Help Desk and Knowledge Base

IT Pro: How to read groups from Active Directory (Azure and on prem)

Group membership in Active Directory (AD) can be used to distribute different signatures instead of creating rules.

This is useful when the AD is not updated or does not contain enough information to create group segments via rules. 

  1. Create a field in Xink. Preferences > Fields, click the '+' button.
  2. Add the LDAP name ‘groupCnList’.
Xink accounts created from Feb 2018, will include 'Groups' field by default.

How to read groups from Active Directory on-premises

If your Xink account was created before Feb 2018, get the latest version of ADExport in your Xink account:

Since we decided not to pull group memberships by default, you need add the user group /ug switch:

C:\emsadexport.exe /secret:"INSERT-YOUR-SECRET-TOKEN" /ug

 This is an instruction to export groups to Xink - Learn more in example #7

How to read groups from Active Directory Azure

Please submit a support ticket and we'll activate upon request.

How does group memberships show for employees


["Services","TEAM FLY","_Fleet_Monitor_Export","Release_Manager","IT-admins","IT users","TEAM EXCHANGE","IT-IN","Second_Line","_Fleet_Monitor_Managers","E3 - Full","SMC Designers","IT-IN Xware Test","System_Owner","Team Mobile","Service_Now_Users","Intune - E3 EMS license","TEST - TH"]

How to create a rule based on group membership

Now create a rule where you check against the 'Groups' field:

Don’t use the extra condition. It just makes it more difficult to maintain. Keep one rule to one group check. 

Move the rules up and down if you want to change execution order. It will stop at the first rule where the condition is met.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.