last part says to not include any record with a userAccountControl=2.
When I remove that part from the filter it give me an error. What am I doing wrong?
‎Apr 25, 2019 09:43 AM
@EHacking - userAccountControl is a bit field, so you need to check if bit #2 ("ACCOUNTDISABLE") is on, not check that the entire field value is 2.
The following filter expression in the LDAP query filters out disabled accounts from the results by only returning objects where bit #2 is not set:
(!userAccountControl:1.2.840.113556.1.4.803:=2)
Information on the following pages may give you some insight into the LDAP query:
‎Apr 25, 2019 08:53 PM
Hi, I ran into the same problem. I did solve it as following:
- using powershell, create a script to export the AD-Data required as csv file
- I did change all the filednames in powershell, just to be shure (ran into poroblem in the past here)
- you might have to convert the csv file to different CharSet I use: Get-Content ./imput_UTF-8-BOM.csv | Out-String | % { [Text.Encoding]::UTF8.GetBytes($_) } | Set-Content -Encoding Byte -Path "./output_UTF-8.csv"
- I have to use UTF-8 but export-csv only creats UTF-8-BOM so I can get my "Äs, Ös" etc.
- after creating the BusninessAdapter (on the beacon-application) I had to manually edit the XML-file to specify the characterset: simply enter into the connection string: ...;Characterset=65001;...
- Please dont forget to simply Replace in the BusinessAdpater the filed "Enabled": Find: True,False Replace: Active,Inactive
- unfortunatly the connection string gets reset each time you use the Beacon-BusinessAdapter for changes - so you have to manually add the Charset-value each time after you made changes
I am sure the other solutions will work as well, but this did solve the issue for me 😉
for AD-filers I can recommend: https://blogs.msdn.microsoft.com/adpowershell/2009/04/14/active-directory-powershell-advanced-filter-part-ii/
greetings Steffen
‎May 10, 2019 05:08 AM - edited ‎May 10, 2019 05:16 AM
User | Count |
---|---|
8 | |
7 | |
3 | |
3 |