Getting Information About AD Security Groups Using A GraphQL Request

# Getting Information About AD Security Groups Using A GraphQL Request

You can get information about AD security groups using a GraphQL query in GraphiQL.



[!IMPORTANT] Before executing a GraphQL query to get information about security groups, it is required to configure an integration for information synchronization by group.

A query for AD security groups can be executed only from the API Key with the assigned ["Users" privilege#Platform Module](../../4.Access_role.md) with the access operation **R** (reading). You can find more information about API Key creation and how to assign a privilege to a created key in the following sections:



- [Access Rights For API Keys#Access Rights For API Keys](../../4.Access_role.md)

Configure the AD integration using the following query:

```graphql
mutation {
  app_config {
    active_directory {
      update_config(sync_employee_group_membership_enabled:true) {
        sync_employee_group_member_enabled
      }
    }
  }
}
```

[!NOTE] Synchronization is carried out by a universal security group. The global security group is not supported.

Query options for security groups:

1. Query without a filter:

    ```graphql
    {
      active_directory {
        ad_group {
          employee_ad_groups {
            employee_id
            canonical_names
            distinguished_names
            names
          }
        }
      }
    } 
    ```

1. Query with a filter by users:

    ```graphql
    {
      active_directory {
        ad_group {
          employee_ad_groups(ids:[<id_пользователя_1>, <id_пользователя_2>]) { 
            employee_id
            canonical_names
            distinguished_names
            names
          }
        }
      }
    }
    ```

Response example:

```graphql
{
  "data": {
    "active_directory": {
      "ad_group": {
        "employee_ad_groups": [
          {
            "employee_id": 11,
            "canonical_names": [
              "dmitry.local/root/users/Users"
            ],
            "distinguished_names": [
              "CN=Users,OU=users,OU=root,DC=dmitry,DC=local"
            ],
            "names": [
              "Users"
            ]
          }
        ]
      }
    }
  }
} 
```

|**Field**            |**Definition**                        |
|-----------------|------------------------------------|
|employee_ad_groups|A user with an AD security groups|
|employee_id     | Users identifier         |
|canonical_names | Username in the canonical format |
|distinguished_names|Unique username|
|names|Security group name|

Also, a query can be executed through the automation block "HTTP request". Detailed information about the operation of the block is displayed in the [Working With Services#HTTP Request](../../14.work_with_service.md) section.

GraphQL request method description about getting the employee_id and canonical_names fields of AD security groups

Audit Mechanism Description

Synchronized Attributes Between the System and AD

Getting Information About AD Security Groups

What Is Operavix

Quick Installation of the Operavix Server Component

Monitoring Agent

JS Tracker (Customer Journey Tracking)

Quick Installation

Quick System Setup

Building a Custom Dashboard

Template-Based Reports for Data Analysis

First Dashboard

What’s Next?

Quick Start 

Functional Architecture

Network Interaction of the System Components

Description of the System Functioning

System Integration with External Automated Systems

Technical Requirements for the Server and Hardware Equipment

Architectural Scheme of the Operavix Application

Network Scheme of the Operavix Application

Glossary

Description of the Operavix System 

Installing, Activating, and Removing the Operavix Application on Windows

Installing the Operavix Application on Linux

Updating Operavix on Windows

Updating Operavix on Linux

Updating Operavix

Cluster Mode Configuration

Installing the Automation Module on a Separate Server

Installing and Running the AI Agent

Installing and Running the Webhook Agent

Instructions for Installing, Updating, and Removing the System

Release Types

License Key

Beta Version Functionality

System Licensing

Working with Databases

Working with the System

System Configuration Files

Prometheus Metrics

Access Roles

Working with GraphQL

Managing System Users

System Emails to Users

Differences Between Operavix on Linux and Windows Operating Systems

Administration 

Installing and Removing the ClickHouse DBMS

Connecting the Application to the ClickHouse Analytical DBMS

Creating User Accounts in ClickHouse

Data Storage Structure in ClickHouse

ClickHouse 

Monitoring Agent Distribution

Monitoring Agent on Windows

Monitoring Agent on Linux

Starting and Stopping the Monitoring Agent

Installing, Updating, and Removing the Monitoring Agent

User Data Logging

Storing Monitoring Agent Logs

Export and Import of User Activity

Collecting Screenshots with the Monitoring Agent

Activity Archiving

Monitoring 

Signing In to the System

How to Recover Your Password

Home Page

Filtering

Navigation in the System

Workspaces

Personal Profile

System Setup

Users

Departments

Bulk Actions

Adding API Keys

Keytab File Creation for the Kerberos Authentication in Active Directory

Configuring Authentication Using OpenID Connect and Keycloak

Configuring SAML Authentication in Keycloak

Adding Authentication

The Monitoring Section

Connections Section

Data Storages

System Tables

System Settings 

Automation Agents

Execution Log

Control Panel

Connections

Automation Blocks

Trigger Blocks

Working with Files

Working with Services

Working with LLM

Tools

Event Processing

Editing a Script

Query and Code Editor

Script Validation and Publishing

Running a Script

Script Example

Automation 

Custom Integrations 

System Events

JS Tracker 

Workspace Access Settings

Adding and Configuring Tables

Table Replacement

Adding and Configuring Processes

Workspace Global Indicators

Display Rules

Data Model Configuration

Packages

General

Dashboard Access Settings

Click Filter

Table Report Export

Browse mode

Edit Mode

Views

Process Explorer

Sphere of Processes

Funnel Сhart

Table

Pivot Table

Strip Сhart

Combined Bar Chart

Bar Chart

Line Chart

Donut Chart

Histogram

Indicator

Percentage KPI

KPI List

Filter

Parameter

Text

Button

Widgets

Sorting

Markdown Usage Rules

Variables

Dimensions and Measures

Global Dashboard Indicators

Running a Script from a Dashboard

Go to the URL

Execute Script

Open View

Update Variable

Actions on Click

Input Methods

Displaying Monitoring Screenshots in Dashboards

Formula Editor

Formula Functions

The process Function

View Configuration in YAML

Widget Configuration in YAML

Dimensions and Measures in YAML

Data Formats and Formatting in YAML

YAML Editor

Dashboards

Report Example

Business Intelligence 

Package Creation Guide

Marketplace 

Configuring User Data Depersonalization upon Deletion in AD

LDAPS Activation

Retrieving AD Security Groups Information via GraphQL Query

Configuring User Synchronization with Active Directory

User Synchronization 

System Status Monitoring

Implemented Information Security Protection Measures in the System

Audit Logs

Docker Containers

Mutual Authentication Between Application Server and ClickHouse

For Security Administrator 

Known Issues and Limitations 

Field	Definition
employee_ad_groups	A user with an AD security groups
employee_id	Users identifier
canonical_names	Username in the canonical format
distinguished_names	Unique username
names	Security group name

.css-wsrjzs{display:inline;margin-right:12px;}@media screen and (max-width: 691px){.css-wsrjzs{display:inline-block;margin-right:0;}}Getting Information About AD Security Groups Using A GraphQL Request

Getting Information About AD Security Groups Using A GraphQL Request