How to Get User/Group Details for AD/LDAP Configuration in Windows
When configuring Active Directory (AD) authentication as per How to Connect to an External Identity Provider Using SAML, How to Configure IDP Initiated SAML (SSO) Authentication from Okta Application Dashboard or User Roles Used in Manta Admin UI several Active Directory / LDAP parameters are needed to make the authentication successful. These can often be provided by the AD/LDAP administrator. If there are any issues, an AD/LDAP browser helps display details about individual accounts used for testing.
This article explains how to use Windows PowerShell to query Active Directory for the details about a particular user or group to ease IBM Manta Data Lineage configuration.
Instructions
-
Install the Windows module for Active Directory. See the PowerShell Active Directory Module documentation for more details.
-
Use PowerShell cmdlet Get-ADUser to query details about a particular user account that should have access to Manta Data Lineage
Get-ADUser <USERNAME> -Properties * -server <DOMAIN.COM> #| Select-Object LockedOut #| FT Name,SamAccountName -Awhere
<USERNAME>and<DOMAIN.COM>are the username of interest and the Active Directory server name, respectively.
See the PowerShell documentation on Get-ADUser for more details about the command parameters. -
Use PowerShell cmdlet Get-ADGroup to query details about a particular group that grants access to Manta Data Lineage
Get-ADgroup <MANTAGROUPNAME> -Properties * -server <DOMAIN.COM> #| FT Name,SamAccountName -Awhere
<MANTAGROUPNAME>and<DOMAIN.COM>are the name of the group to be used for Manta Data Lineage and the Active Directory server name, respectively.
See the PowerShell documentation on Get-ADGroup for more details about the command parameters. -
Review the returned result to correctly configure the attributes in Manta Admin UI / Configuration / Server / Security / LDAP.