Skip to Main Content
Status Not Planned
Categories Workflow Designer
Created by Guest
Created on Jun 24, 2023

Please improve and add to conditions to QUERY USERS action for AD

Query users is limited to 999 users.

Please remove the limit AND enhance the condition operators.

At present, we can only filter with begins with or equals to (both ignoring case), however the limited conditions make it extremely difficult to use this action when we have 58k+ enabled accounts and need to ignore some that are flagged how we have structured them for test accounts, service accounts, guests etc.

Need the following operator options for conditions:

  • Ability to filter by empty or null fields

  • Ability to filter by does not start with

  • Ability to filter by does not equal to

  • Ability to filter by contains

  • Ability to filter by contains (ignore cases)

  • Ability to filter by group user is part of - the "get members of an azure active directory" action doesn't have the level of user details when looping through what we need.

  • Ability to filter by user type, that field isn't even available! This is how we differentiate guests from members (employees). It would be helpful to identify which users are GUESTS!!!

It's making workflows difficult to manage as well due to the 1k loop limit and the 10k workflow iterations per workflow and the 10k limit for instances per hour restriction. We need to break down groups to add them to NAC User Management but can't with the limited restrictions.

Because we have to STRIP back the UPN (display name/username) for guest accounts just to obtain a first and last name (our first and last name fields are blank for guest accounts), the iterations are stacking up quick! We also have to check for email, and if email field is blank, use username for email variable. It would be more sufficient if we could remove the need for all the actions in our workflow just to get a first and last name and use the conditions to reduce the scenarios we are using at present.

Our only option at the moment is running through 676 condition scenarios using the alphabet (e.g; begins with aa, ab, ac, ad, ae etc.) to reduce the returned results for us to loop through and clean up before firing off another component workflow to add users to NAC.

I'm only on AJ and have to get EVERYONE in our AD added to NAC which is 58k+ users - very annoyed.

  • Attach files
  • Admin
    Leigh Burke
    Reply
    |
    Nov 21, 2024

    Thank you very much for posting your feedback for our review. At this time, we will not be adding this request to the near-term backlog, as we are focused on other highly requested features. However, we reevaluate requests every quarter and will reach out if priorities change. Please keep the feedback coming as it is critical for our longer-term planning.

  • Admin
    Leigh Burke
    Reply
    |
    Jun 3, 2024

    Thank you for your feedback. I will now open this one up for voting.


  • Guest
    Reply
    |
    Mar 5, 2024

    Yes, please remove the 999 limit! Or at least double it.

    Also, heavily agree with the need for better condition operators. Definitely needs a "contains" and the ability to filter to exclude not just include.