cancel
Showing results for 
Search instead for 
Did you mean: 

How to find a users AD account name based on a display name with the Query LDAP action

Nintex Newbie
5 14 39.8K

Often times we have an Active Directory (AD) username that we need to find a users display name for. This type of lookup is well documented  here on the Nintex Connect community site.  But what about the opposite scenario?  What if I have a text display name and I want to get the username?

So, I decide to write up a quick post (as I was helping someone the other day that was saving user names to a text column in SharePoint and then wanted to go back and lookup their AD account information) to describe how to perform this type of lookup. Thankfully, this is pretty straightforward to accomplish with the Query LDAP action in Nintex Workflow.

Example and how to

I have a user with a display name of 'John Doe' and I want to find his LANID which is 'jdoe123'

Open the Nintex workflow designer and drag the Query LDAP action to your canvas:

Now you'll need to configure the action. I have configured the action to retrieve the sAMAccountNAme attribute (which is the username I want to work with) and store it to a variable called perLANID. Note that this is a person type variable which would work great if I'm storing the data back in a Person / Group SharePoint column. Optionally, I could also store it to a text variable and just have the naked username.

Keep in mind that you will need to configure the LDAP path, which can be done easily by click on the grey servers icon on the right and exploring the LDAP tree that your SharePoint environment is connected to or by specifying another LDAP catalog by manually entering its path):

Here is the LDAP search query I used for your convenience:

(&(displayName=USERSDISPLAYNAMEHERE))

Just to make sure everything is configured properly, you can test your configuration by clicking on Run Now (Green play button) and then clicking on Execute (Green play button):

As you can see I was able to isolate the username and can now do whatever I need to do with this account information such as assign tasks, modify permissions and more.  It's worth pointing out that while I used a hard coded value for the display name I was searching for, I could have easily substituted that with a text display name that was stored in a SharePoint column or Nintex Workflow variable.

If you find searching for metadata stored inside of AD to be helpful in your workflows I would recommend the following links for further reading:

Microsoft TechNet - LDAP Query Basics

https://technet.microsoft.com/en-us/library/aa996205%28v=exchg.65%29.aspx

Microsoft Technet - All AD Attributes

https://msdn.microsoft.com/en-us/library/ms675090(v=vs.85).aspx

14 Comments
Not applicable

I tried to re-use this method but have hit a snag and I am not sure what is the issue. I am trying to get a person variable by searching up the First & Last names:

(&(objectCategory=person)(objectClass=user)

(givenName={ItemProperty:FirstName})(sn={ItemProperty:LastName}))

The problem I am having is that I cannot get the sAMAccountName to be saved as a Person variable. When I 'run now', my query returns an sAMAccountName to me in the query window so I know the query is working. It cannot convert the sAMAccountName to a person for some reason. I have tried logging this as well, there is nothing in the variable (empty). I need to save the person var back to a list column (to be used later on in the WF). Any help would be appreciated.

Thanks

Nintex Newbie

You probably need to convert it back to a Windows token format or Claims format for the People column to recognize it. Whether you need Windows token format or Claims format depends on how your SharePoint environment is configured.

Windows Token Format

If you have the SAMAccount, you can add the domain back to the prefix of the account. For example:

<domain>\<SAMAccount>

Claims Format

The claims format is just a little longer, and typically follows the pattern below:

i:0#.w|<domain>\<SAMAccount>

More info on Claims formatting:

http://social.technet.microsoft.com/wiki/contents/articles/13921.sharepoint-2013-claims-encoding-als...

If you find you are doing this conversion frequently, you could consider making a UDA to get the formatting you need for future actions.

Not applicable

Yes that is exactly what happened. I was trying to store the samaccountname directly into a person variable and that was not working. I had to save that as a string and do a Build string action to convert this to claims and that did the trick - i was able to store this back into a person field on SharePoint

Not applicable

How can I use the Query LDAP to get information on which global security groups a user belongs to and then copy that groups to another account?

Nintex Newbie

Brad Orluk

I have the user's display name after executing a regular expression and parsing through an email. Now what i am trying to do is convert or pull the user's email address with his display name... can this be done with the "Query LDAP" action? please advice

Nintex Newbie

Hi ivan garcia,

If there is a value in the email attribute for that account you can simply pull that in addition to the users name, otherwise, perhaps you can concatenate the email address based on the users name using a regular expression (e.g. John Doe at Acme could be manipulated into jdoe@acme.com relatively easily). 

Nintex Newbie

Thanks for your response Brad, but there is no attribute for that user. I extracted the name from an email that is being forwarded to a list in SharePoint. Once i extracted (Doe, John) and sent it to a variable, i can't seem to find a way to pull his email address, since i am going to need this to send him an email with another function. Let me know if it makes sense, and thanks for your help.

From: test@test.com [mailto:test@test.com]

Sent: Saturday, February 13, 2016 12:13 AM

To: Doe, John

Automation Master
Automation Master

I think, it's important to mention that user's display name is not an unique user identifier!

meaning that in larger/enterprise environment it's not unusual to find several people with the same display name.

so, I would personally rather tried to avoid such kind of lookups .

Nintex Newbie

Thanks Marian! Yes, our environment has over 40,000 users. Do you know of another another way to pull this information in Nintex and make it work? thanks for your help

Automation Master
Automation Master

ivan garcia​, I'm not sure what do you exactly mean by "Do you know of another another way to pull this information".

the procedure described by Brad is technically correct. but you will have to keep in mind you might get list of several users instead of one single person. without extending of LDAP query by some further details or without some further filters/checks on received result set you can not be sure you really identified the person you intended to.

Nintex Newbie

That is absolutely correct. I would typically recommend a layered approach to collecting user information since yes, in a large environment there may be 2 (or many more!) users with the same display name. So, if more than one user is returned, you could evaluate something like an OU to determine if it is the correct user's AD account being returned.

Automation Master
Automation Master

Brad Orluk​, you mentioned in your article you use person type variable to store LDAP query output to (and that possibly text variable could be used). have you tested this in case LDAP query returns multiple outputs? I would say it will error out...

I used to store result set to a collection and then process it accordingly.

Nintex Newbie

That is also correct. So if you used something like (&(displayName=b*)), all of the users with a display name starting with 'b' would be returned. From there you can use a collection variable to store each one and then use a For Each loop to iterate through each one, perhaps to pull additional attributes to evaluate.

Nintex Newbie

Brad Orluk‌,

The LDAP query does not return more than 1000 results,  could you provide a solution for that?