The Sisense Microsoft Active Directory connector is a standalone connector that allows you to import data from Microsoft Active Directory’s API into the ElastiCube Manager. After you have downloaded and installed the connector, you can connect through a connection string you provide Sisense in the ElastiCube Manager. The connection string is used to authenticate users who connect to the Microsoft Active Directory tables.

Once you have connected to Microsoft Active Directory, you can import a variety of tables from the Microsoft Active Directory API.

This page describes how to install the Microsoft Active Directory connector, how to connect to Microsoft Active Directory with a connection string, and what tables you can import into the ElastiCube Manager:

Installing the Microsoft Active Directory Connector

Sisense provides the Microsoft Active Directory connector as a standalone connector that you can download and add to your list of default Sisense connectors.

To install the Microsoft Active Directory connector:

  1. Download the Microsoft Active Directory installation file.
  2. Open the installation file and click Install.
  3. After the installation process is complete, click Close.

The Microsoft Active Directory connector is displayed in the ElastiCube Manager under Add Data > Web Services.

Connecting to the Microsoft Active Directory

Sisense uses connection strings to connect to Microsoft Active Directory and import data into the ElastiCube Manager.

The connection string to connect to Microsoft Active Directory has the following structure:

jdbc:Microsoft Active Directory:Property1=Value1;Property2=Value2;

The following is an example of a Microsoft Active Directory connection string:

jdbc:User=xxxxxxxxx;Password=xxxxxxxxxx;Server=xxxxxxxxxx;Port=389;BaseDN=CN=xxxx,DC=xxxx,DC=xxxxxxx,DC=xxxxxxx;

To establish a connection, the following properties under the Authentication section must be provided:

  • Valid User and Password credentials (e.g., Domain\\BobF or cn=Bob F,ou=Employees,dc=Domain).
  • Server information, including the IP or host name of the Server and the Port.
  • BaseDN will limit the scope of LDAP searches to the height of the distinguished name provided.

Note: Specifying a narrow BaseDN may greatly increase performance; for example, cn=users,dc=domain will only return results contained within cn=users and its children.

  • If you define your own custom schemas to work with your ActiveDirectory object classes, set Location to the path to the folder containing the schema files.

Note: To switch between accounts, you need to delete the file OAuthsettings.txt file located at …\Users\xxx\AppData\Roaming\CData\Microsoft Active Directory Data Provider.

To add Microsoft Active Directory data:

  1. In ElastiCube Manager, click Add Data and then, Microsoft Active Directory. The Connect to Microsoft Active Directory window is displayed.
  2. In Datasource Connection String, enter your connection string.
  3. Click Connect to Server. Microsoft Active Directory is displayed in the Select Database list.
  4. Click OK. Sisense connects to Microsoft Active Directory and displays a list of tables available for you to import.
  5. Select the relevant tables and click Add.
  6. The tables are displayed in the ElastiCube Manager.

Switching between Accounts

When you connect to the Microsoft Active Directory data source, Sisense saves your OAuth values in the file OAuthsettings.txt file located at …\Users\xxx\AppData\Roaming\CData\Microsoft Active Directory Data Provider on your Sisense server. To connect to the Microsoft Active Directory data source with another user on the same machine, you must delete the OAuthsettings.txt file. Sisense will then generate a new file for that user.

Another option to support multiple users is to define the location and file name of an OAuthsettings file for each unique user in your connection string through the OAuthSettingsLocationparameter. When each user connects to the data source, Sisense generates the OAuth file with the file name you specify in the location you define. In the examples below, two users are allowed to access the Microsoft Active Directory data source and for each user, Sisense generates a file that contains that user’s OAuth values in the location defined in the string.

jdbc:MicrosoftActiveDirectory:OAuthSettingsLocation=C:\MicrosoftActiveDirectory\auth\john.txt;OAuthClientId=11276856774486;

OAuthClientSecret=064c70d78567jm2b7e7e4224fad;InitiateOAuth=GETANDREFRESH;Version=2.8;CallbackURL=http://localhost/;

jdbc:MicrosoftActiveDirectory:OAuthSettingsLocation=C:\MicrosoftActiveDirectory\auth\sally.txt;OAuthClientId=11276856774486;

OAuthClientSecret=064c70d78567jm2b7e7e4224fad;InitiateOAuth=GETANDREFRESH;Version=2.8;CallbackURL=http://localhost/;

In the example above, to OAuth files are created, one for John and one for Sally in the location C:\Microsoft Active Directory\auth\.

