Connecting to Microsoft Active Directory

The Sisense Microsoft Active Directory connector is a standalone connector that allows you to import data from Microsoft Active Directory’s API into the ElastiCube Manager. After you have downloaded and installed the connector, you can connect through a connection string you provide Sisense in the ElastiCube Manager. The connection string is used to authenticate users who connect to the Microsoft Active Directory tables.

Once you have connected to Microsoft Active Directory, you can import a variety of tables from the Microsoft Active Directory API.

This page describes how to install the Microsoft Active Directory connector, how to connect to Microsoft Active Directory with a connection string, and what tables you can import into the ElastiCube Manager:

Installing the Microsoft Active Directory Connector

Sisense provides the Microsoft Active Directory connector as a standalone connector that you can download and add to your list of default Sisense connectors.

To install the Microsoft Active Directory connector:

  1. Download the Microsoft Active Directory installation file.
  2. Open the installation file and click Install.
  3. After the installation process is complete, click Close.

The Microsoft Active Directory connector is displayed in the ElastiCube Manager under Add Data > Web Services.

Connecting to the Microsoft Active Directory

Sisense uses connection strings to connect to Microsoft Active Directory and import data into the ElastiCube Manager.

The connection string to connect to Microsoft Active Directory has the following structure:

jdbc:activedirectory:Property1=Value1;Property2=Value2;

The following is an example of a Microsoft Active Directory connection string:

jdbc:activedirectory:User=xxxxxxxxx;Password=xxxxxxxxxx;Server=xxxxxxxxxx;Port=389;BaseDN=CN=xxxx,DC=xxxx,DC=xxxxxxx,DC=xxxxxxx;

To establish a connection, the following properties under the Authentication section must be provided:

Note: Specifying a narrow BaseDN may greatly increase performance; for example, cn=users,dc=domain will only return results contained within cn=users and its children.

Note: To switch between accounts, you need to delete the file OAuthsettings.txt file located at …\Users\xxx\AppData\Roaming\CData\Microsoft Active Directory Data Provider.

To add Microsoft Active Directory data:

  1. In ElastiCube Manager, click Add Data and then, Microsoft Active Directory. The Connect to Microsoft Active Directory window is displayed.
  2. In Datasource Connection String, enter your connection string.
  3. Click Connect to Server. Microsoft Active Directory is displayed in the Select Database list.
  4. Click OK. Sisense connects to Microsoft Active Directory and displays a list of tables available for you to import.
  5. Select the relevant tables and click Add.

The tables are displayed in the ElastiCube Manager.

Switching between Accounts

When you connect to the Microsoft Active Directory data source, Sisense saves your OAuth values in the file OAuthsettings.txt file located at …\Users\xxx\AppData\Roaming\CData\Microsoft Active Directory Data Provider on your Sisense server. To connect to the Microsoft Active Directory data source with another user on the same machine, you must delete the OAuthsettings.txt file. Sisense will then generate a new file for that user.

Another option to support multiple users is to define the location and file name of an OAuthsettings file for each unique user in your connection string through the OAuthSettingsLocationparameter. When each user connects to the data source, Sisense generates the OAuth file with the file name you specify in the location you define. In the examples below, two users are allowed to access the Microsoft Active Directory data source and for each user, Sisense generates a file that contains that user’s OAuth values in the location defined in the string.

jdbc:activedirectory:OAuthSettingsLocation=C:\MicrosoftActiveDirectory\auth\john.txt;OAuthClientId=11276856774486;

OAuthClientSecret=064c70d78567jm2b7e7e4224fad;InitiateOAuth=GETANDREFRESH;Version=2.8;CallbackURL=http://localhost/;

jdbc:activedirectory:OAuthSettingsLocation=C:\MicrosoftActiveDirectory\auth\sally.txt;OAuthClientId=11276856774486;

OAuthClientSecret=064c70d78567jm2b7e7e4224fad;InitiateOAuth=GETANDREFRESH;Version=2.8;CallbackURL=http://localhost/;

In the example above, to OAuth files are created, one for John and one for Sally in the location C:\Microsoft Active Directory\auth\.

This is useful if you support many users who each need to access the Microsoft Active Directory data source.

Microsoft Active Directory Tables

Microsoft Active Directory’s RESTful APIs expose the following Microsoft Active Directory tables that you can import into the ElastiCube Manager through the Sisense Microsoft Active Directory connector:

Available Tables

Name Description
Account The account object class is used to define entries that represent computer accounts.
ApplicationEntity X.500 base class for applications: Directory Service only uses subclass MSFT-DSA.
ApplicationProcess X.500 base class for applications: Exchange only uses subclass DSA-Application.
ApplicationSettings Base class for server-specific application settings.
ApplicationSiteSettings Contains all site-specific settings.
ApplicationVersion Can be used by application developers to store version information about their application or its schema.
BuiltinDomain The container that holds the default groups for a domain.
CertificationAuthority Represents a process that issues public key certificates, for example, a Certificate Server.
Computer This class represents a computer account in the domain.
Contact This class contains information about a person or company that you may need to contact on a regular basis.
Events Query the Events for a Target based on either the Target or SearchTerms. May require the user_events permission.
CRLDistributionPoint The object holding Certificate, Authority, and Delta Revocation lists.
DHCPClass Represents a DHCP Server (or set of servers).
DnsNode Holds the DNS resource records for a single host.
DnsZone The container for DNS Nodes. Holds zone metadata.
Domain Contains information about a domain.
DomainDNS Windows NT domain with DNS-based (DC=) naming.
DomainPolicy Defines the local security authority policy for one or more domains.
DomainRelatedObject The domainRelatedObject object class is used to define an entry that represents a series of documents.
ForeignSecurityPrincipal The Security Principal from an external source.
Group Stores a list of user names. Used to apply security principals on resources.
GroupOfNames Used to define entries that represent an unordered set of names that represent individual objects or other groups of names.
GroupOfUniqueNames Defines the entries for a group of unique names. In general, used to store account objects.
GroupPolicyContainer This represents the Group Policy Object. It is used to define group polices.
IpHost Represents an abstraction of a host or other IP device.
IpNetwork Represents an abstraction of a network. The distinguished name value of the Common-Name attribute denotes the canonical name of the network.
Organization Stores information about a company or organization.
OrganizationalPerson This class is used for objects that contain organizational information about a user, such as the employee number, department, manager, title, office address, and so on.
OrganizationalRole This class is used for objects that contain information that pertains to a position or role within an organization, such as a system administrator, manager, and so on. It can also be used for a nonhuman identity in an organization.
OrganizationalUnit A container for storing users, computers, and other account objects.
Person Contains personal information about a user.
PosixAccount Represents an abstraction of an account with Portable Operating System Interface (POSIX) attributes.
PosixGroup Represents an abstraction of a group of accounts.
PrintQueue Contains information about a print queue.
SecurityObject This is an auxiliary class that is used to identify security principals.
SecurityPrincipal Contains the security information for an object.
Server This class represents a server computer in a site.
Site A container for storing server objects. Represents a physical location that contains computers. Used to manage replication.
Top The top level class from which all classes are derived.
TrustedDomain An object that represents a domain trusted by (or trusting) the local domain.
User This class is used to store information about an employee or contractor who works for an organization. It is also possible to apply this class to long term visitors.

Limitations

  1. Accumulated builds are supported because all tables have string columns.
  2. Aggregate functions are not supported