This site uses different types of cookies, including analytics and functional cookies (its own and from other sites). To change your cookie settings or find out more, click here. If you continue browsing our website, you accept these cookies.
It's the most wonderful time of the year - Santalytics 2020 is here! This year, Santa's workshop needs the help of the Alteryx Community to help get back on track, so head over to the Group Hub for all the info to get started!
Here are my instructions for using Alteryx to query Active Directory. We use Alteryx 2019.1 and this workflow was run against a Windows Server 2008 R2 AD instance. Your mileage may vary if your configuration is different.
Note: This is my first new thread post on the community, so please let me know if I missed something or need to make changes.
I am also working on a "group membership" workflow/macro. I hope to post those instructions in the near future.
Feel free to provide feedback (even grammar!).
How to add an Active Directory lookup to your Alteryx workflow
Add the Dynamic Input tool to your workflow. It can be found under the Developer tab.
Select the newly added Dynamic Input tool, then click Edit in the Configuration pane to add the Active Directory server and query information.
In the new Alteryx Designer x64 window, click the dropdown below Connect a File or Database and select Other Databases then OleDB…
Select OLE DB Provider for Microsoft Directory Services from Select the data you want to connect to: section in the Provider tab in the Data Link Properties window, then click Next >>.
On the Connection tab, enter the name of the Active Directory server in the Data Source: and Location: textboxes in section then select the Use Windows NT Integrated security radio button.
Note: Please use a local domain control for best performance. To see the local Windows PC’s currently connected domain controller, open Command Prompt (CMD.exe) and type SET. The information will be under the LOGONSERVER value. Be sure to add your domain name to the end if SET is used to find the domain controller.
Click Test Connection.
An error message will appear, but don’t worry. Now click Yes on the Microsoft Data Link Error window to continue with a test connection.
If a successful message (like the one below) does not appear, return to step 4 and check that everything was entered correctly, otherwise proceed to step 9.
Click OK to close the Data Link Properties
In the new Choose Table or Specify Query window, click the SQL Editor
Note: If you close this window, you will have to restart from step 3.
Decide on the desired SQL for your query:
First, select desired attributes from the list below to output
For more attributes, check with your Active Directory Administrator or the Internet.
Next, select attributes from the list above to use for the search
Finally, combine output attributes, Active Directory server, and search attributes to create a SQL query:
SELECT (add desired attributes separated by a comma here)
from 'LDAP://(Active Directory Server)’
where (desired attribute search) = ‘test’
Note: The search criteria is ‘test’ because the Dynamic Input tool will replace ‘test’ with the actual results from a preceding tool in the workflow.
Here is an example where name, userid, and email would be returned from a local Active Directory Server with a search based on userid:
SELECT cn, samaccountname, mail from 'LDAP://ADServer.domain.com’
WHERE samaccountname = 'test'
Here is a second example where name, title, supervisor name, supervisor userID, job hierarchy info, employee type, and office city would be returned from a local Active Directory Server with a search based on email address:
SELECT cn, title, ReportsToName, SupvID, division, employeeType, location from 'LDAP://ADServer.domain.com’ WHERE mail = 'test'
Click Test Query after entering the “SQL” to test the query.
If a successful message (like the one below) does not appear, return to step 11 and check that everything was entered correctly, otherwise proceed to step 14.
Click OK to close the Test Query Success
Click OK again to now close the Choose Table or Specify Query
Click OK one more time to now close the Alteryx Designer x64
Select the Dynamic Input tool, then select the Modify SQL Query radio button, click Add, and select SQL: Update WHERE Clause to open the SQL: Update WHERE Clause configuration window.
In the new SQL: Update WHERE Clause window, use the Replacement Field: dropdown, to select the field that will be used to provide the attribute used for searching. If you do not see anything in the Replacement Field: dropdown, confirm that the Dynamic Input tool is connected to the appropriate previous tool which has the desired replacement field.
Note: In this example, the mail attribute is being used for the search and so the email_address field from a previous tool in the workflow will be used to populate the search.
Click OK after confirming all information is correct in the SQL: Update WHERE Clause
Run the workflow!
To modify your SQL query after completing step 19, follow the steps below:
I. Select the Dynamic Input tool then click Edit in the Input Data Source Template section
II. Click the … under option 4 in the Alteryx Designer x64
III. An error message like the one below will appear. Do not worry as this is normal and due to the way that Alteryx works. Click OK to close the Parsing Error
IV. Follow steps 10 through 16 above to enter and test the updated SQL query.
V. Continue through steps 17 through 19 if the attribute used in the WHERE clause was changed.
@rvinther, I'm happy to hear the instructions were helpful.
Unfortunately, I don't have a method for writing back to AD. That is definitely something to take up with your local AD Admin as each installation of AD has a different configuration.
It is cool that using the * in the Input Tool worked for you. I had just tried Dynamic Input based on my use case. Thanks for the insight.
Whenever I was looking for fields, I opened my desired AD item from the OU folder it was located in (as opposed to using Find) and there was an "Attributes" tab which listed all the possible fields. Remember, there are typically multiple schemas in place so one item's "Attributes" might not be the same as another. It is always best to open the specific item in question, if possible.
If my query results in more than 1000 rows it throws this error: "Input Data (3) Error ReadRecord: Interface ISupportErrorInfo not available".
If any one has any ideas on how to get around this, let me know. I can't see a nice way to recursively loop through and get 1000 rows each time .. or get the syntax to bypass the 1000 record limit (Page Size=20000 in teh connection string does nothing).