Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Be one of the first to start using Fabric Databases. View on-demand sessions with database experts and the Microsoft product team to learn just how easy it is to get started. Watch now

Reply
CPhelan
Frequent Visitor

PowerBI to Query AD Group Memberships

‎01-11-2021 09:28 AM

Hello,

 

I'm relatively new to powerbi.  I came up with a series of powerbi reports to show Active Directory group memberships.  I used powershell to querry a list of users of an AD group then return their full group memberships,  along with SAMaccountname, Mail, UPN, First Name, Last Name, Title, Department, Division, Department Number, Primary Affiliation, and whether the user account is Enabled.  The data from the script is exported to a CSV file then I build my report in powerbi.  This is not a very eligant solution but it works for my first intention which was to report which retired staff still had access across my organization. These powerbi reports allow me to easily querry user group memberships at a glance instead of running a 1:1 script.  The biggest downside, I need to re-run the powershell script then re-import the tables in my report to get the most current data.  I've got 56 different reports so far.  

 

Now what I'd like to do is use the Active Directory data source directly in PowerBI, so I have the most current data and replicate the functionality of the individual reports.  This has proven to be a pretty difficult task.  I've added these Tables from the AD source: Group, inetOrgPerson, and user so far.  

 

my biggest obstacles:

show enabled and disabled user accounts

Connect the Group table to inetOrgPerson in order to return user Group memberships.  

 

I would apreciate any help at all.

 

Charles

Message 1 of 15
44,882 Views
1 ACCEPTED SOLUTION
CPhelan
Frequent Visitor

‎01-18-2021 09:19 AM

Hi  @v-alq-msft ,

 

There is an active directory connector in Get Data from PowerBI Desktop.  I was able to solve my issues. The first step:  I selected these tables from the AD connector AD: Group, InetorgPerson, User.  The next step was to expand the right columns.

Group Table

expand column Member and select these fields: Display Name, Member Of, Department,  EduPersonPrimary, SamAccountName, User Account Control,

 

InetorgPerson Table

Expand column EduPerson and select this fields: EduPersonPrimaryAffiliation

Expand column SamAccountName and select this field: Security Principal

Expand column  OrganizationalPerson and select these fields: Department, Division, Given Name, Title

 

User Table

Expand column: User and select these fields:  DepartmentNumber,  UserPrincipalName, UserAccountControl.

Expand column: Person and select this field:  SN (this is the surname attribute)

Expand column: SecurityPrincipal and select this field: SamAccountName

 

I linked all the tables: Group, InetorgPerson, and User using SamAccountName

 

My next issue was filtering active and inactive accounts.  I read another post by @niark Solved: AD useraccountcontrol integer conversion - Microsoft Power BI Community to figure out the integer conversion for the user account control. 

CPhelan_2-1610990886620.png

 

I opted to create a spreadsheet with the converted user account integers

 

The last step was to link the user table and my spreadsheet using UACProperties, then group active account and disabled accounts.

I use the UACProperties to filter the active accounts on each report page.

 

In my daily tasks as an enterprise desktop admin, I regularly run powershell applets to get AD user group membership and add or remove users from groups.  PowerBI has allowed me to get a much bigger picture of the users, which groups they belong to and discover issues across my organization.

 

Charles

 

 

View solution in original post

Message 5 of 15
44,784 Views
14 REPLIES 14
CPhelan
Frequent Visitor

‎12-08-2022 12:10 PM

Hi @santh00 ,

 

Even though the SamAccountName in groups and Users do not match, its important to create the link between them.  Double click on the link and make sure the "Cardinality" is set "Many to Many" and cross filter direction set to both. Hope this helps

 

Charles

 

SAM relationship between Group and User.png

 

 

 

 

Message 15 of 15
29,635 Views
0
CPhelan
Frequent Visitor

‎01-18-2021 09:19 AM

Hi  @v-alq-msft ,

 

There is an active directory connector in Get Data from PowerBI Desktop.  I was able to solve my issues. The first step:  I selected these tables from the AD connector AD: Group, InetorgPerson, User.  The next step was to expand the right columns.

Group Table

expand column Member and select these fields: Display Name, Member Of, Department,  EduPersonPrimary, SamAccountName, User Account Control,

 

InetorgPerson Table

Expand column EduPerson and select this fields: EduPersonPrimaryAffiliation

Expand column SamAccountName and select this field: Security Principal

Expand column  OrganizationalPerson and select these fields: Department, Division, Given Name, Title

 

User Table

Expand column: User and select these fields:  DepartmentNumber,  UserPrincipalName, UserAccountControl.

Expand column: Person and select this field:  SN (this is the surname attribute)

Expand column: SecurityPrincipal and select this field: SamAccountName

 

I linked all the tables: Group, InetorgPerson, and User using SamAccountName

 

My next issue was filtering active and inactive accounts.  I read another post by @niark Solved: AD useraccountcontrol integer conversion - Microsoft Power BI Community to figure out the integer conversion for the user account control. 

CPhelan_2-1610990886620.png

 

I opted to create a spreadsheet with the converted user account integers

 

The last step was to link the user table and my spreadsheet using UACProperties, then group active account and disabled accounts.

I use the UACProperties to filter the active accounts on each report page.

 

In my daily tasks as an enterprise desktop admin, I regularly run powershell applets to get AD user group membership and add or remove users from groups.  PowerBI has allowed me to get a much bigger picture of the users, which groups they belong to and discover issues across my organization.

 

Charles

 

 

Message 5 of 15
44,785 Views
BayliCapri
Regular Visitor
In response to CPhelan

‎10-16-2024 11:20 AM

Several of these columns were missing within the tables mentioned. I am trying to pull this together for a report and am really struggling.