This is useful if you support many users who each need to access the Microsoft Active Directory data source.

Microsoft Active Directory Tables

Microsoft Active Directory’s RESTful APIs expose the following Microsoft Active Directory tables that you can import into the ElastiCube Manager through the Sisense Microsoft Active Directory connector:

Available Tables

NameDescription
AccountThe account object class is used to define entries that represent computer accounts.
ApplicationEntityX.500 base class for applications: Directory Service only uses subclass MSFT-DSA.
ApplicationProcessX.500 base class for applications: Exchange only uses subclass DSA-Application.
ApplicationSettingsBase class for server-specific application settings.
ApplicationSiteSettingsContains all site-specific settings.
ApplicationVersionCan be used by application developers to store version information about their application or its schema.
BuiltinDomainThe container that holds the default groups for a domain.
CertificationAuthorityRepresents a process that issues public key certificates, for example, a Certificate Server.
ComputerThis class represents a computer account in the domain.
ContactThis class contains information about a person or company that you may need to contact on a regular basis.
EventsQuery the Events for a Target based on either the Target or SearchTerms. May require the user_events permission.
CRLDistributionPointThe object holding Certificate, Authority, and Delta Revocation lists.
DHCPClassRepresents a DHCP Server (or set of servers).
DnsNodeHolds the DNS resource records for a single host.
DnsZoneThe container for DNS Nodes. Holds zone metadata.
DomainContains information about a domain.
DomainDNSWindows NT domain with DNS-based (DC=) naming.
DomainPolicyDefines the local security authority policy for one or more domains.
DomainRelatedObjectThe domainRelatedObject object class is used to define an entry that represents a series of documents.
ForeignSecurityPrincipalThe Security Principal from an external source.
GroupStores a list of user names. Used to apply security principals on resources.
GroupOfNamesUsed to define entries that represent an unordered set of names that represent individual objects or other groups of names.
GroupOfUniqueNamesDefines the entries for a group of unique names. In general, used to store account objects.
GroupPolicyContainerThis represents the Group Policy Object. It is used to define group polices.
IpHostRepresents an abstraction of a host or other IP device.
IpNetworkRepresents an abstraction of a network. The distinguished name value of the Common-Name attribute denotes the canonical name of the network.
OrganizationStores information about a company or organization.
OrganizationalPersonThis class is used for objects that contain organizational information about a user, such as the employee number, department, manager, title, office address, and so on.
OrganizationalRoleThis class is used for objects that contain information that pertains to a position or role within an organization, such as a system administrator, manager, and so on. It can also be used for a nonhuman identity in an organization.
OrganizationalUnitA container for storing users, computers, and other account objects.
PersonContains personal information about a user.
PosixAccountRepresents an abstraction of an account with Portable Operating System Interface (POSIX) attributes.
PosixGroupRepresents an abstraction of a group of accounts.
PrintQueueContains information about a print queue.
SecurityObjectThis is an auxiliary class that is used to identify security principals.
SecurityPrincipalContains the security information for an object.
ServerThis class represents a server computer in a site.
SiteA container for storing server objects. Represents a physical location that contains computers. Used to manage replication.
TopThe top level class from which all classes are derived.
TrustedDomainAn object that represents a domain trusted by (or trusting) the local domain.
UserThis class is used to store information about an employee or contractor who works for an organization. It is also possible to apply this class to long term visitors.

Limitations

  1. Accumulated builds are supported because all tables have string columns.
  2. Aggregate functions are not supported