Skip to main content

Articles in this section

See more
Print

AD Users | Update SQL Database

  • Updated

AD Users | Update SQL Database

Rule description

This rule queries the specified Active Directory scope and for each user in this scope finds a record with the same anchor in SQL Server Database and updates this record with attribute values that are specified in the Attribute mapping setting.

NOTE: This rule supports VARCHAR and NVARCHAR data types.

When to use this rule

Use this rule when you need to write certain Active Directory user attributes back to the SQL Server Database.

For example, you can write back the information to HR/ERP/SIS system about whether the user was provisioned to Active Directory, and if he was, specify the proper samAccountName, email address and UserPrincipalName generated for this user.

Rule settings

Query section

Setting name Description

Limit scope to this domain or OU

This setting defines the search query scope. To improve query performance, limit the scope to a specific OU.

IMPORTANT: To test the rule configuration, limit the rule scope to an OU that contains test accounts or objects and use the Preview feature.

Query criteria

Query criteria are sent with the query and may improve query performance.

TIP: For additional information on the criteria builder, see the How to use Query Builder dialog for Query Criteria and Filter rule settings.

Active Directory anchor attribute

Defines the attribute in the Active Directory to which the Data Source anchor attribute is to be compared. 

Data Source Anchor attribute

Select a column in the data source that contains the attribute value for identifying and mapping a computer.
Other Query Settings

Properties to display

Each object property defined in this setting matches the column that will be displayed in the Web Portal for this web query.

To display additional columns, add the required properties to the Properties to display list.

To add extension attribute 1 that is synchronized from AD, you need to use a value like:

Copy
"OnPremisesExtensionAttributes/extensionAttribute1~Extension Attribute 1"

System Properties

List of properties required for this rule to be executed correctly.

Filter

 

Set the filtering conditions to hide unwanted data based on criteria not supported in the Query criteria setting.

Example: filter by the found object Distinguished Name.

TIP: For optimal performance, use the Query criteria setting above to filter objects whenever possible.

Sort by

Sort result object list.

Initialization script

Usually, rules use query criteria to limit the query search scope. It improves the performance of the executed rule.

Due to the PowerShell limitations, it is not possible to use calculated expressions in query criteria. That is the point where the initialization script can help. You can initialize a global variable in this setting and then use it in query criteria.

IMPORTANT: To use a variable, declared in the initialization script, in the query scope, it must be global: $global:<variable name>.

Example: Update AD users, created in the last ten days.

  1. Add this initialization script

    Copy
    {$global:DatePeriod = (Get-Date).AddDays(-10)}

  2. Use the $DatePeriod variable in the query criteria builder:

Database Connection Settings

SQL instance

Specify the name of the SQL Instance as defined in the Utils Extension SQL Server configuration. Using the Default SQL Instance setting will retrieve the current setting from the SQL Connection settings of the Utils extension.

NOTE: For more information, please see Connecting to Microsoft SQL Server data source article.

SQL database name

Specify database name from selected SQL Instance.

SQL table

Specify SQL Table or View from the selected database. Click the [...] button to display a list of tables from which to choose.

SQL credentials

Specify the database from the data source SQL Instance. Click the [...] button to enter SQL Credentials.

NOTE: Cayosoft Administrator does not support Windows Authentication for connecting to a Microsoft SQL Server database. The database connection must use SQL Server Authentication, where the credentials (username and password) are created and managed within SQL Server itself. Mixed Mode refers to the SQL Server configuration that allows both SQL Server Authentication and Windows Authentication, but only SQL Server Authentication is supported by Cayosoft.

Action section

Setting name Description

Attribute mapping

Map Active Directory user attributes whose values must be written back to matching database table columns.

Other Properties

Other Properties

Data mapping also can be set by the script.

If you want every provisioned user to have extension attribute 1 populated with some string value then use this

Copy
:{@{'extensionAttribute1'='YourString'}}

If you want every provisioned user to have extension attribute 2 populated with the corresponding value from the column in your data source file, then use this:

Copy
{@{'extensionAttribute2'=$_.EXT2}}

since EXT2 is the name of the column from your data source.

NOTE: If you set mapping for the same properties both in Other properties and Other properties script, attribute values will be updated by the script.

Output section

This section defines the output format of this rule.

To get more information about this section, please see the Rule Output section article.

Enforce/Schedule section

This section defines the schedule for how often to run the rule.

To get more information about this section, please see the Rule Enforce/Schedule section article.

© Copyright 2013-2026 Cayosoft Inc. All rights reserved.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request
Return to top

Related articles

Comments

0 comments

Please sign in to leave a comment.