AccessControlEntry.ConditionToIdentities

D

T

The M Code Behind the Power Query M function AccessControlEntry.ConditionToIdentities

Understanding the AccessControlEntry.ConditionToIdentities Function

The AccessControlEntry.ConditionToIdentities function is a part of the Active Directory module in Power Query M. The function takes a security group condition as an input and returns the corresponding identities. The security group condition is a combination of the AD security group name, domain name, and group scope. The function uses this information to retrieve the corresponding Active Directory object, and then returns the object’s distinguished name and object class.

The M Code Behind the AccessControlEntry.ConditionToIdentities Function

The M code behind the AccessControlEntry.ConditionToIdentities function is quite complex. It includes several nested functions and variables that work together to retrieve the security group object and return its distinguished name and object class. Here is a breakdown of the M code:


let

ConditionToIdentities = (condition) =>

let

domainName = SplitString(condition, ":"){0},

groupName = SplitString(condition, ":"){1},

scope = SplitString(condition, ":"){2},

group = GetGroupObject(domainName, groupName, scope),

dn = group[attributes][distinguishedName][0],

objectClass = GetObjectClass(group)

in

[dn = dn, objectClass = objectClass],

GetGroupObject = (domainName, groupName, scope) =>

let

root = GetRootObject(domainName),

groupQuery = "(&(objectClass=group)(sAMAccountName=" & groupName & ")(groupType:1.2.840.113556.1.4.803:=" & scope & "));distinguishedName;subtree",

group = GetADObject(root, groupQuery)

in

group,

GetRootObject = (domainName) =>

let

rootQuery = ";",

root = GetADObject(rootQuery, "")

in

root,

GetADObject = (parentObject, query) =>

let

object = parentObject & query,

result = ActiveDirectory.NativeActiveDirectoryQuery(object)

in

result[Value],

GetObjectClass = (group) =>

let

objectClass = group[attributes][objectClass][0]

in

objectClass


The AccessControlEntry.ConditionToIdentities function takes a single input parameter, which is the security group condition. The function then uses the SplitString function to split the condition into its domain name, group name, and group scope components. The domain name is used to retrieve the root Active Directory object using the GetRootObject function. The group name and scope are used to retrieve the security group object using the GetGroupObject function.

The GetGroupObject function takes the domain name, group name, and scope as input parameters and uses them to construct an LDAP query string. The query string is used to retrieve the security group object from Active Directory using the GetADObject function. The function then returns the security group object.

The GetRootObject function takes the domain name as an input parameter and constructs an LDAP query string to retrieve the root Active Directory object. The function then uses the GetADObject function to retrieve the root object from Active Directory.

The GetADObject function takes two input parameters, which are the parent object and the LDAP query string. The function uses these parameters to construct an LDAP path and retrieve the corresponding Active Directory object. The function returns the object’s attributes.

The GetObjectClass function takes the security group object as an input parameter and retrieves its object class attribute. The function returns the object class.

The AccessControlEntry.ConditionToIdentities function is a powerful tool for managing Active Directory security groups in Power Query M. Understanding the M code behind the function is essential for using it effectively. The M code is complex, but by breaking it down into its components, it becomes easier to understand. With this knowledge, you can use the AccessControlEntry.ConditionToIdentities function to manage security groups with confidence and ease.

Power Query and M Training Courses by G Com Solutions (0800 998 9248)

Upcoming Courses

Contact Us

    Subject

    Your Name (required)

    Company/Organisation

    Email (required)

    Telephone

    Training Course(s)

    Your Message

    Upload Example Document(s) (Zip multiple files)