You are viewing limited content. For full access, please sign in.

Question

Question

Add LFDS Groups to SQL Query

Directory Server
Updated September 11, 2024
asked on April 3, 2024 Show version history

I am using the below SQL query to grab licensed LFDS accounts and return their id, name, license type, identity provider, display name, and email address. I would also like to add what groups they are a member of in LFDS. Does anyone know what tables to look in for those? I looked at the ones I thought but

SELECT        do.id, do.name, 
                         (CASE ul.type WHEN '9bba0d89-9a13-455f-ada9-83cf071d46b9' THEN 'Full' WHEN '6e858768-cd5c-4e50-8fbe-aced7f67e25f' THEN 'Retrieval' WHEN 'dde75261-70e3-49f5-84bc-d8ef36f1aa56' THEN 'Participant' WHEN '57bf6faf-9269-1c97-4370-ab3d6984d2c5'
                          THEN 'Participant' END) AS LicenseType, idP.name AS IdentityProvider, (CASE WHEN ac.claim_id = '12' THEN str_val END) AS DisplayName, ac2.EmailAddress
FROM            LFDS.dbo.directory_objects AS do INNER JOIN
                         LFDS.dbo.identity_providers AS idP ON do.provider_id = idP.id INNER JOIN
                         LFDS.dbo.user_licenses AS ul ON do.sid = ul.sid INNER JOIN
                         LFDS.dbo.additional_claims AS ac ON do.sid = ac.sid INNER JOIN
                             (SELECT        sid, claim_id, str_val AS EmailAddress
                               FROM            LFDS.dbo.additional_claims
                               WHERE        (claim_id = 1)) AS ac2 ON do.sid = ac2.sid
WHERE        (ac.claim_id = '12')

couldn't find the groups. The group_membership table and it has the group_sid and member_sid associations, but I can't find the groups.

 

1 0

Replies

replied on April 3, 2024 Show version history

Here is a query we use to populate dropdowns and lookups. Should be able to adapt it to your query.

 

SELECT        directory_objects.name AS UserName,

                             (SELECT        str_val

                               FROM            LFDS.dbo.additional_claims

                               WHERE        (claim_id = 1) AND (sid = LFDS.dbo.directory_objects.sid)) AS eMail,

                             (SELECT        str_val

                               FROM            LFDS.dbo.additional_claims AS additional_claims_1

                               WHERE        (claim_id = 12) AND (sid = LFDS.dbo.directory_objects.sid)) AS DisplayName,
							   gr.name as GroupName





FROM            LFDS.dbo.directory_objects 
JOIN LFDS.dbo.group_membership g on g.member_sid = lfds.dbo.directory_objects.sid
JOIN LFDS.dbo.directory_objects gr on gr.sid = g.group_sid

where directory_objects.type = 0

AND NOT (directory_objects.flags & 256) > 0

AND NOT (directory_objects.flags & 128) > 0

 

1 0
View 2 previous replies
replied on April 4, 2024

This looks promising. Thank you for sharing, John. I will update this post with my final query.

0 0
replied on April 4, 2024

@████████, what are the directory_objects.flags 256 and 128 in your query?

0 0
replied on April 4, 2024

I know one is to remove disabled accounts and I think the other is deleted accounts. Wish I documented it.

0 0
replied on September 11, 2024

Blake, did you end up with a final query for this? I am also interested.

0 0
replied on September 11, 2024

I don't think I ever moved forward with this. I probably got distracted by another project. If you put something together please share.

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...