Posted Tue, 20 Jul 2021 15:31:50 GMT by

 Hello 

I need to extract "sn" and "email" from all users in a AD OU

I see that's not possible with Automate module, but should possible using the ADO query in "List object path" panel

But I don't find any example (neither for LDAP query nor for SQL query) so I get this message

[AD][Main](Step 4) Active Directory failed (Error : 'ADsDSOObject' failed with no error message available, result code: DB_E_ERRORSINCOMMAND(0x80040E14).)

 

Are any examples or suggestions available ? 

Thank you 

Posted Fri, 23 Jul 2021 08:23:14 GMT by

Hi, I don't believe it's possible to get all values for all users, but what you can do is use the "Get Group Members" action and create a list of users and then loop that list of user and get the values for each one.

 

Here's an example:

 







%varSn%
%varMail%



Posted Fri, 23 Jul 2021 14:56:17 GMT by

Hello

I am afraid this does not solve my problem that's about retrieving attributes "sn" and "mail" of all users in a OU (not Group members)

But I think to have solved using a couple of AD tasks. The first 

  • List object path

Using the query: SELECT ADspath FROM 'LDAP://WIN-2016-AD/OU=TESTT_PF2,DC=bbmilano,DC=it' WHERE objectclass=user”

I populate a dataset (called OU) with all users under TESTT_PF2 Organizational Unit. This query doesn't allow to extract "sn" and "mail" attributes

The second AD task (in a loop)

  • Get object property

LDAP://WIN-2016-AD/CN=%OU.Name%,OU=TESTT_PF2,DC=bbmilano,DC=it

It reads all Users in the OU dataset and write "sn" and "mail" attribute (this function allow to do it) in variables SURNAME and MAIL created at the beginning of Automate workflow

At the end a WRITE function put these variable in a text file as asked by customer. This file is something like that:

"Smith","pf3@bbmilano.it"

"Taylor","pf4@bbmilano.it"

Hope helps

Giovanni 

 

 

Posted Thu, 02 Dec 2021 22:48:45 GMT by James Lankford FirstBank Applications Developer
For most of my AD query needs, I have found the native actions in AM to be rather limited. You can do what you need with a PowerShell script, and plug it into a PowerShell task action.

Here's a simple query that pulls sn (Surname) and mail for enabled AD users:

Get-ADUser -Filter "Enabled -eq 'True'" -Properties sn, mail | Select-Object sn, mail | Sort-Object sn

You must be signed in to post in this forum.