Message 13 of 15
3,596 Views
0
CPhelan
Frequent Visitor
In response to BayliCapri

‎10-16-2024 12:16 PM

Hi @BayliCapri ,

Once you have selected the tables  from the AD connector AD: Group, InetorgPerson, User.  The next step is to expand the columns you need:

 

Click on Table View on the left side, and click the Home menu, then click "Transform Data"

 

In order to find the attributes you need for the report you'll need to expand Group, Select Member, expand group member

Screenshot 2024-10-16 150845.png

 

The query should look something similar to

= Table.ExpandRecordColumn(#"Expanded group.member", "group.member", {"displayName", "memberOf", "department", "sAMAccountName", "userAccountControl",

Message 14 of 15
3,588 Views
0
dileepkumar
Helper I
Helper I
In response to CPhelan

‎08-21-2024 09:09 PM

Hi we have build a report by using Active Directory we can able to see group type

  1. Mail enabled Security
  2. Distribution

    but we are unable to see

    3. Security and 4. Microsoft 365 group type
    do we have any alternate table or names for this  or it wont support can any one help on this 

Message 12 of 15
6,358 Views
0
Ivo_Jansen
Regular Visitor
In response to CPhelan

‎11-20-2023 02:33 AM

Ls,

 

Many Thanks. But I miss some column (the Bold ones) :

 

Group Table

expand column Member and select these fields: Display Name, Member Of, Department,  EduPersonPrimary, SamAccountName, User Account Control,

 

InetorgPerson Table

Expand column EduPerson and select this fields: EduPersonPrimaryAffiliation

Expand column SamAccountName and select this field: Security Principal

Expand column  OrganizationalPerson and select these fields: Department, Division, Given Name, Title

 

User Table

Expand column: User and select these fields:  DepartmentNumber,  UserPrincipalName, UserAccountControl.

Expand column: Person and select this field:  SN (this is the surname attribute)

Expand column: SecurityPrincipal and select this field: SamAccountName

 

What did I do wrong ?

Message 8 of 15
17,838 Views
0
CPhelan
Frequent Visitor
In response to Ivo_Jansen

‎10-16-2024 12:44 PM

Hi @Ivo_Jansen ,

 

Sorry I'm just repling to you now.  I explained to BayliCapri  that

Once you have selected the tables from the AD connector AD: Group, InetorgPerson, User. The next step is to expand the columns you need:

 

Click on Table View on the left side, and click the Home menu, then click "Transform Data"

 

In order to find the attributes you need for the report you'll need to expand Group, Select Member, expand group member.  My Post to BayliCapri has a few screen shots

Message 9 of 15
3,570 Views
0
BayliCapri
Regular Visitor
In response to CPhelan

‎11-01-2024 09:01 AM

None of the mentioned columns other than security was in the inetorgPerson table. I have everything else but the columns I needed there.

Message 10 of 15
2,647 Views
0
CPhelan
Frequent Visitor
In response to BayliCapri

‎11-01-2024 09:41 AM

Hi @BayliCapri 

 

Here is a screenshot of some of the expanded tables in inetorgPerson.  It took me a while to find the attributes too and what is also a bit maddening is that you may have to format the expanded table as text and sometimes split the collum. 

 

InetOrgPerson_attributes_to_expand.jpg

Message 11 of 15
2,637 Views
0
santh00
Frequent Visitor
In response to CPhelan

‎11-30-2022 09:12 PM

Hi @CPhelan  SamAccountName in groups and Users are different for me is there any other common column that we can use and also I didn't find any column other than SamAccountName in groups that you mentioned and display name is also empty

 

My requirement is to get user email and which group they belong to in organization using active directory...I get users and group in two tables but didn't able to merge 

Message 7 of 15
29,886 Views
0
MarkPalmberg
Kudo Collector
Kudo Collector
In response to CPhelan

‎10-22-2022 01:07 PM

This post really helped me today, Charles. Thanks very much for sharing the results of your spelunking with us.

Message 6 of 15
31,178 Views
v-alq-msft
Community Support
Community Support

‎01-15-2021 01:35 AM

Hi, @CPhelan 

 

Based on my research, there is no Azure Active Directory connector in powerbi desktop currently. You could try howto-use-azure-monitor-workbooks to get azure ad data.

 

Best Regards

Allan

Message 2 of 15
44,797 Views
0
Anonymous
Not applicable
In response to v-alq-msft

‎12-15-2021 01:14 AM

There is an AD connector and you can access groups and users exactly as the commenters above explained. Not sure why you'd send people off to that irrelevant link after saying it's not possible?

Message 3 of 15
40,354 Views
0
darrenfishell
Advocate II
Advocate II
In response to Anonymous

‎12-16-2021 07:02 AM

I am trying to work through this as well and I believe the AD connector is only for on-prem AD, not Azure AD.

I am also trying to retrieve group membership from Azure AD and have not yet found a direct connection in PowerBI or PowerApps. 

Message 4 of 15
40,294 Views

Helpful resources

Announcements
Las Vegas 2025

Join us at the Microsoft Fabric Community Conference

March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount!

Dec Fabric Community Survey

We want your feedback!

Your insights matter. That’s why we created a quick survey to learn about your experience finding answers to technical questions.

ArunFabCon

Microsoft Fabric Community Conference 2025

Arun Ulag shares exciting details about the Microsoft Fabric Conference 2025, which will be held in Las Vegas, NV.

December 2024

A Year in Review - December 2024

Find out what content was popular in the Fabric community during 2024.

View All