Search Query to get Duplicate AD accounts users

Identity Security Cloud (ISC) ISC Discussion and Questions
,
1

Hi ,

Do we have any search query to get Duplicate AD accounts user report in identityNow ?

Thank you,
Saikumar

1 Like
2

Hello @saikumar39,

Please refer to this comments here to get multiple account from a single source:

2 Likes
3

Thanks for Quick reply Animesh …Do we need to run this query from Postman ?
Can we get duplicate AD accounts user report using search in idn ?

Thanks,
Sai

4

This must be run using the search API. It can’t be done from the UI search. Postman is one option for running the search API.

5

Let us know if this works for you. If it works, you can mark @atarodia 's reply as the solution.

1 Like
6

Hi Coiln/Animesh,

I have executed above Query and getting like 17000 lines of result.

But I want only users who are having two AD accounts in identitynow not in AD.

And also i just wanted to mention here we are using Single AD for test environment and production.

Can we get only Sandbox Duplicate AD accounts users list ?

7

Hi @saikumar39,

Looks like your are trying to use {{baseUrl}}/v3/search instead of {{baseUrl}}/v3/search/aggregate.
Try using the aggregate and let us know if you face the same issue.

1 Like
8

Hi Animesh ,

I have just used above endpoint and again we got 17000 lines of result.

9

Hi Hi Coiln/Animesh,

Thank you for help , I’m able to get duplicate AD accounts users who are active.

Do we have different query to get duplicate AD accounts disabled users?

10

What query are you using to get the active accounts?

11

Using Below Query we are getting Active accounts

{
    "query": {
        "query": "@accounts(source.id:2c918088814e6a610181686b56977fa8)"
    },
    "indices": [
        "identities"
    ],
    "aggregationsDsl": {
        "accounts": {
            "nested": {
                "path": "accounts"
            },
            "aggs": {
                "source_id": {
                    "terms": {
                        "field": "accounts.source.id",
                        "min_doc_count": 2,
                        "size": 1000
                    },
                    "aggs": {
                        "identities": {
                            "terms": {
                                "field": "_id",
                                "min_doc_count": 2
                            },
                            "aggs": {
                                "accounts": {
                                    "top_hits": {}
                                }
                            }
                        }
                    }
                }
            }
        }
    }
}
12

The searchable fields for identity accounts can be found here.

If you want to limit the search to disabled accounts, then you can try this in your query.

@accounts(source.id:2c918088814e6a610181686b56977fa8 AND disabled:true)

13

But we cant find duplicate AD account users who are disabled from search.

14

I’m not sure I understand why this isn’t working. Can you elaborate with examples of what you are seeing and what you want to see happen?

15

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.