5 Replies Latest reply on May 1, 2013 6:53 AM by MacUT

    Need help changing to Active Directory

    MacUT

      The IT department wants to change security from Filemaker authentication to Active Directory using Server Advanced 11 and then to 12. I believe I have figured out how to do that but the problem I have now is with Get(AccountName). In the 29 databases that I have created over the years my account names are full names for example Joe Smith. The active directory name will be jsmith. This presents a big problem for me. I no longer can get the first name of the logged on user using get(AccountName). Get(AccountName) will just give jsmith. I use the Get(AccountName) in hundreds of places in fields and scripts and make many decisions based on the first name as well as the full name.

       

      Does anyone know a way to solve this problem. I could have a related database with the Full names of all the users but how would I change all the scripts and field definitions to replace the Get(AccountName) with the related name without doing each one manually. Is there some tool that would do a search and replace in fields and scripts? Another thought is there any way to get Active Directory to send the full name to filemaker when one uses get(AccountName)?

       

      If anyone has any ideas on this I sure would be appreciative.

       

      Thanks,

       

      Brian Garman

        • 1. Re: Need help changing to Active Directory
          taylorsharpe

          Active Directory authenticates by the group and only returns the short account name and nothing else.  The only solution is to have a table of employees that includes an Active Directory ID to relate to the full names of employees.  If price is of no concern, I bet 360Works can find a solution for you, but it will probably be pretty expensive and involve a lot of work. Adding an Active Directory field to your employee table is probably a lot easier and less expensive.  By the way, I think moving to AD is great because it moves all of the account maintenance and password resetting over on someone other than the FM developer.  And if someone retires, quites or gets fired, it makes it the IT department's job to remove users, etc. 

          • 2. Re: Need help changing to Active Directory
            debi

            Brian,

             

            A couple of ideas:

             

            First, use something besides the Get ( AccountName ) function, moving forward. For instance, set a global at startup and always refer to that.

             

            Second, this might help you locate current occurrences of the funciton in your scripts:

            http://www.dracoventions.com/products/2empowerFM/family/developer.php

             

            HTH,

             

            Debi Rubel

            FullCity Consulting

            • 3. Re: Need help changing to Active Directory
              wimdecorte

              taylorsharpe wrote:

               

              Active Directory authenticates by the group and only returns the short account name and nothing else.  

               

              That is not correct.  Get(Accountname) will return the full account name that was used to authenticate.  Users can authenticate with a UPN or UNC syntax and there a different scenarios to cater for with the workstation being part of the domain, not part of the domain or being part of a trusted domain.

               

              For the exact same account get(accountname) may return:

              jsmith

              domain\jsmith

              jsmith@domain

               

              in different scenarios.

              • 4. Re: Need help changing to Active Directory
                taylorsharpe

                Yes, you are correct, wimdecorte.  But since he is only getting the "jsmith" version, I think that is all MacUT is concerned about and he is not going to be able to get more info from Active Directory even though an Active Directory database can container all kinds of things about the user such as their full name, phone number, address, picture, etc.  None of those are available natively to FileMaker. 

                 

                I believe the Scodigo SmartPill PHP plugin can read and write to Active Directory withy LDAP functions.  You might look into that. 

                • 5. Re: Need help changing to Active Directory
                  MacUT

                  Thanks to the three of you who responded.  I was able to incorporate your ideas to solve my problem.  Debi, the software at draconventions worked perfectly for what I needed.  Thanks so much.

                   

                  Brian Garman