Hi Team,
My below serach query is not giving accurate results.
Anything wrong with my query?
I am trying to find AD accounts for nonHumanIdentity identities
attributes.nonHumanIdentity:“true” AND @accounts(source.name:“Active Directory” AND disabled:false)
Space in source name string. “ Active Directory” could be impacting your search query.
my source name is active directory only
Hi @Badebaji,
This is an interesting search query you have build. What Sandilya pointed out is important, sometimes typo does happen. I believe nonHumanIdentity is a custom identity attribute that holds string value. If there are multiple sources with name containing “Active Directory“, use below query: -
attributes.nonHumanIdentity:“true” AND @accounts(source.name.exact:“Active Directory” AND disabled:false)
Here, the keywork exact plays an important role. If you are not getting all the results expected, just run the same query after an identity refresh, this would help bring identities that had recently manually correlated to show up in search results.
Good luck!
do you have a custom attribute called nonHumanIdentity? Or is there a default searchable field called nonHumanIdentity?
When you say it is not giving accurate results, what exactly you getting? Is it return empty results? or missing some identities in the result?
I am getting results but they are not matching the creteria.
I am getting expected result when I run below query
attributes.nonHumanIdentity:“true”
but when I add below and clause the result is returning lot of identities which are not even non-human.
AND @accounts(source.name:“Active Directory” AND disabled:false)
Can you try the other way like this
@accounts(source.name.exact:“Active Directory” AND disabled:true) AND attributes.nonHumanIdentity:“true”
you want only account details not identities? and i want to know that custom attribute name is in active directory provisioning fields?
Hi @Badebaji,
I believe your query is correct.
Results I would also expect from query: attributes.nonHumanIdentity:“true” AND @accounts(source.name.exact:“Active Directory” AND disabled:false) are identities who has the string value true for custom identity attribute: nonHumanIdentity and atleast an active/enabled account in source named exactly “Active Directory”.
I am suspecting data issue here.
When we create a custom identity attribute in one Identity Profile it is automatically available in other Identity Profiles as well. Do you have multiple identity profiles?
Suggestion to validate data: download search results of both below queries and look up accounts and identity attribute: nonHumanIdentity of a few identities who are not in both the downloaded reports: -
attributes.nonHumanIdentity:“true”
attributes.nonHumanIdentity:“true” AND @accounts(source.name.exact:“Active Directory” AND disabled:false)
Good luck!
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.