Top.Mail.Ru
Getting Information About AD Security Groups
CTRL+K

Getting Information About AD Security Groups Using A GraphQL Request

In this article
  • Getting Information About AD Security Groups Using A GraphQL Request

You can get information about AD security groups using a GraphQL query in GraphiQL.

Important

Before executing a GraphQL query to get information about security groups, it is required to configure an integration for information synchronization by group.

A query for AD security groups can be executed only from the API Key with the assigned "Users" privilege with the access operation R (reading). You can find more information about API Key creation and how to assign a privilege to a created key in the following sections:

Configure the AD integration using the following query:

mutation {
  app_config {
    active_directory {
      update_config(sync_employee_group_membership_enabled:true) {
        sync_employee_group_member_enabled
      }
    }
  }
}
Note

Synchronization is carried out by a universal security group. The global security group is not supported.

Query options for security groups:

  1. Query without a filter:
    {
      active_directory {
        ad_group {
          employee_ad_groups {
            employee_id
            canonical_names
            distinguished_names
            names
          }
        }
      }
    } 
    
  2. Query with a filter by users:
    {
      active_directory {
        ad_group {
          employee_ad_groups(ids:[<id_пользователя_1>, <id_пользователя_2>]) { 
            employee_id
            canonical_names
            distinguished_names
            names
          }
        }
      }
    }
    

Response example:

{
  "data": {
    "active_directory": {
      "ad_group": {
        "employee_ad_groups": [
          {
            "employee_id": 11,
            "canonical_names": [
              "dmitry.local/root/users/Users"
            ],
            "distinguished_names": [
              "CN=Users,OU=users,OU=root,DC=dmitry,DC=local"
            ],
            "names": [
              "Users"
            ]
          }
        ]
      }
    }
  }
} 
FieldDefinition
employee_ad_groupsA user with an AD security groups
employee_idUsers identifier  
canonical_namesUsername in the canonical format
distinguished_namesUnique username
namesSecurity group name

Also, a query can be executed through the automation block "HTTP request". Detailed information about the operation of the block is displayed in the Working With Services section.

Was the article helpful?

Yes
No
Previous
Synchronized Attributes Between the System and AD
We use cookies to improve our website for you.