Active Directory: Advanced Queries

The Active Directory plugin contains many actions used to find objects in the directory tree.

This page explains how you can customise both the search location & scope of these actions.

Information on this page applies to every search, get_all, & get_interactive action in this plugin.

Search Location

Important

This information applies to every search, get_all, & get_interactive action in this plugin.

By default PPA will start at the root of the directory tree when finding objects.

You can start tell PPA to start in a different location using the search_base input.

The value of this input should be the distinguishedName of an Organizational Unit.

Example

Getting all users contained in a custom Organizational Unit.

- active_directory.users.get_all:
    search_base: OU=Staff,OU=Internal Users,DC=Example,DC=Domain
  load:
    domain_controller: domain_controller
  save: users

Search Scope

Minimum Plugin Version: 6.1.0

Important

This information applies to every search, get_all, & get_interactive action in this plugin.

By default PPA will traverse the directory tree to find both single-level & nested objects.

If you need to perform a single-level search, you can set one_level to true.

Example

Getting all groups directly contained in a custom Organizational Unit.

- active_directory.groups.get_all:
    search_base: OU=Staff Groups,OU=Internal Users,DC=Example,DC=Domain
    one_level: true
  load:
    domain_controller: domain_controller
  save: users

Default searches use the subtree scope.

When one_level is true, the singleLevel scope is used instead.