Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Grow your Fabric skills and prepare for the DP-600 certification exam by completing the latest Microsoft Fabric challenge.

Reply
NicoLemarchand
Regular Visitor

Getting GID or SID fom Active Directory

‎04-22-2022 01:50 AM

Hi, 

 

I'm facing a problem I'm not able to solve alone.

I analyse usage of a web app thanks to a powerBi dashboard.

Currently, as all the logs of my app identifies users with their SID, I shall ask my IT department to export a list linking SID and usernames (I think they did that with PowerShell) and then I can import my logs, this table, and I connect Active Directory to get all relevant data I need about my users.

I guess I could be possible to get directly the SID from Active Directory in PowerBi but I dont find it in all the tables. I found a user GID (I'my quite sure it's the userful info for me) but it's a binary.

 

In fact, what I expect is to get a table with :

UserName | SID or GID | then all other info i alerady get from the AD (users mail; department, etc.)

 

Can someone help on that ?

Feel free to ask for more details if needed !

 

Nicolas.

 

 

Labels:
Message 1 of 3
945 Views
0
2 REPLIES 2
NicoLemarchand
Regular Visitor

‎04-25-2022 04:47 AM

Hi @lbendlin 

Thank you for the quick reply.

I searched a little bit further in the tables and I'm quite sure the info I need is contained in the "ObjectSid" contained in the securityPrincipal table for each of the users in AD.

 

NicoLemarchand_0-1650886796369.png

 

I wish I could both expand securityPrincipal to get the objectSID (easy) and make it "human readable" . Thats the point where I'm struck...

 

You're right on the point SID are not fully user related. Globally, the first part of the SID is linked to the domain, and it's the same for all users of that domain. But the last part of the SID is related to user. For me, having the whole SID or only the user related part "GID ? or RID?" is ok, as ally my users are on the same domain and I can have one with the other.

Message 3 of 3
867 Views
0
lbendlin
Super User
Super User

‎04-23-2022 05:13 PM

In our AD implementation the GID is called "primaryGroupID"  and it sits inside the "user"  attribute.

let
    Source = ActiveDirectory.Domains("domain.net"),
    domain = Source{[Domain="domain.net"]}[#"Object Categories"],
    user1 = domain{[Category="user"]}[Objects],
    #"Filtered Rows" = Table.SelectRows(user1, each Text.Contains([distinguishedName], "username")),
    #"Expanded user" = Table.ExpandRecordColumn(#"Filtered Rows", "user", {"primaryGroupID"}, {"primaryGroupID"})
in
    #"Expanded user"

 

As I understand it SIDs are machine related, not user related.

Message 2 of 3
892 Views
0

Helpful resources

Announcements
Europe Fabric Conference

Europe’s largest Microsoft Fabric Community Conference

Join the community in Stockholm for expert Microsoft Fabric learning including a very exciting keynote from Arun Ulag, Corporate Vice President, Azure Data.

RTI Forums Carousel3

New forum boards available in Real-Time Intelligence.

Ask questions in Eventhouse and KQL, Eventstream, and Reflex.

MayPowerBICarousel1

Power BI Monthly Update - May 2024

Check out the May 2024 Power BI update to learn about new features.

View All
Top Solution Authors
View All
Top Kudoed Authors
View All