Friday, January 6, 2017

Active Directory Datasource

AD Users & Groups datasource

Rewritten from scratch using powershell remote.
Which has the advantage that no plugins, features ore roles are required.  All code is executed on the adserver instead.

The data source reads into a scheme called ‘ad’.

3 dictionaries :
- ad_user
- ad_group
- ad_usergroup (= group membership)

Host name: field should contain a comma-separated list of ad-servers (FQDN !).
Port: 1 enables debug mode with a little more logging.
User Name: and Password: are ignored.


  • the domain name is ripped from the ad-server name (myserver.mydomain.local => mydomain.local)
  • the domain name is used as "name" to search for wfa-credentials.  this means that you should have added credentials like "mydomain.local" => user+password
  • If the user does not contain the domainname, it will be automatically prepended
    user => mydomain.local\user
  • If you don't want to enable remote powershell on the ad server.  Perhaps you can use a jumphost instead and connect to the jumphost, which will need that AD features and roles to have the ad cmdlets.


  • You can also copy paste the datasource code to your powershell ISE… you can easily test it in PowerShell ISE by changing $interactive=$true (check the comments in the code)  !
  • Don't forget to use my debugging script first (or the command get-wfacredentials will be unknown)

Datasource DAR

Please, leave some comment behind if you found this useful, if would be a great help to see which posts are useful, and which are not.

1 comment :

  1. Feedback received from a colleague :
    I worked on something similar for a client but ran into a Microsoft self imposed limit. If you try to run Get-ADGroupMember, Get-ADPrincipalGroupMembership, and Get-ADAccountAuthorizationGroup cmdlets and there are more than 5000 results you will get an error. It is possible to configure the AD controller to return more results but there are performance implications by doing that. There are a number of Microsoft performance tuning metrics in play that may cause issues in larger customer environments.