- Created by Phillip Hanegan, last modified on Sept 28, 2022
You are viewing an old version of this page. View the current version.
Compare with Current View Page History
« Previous Version 3 Next »
Post /GetAllSearchAdvanced
Send a POST request to the GetAllSearchAdvanced()
method on the AccountView
object to return information about one or more accounts. The information included in the response depends on the range of account properties and parameter values included in the request.
A valid OAuth 2.0 Bearer token is required.
URL
POST https://<FQDN_Of_Your_EmpowerID_Web_Server>/api/webui/v1/AccountView/GetAllSearchAdvanced
Header Key/Value Pairs
Key | Value |
---|---|
Authorization | Bearer <access_token> |
X-EmpowerID-API-Key | The API key from the registered OAuth application |
Content-Type | application/json |
Request Body
The body of the request must include all parameters required by the method and the IncludedProperties
object with at least one account property.
Included Properties
Use IncludedProperties
to return one or more account properties. Example properties include AccountID
, LastName
, FirstName
, and NetBiosName
.
Body Parameters
The GetAllSearchAdvanced()
method includes a number of parameters that must be included in the body or the request. Use parameters to filter the number of accounts returned by the endpoint.
AccountStoreID
|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SecurityBoundaryID
|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SecurityBoundaryTypeID
|
View Security Boundary Type IDs
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
AccountTypeID
|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
ShowSystemAccountsOnly
|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
ShowSystemBuiltinAccountsOnly
|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
AccountUsageTypeID
|
View Account Usage Type IDs
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
IsOrphan
|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Disabled
|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LockedOut
|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
NeverLoggedInOnly
|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
HideInEmpowerID
|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OrgZoneID
|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
PersonID
|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
ManagerPersonID
|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
MemberOfGroupID
|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
columnsToSearch
|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
pageLength
|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
resourceTags
|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
start
|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
textToSearch
|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
totalCount
|
|
columnsToSearch
The columnsToSearch
body parameter is used to return accounts meeting one or more conditions. Each condition specifies a property with a specific value to search and there can be more than one condition. For example, to return a list of accounts with belonging to the “DevDomain1” domain that are currently locked out, the value for columnsToSearch
would be set to that shown below.
"%[[][[]%<Conditions><Condition PropertyName=\"NetBiosName\" SearchValue=\"Docs-tracking\" Operator=\"EqualTo\" QuerySuffix=\" AND \" StartGroupString=\"\" EndGroupString=\"\" Index=\"0\" SearchType=\"String\"/><Condition PropertyName=\"LockedOut\" SearchValue=\"true\" Operator=\"EqualTo\" QuerySuffix=\"\" StartGroupString=\"\" EndGroupString=\"\" Index=\"1\" SearchType=\"Boolean\"/></Conditions>"
Remarks
In the above example, columnsToSearch
contains two search conditions. The API returns accounts matching both conditions. Each condition includes the PropertyName
to search, the SearchValue
to search for, an Equality Operator
, a QuerySuffix
and a SearchType
for the relevant data type.
Search Examples
The below examples demonstrate how to use IncludedProperties
, parameters, and conditions in columnsToSearch
to query the API for a list of accounts matching the search conditions. Attributes returned for each record are set by the properties specified in IncludedProperties
.
1️⃣ Set the ShowSystemAccountsOnly
parameter to 1
to return a list of system accounts.
{ "IncludedProperties": [ "LogonName", "NetBiosName", "FriendlyName", "AccountOrganizationStatusFriendlyName", "AccountUsageTypeFriendlyName", "ResourceID", "AccountID", "Name", "Description", "CreatedDate", "ExpiresOn", "AccountStoreFriendlyName", ], "Parameters": { "AccountTypeID": null, "AccountUsageTypeID": null, "Disabled": null, "HideInEmpowerID": null, "IsOrphan": null, "LockedOut": null, "NeverLoggedInOnly": null, "OrgZoneID": null, "SecurityBoundaryID": null, "SecurityBoundaryTypeID": null, "ShowSystemAccountsOnly": 1, "ShowSystemBuiltInAccountsOnly": null, "accountStoreID": null, "textToSearch": null, "columnsToSearch": "%[[][[]%<Conditions/>", "pageLength": 5, "resourceTags": null, "start": 0, "totalCount": null } }
2️⃣ Set the AccountUsageTypeID
parameter to 2
and the NeverLoggedInOnly
parameter to 1
to return Personal Privileged accounts that have never logged in to the system.
{ "IncludedProperties": [ "LogonName", "NetBiosName", "FriendlyName", "PersonID", "EmpowerIDLogon", "AccountOrganizationStatusFriendlyName", "AccountUsageTypeFriendlyName", "DistinguishedName", "LastLogonTime", "ValidUntil", "ResourceID", "AccountID", "Name", "Description", "CreatedDate", "ExpiresOn", "MustChangePasswordAtNextLogin", "LockedOut", "CannotChangePassword", "PasswordExpires", "PasswordLastChanged", "PasswordNeverExpires", "FirstName", "LastName", "Officelocation", "Location", "AccountStoreFriendlyName", "Email", "StreetAddress", "City", "State", "ZipCode", "Country", "Company", "JobTitle", "Department", "Telephone", "MobileNumber", "AccountManagerFriendlyName", "PersonOwnerLastAttestationDate", "PersonOwnerLastResourceAttestationSnapshotID" ], "Parameters": { "AccountStoreID": null, "SecurityBoundaryID": null, "SecurityBoundaryTypeID": null, "AccountTypeID": null, "ShowSystemAccountsOnly": null, "ShowSystemBuiltInAccountsOnly": null, "AccountUsageTypeID": 2, "IsOrphan": null, "Disabled": null, "LockedOut": null, "NeverLoggedInOnly": 1, "HideInEmpowerID": null, "OrgZoneID": null, "PersonID": null, "ManagerPersonID": null, "MemberOfGroupID": null, "columnsToSearch": "%[[][[]%<Conditions/>", "textToSearch":"AdvancedSearch", "pageLength": 5, "resourceTags": null, "start": 0, "totalCount": null, } }
3️⃣ Use columnsToSearch
to return all locked out accounts. Note the PropertyName
for the search condition is set to LockedOut
, SearchValue
is set to True
, the Operator
is set to EqualTo
and the SearchType
is Boolean
.
{ "IncludedProperties": [ AccountID", "FriendlyName", "FirstName", "LastName", "LogonName", "EmpowerIDLogon", "NetBiosName", "AccountStoreFriendlyName", ], "Parameters": { "AccountStoreID": null, "SecurityBoundaryID": null, "SecurityBoundaryTypeID": null, "AccountTypeID": null, "ShowSystemAccountsOnly": null, "ShowSystemBuiltInAccountsOnly": null, "AccountUsageTypeID": null, "IsOrphan": null, "Disabled": null, "LockedOut": null, "NeverLoggedInOnly": null, "HideInEmpowerID": null, "OrgZoneID": null, "PersonID": null, "ManagerPersonID": null, "MemberOfGroupID": null, "textToSearch":"AdvancedSearch", "pageLength": 5, "resourceTags": null, "start": 0, "totalCount": null, "columnsToSearch": "%[[][[]%<Conditions><Condition PropertyName=\"LockedOut\" SearchValue=\"true\" Operator=\"EqualTo\" QuerySuffix=\"\" StartGroupString=\"\" EndGroupString=\"\" Index=\"0\" SearchType=\"Boolean\"/></Conditions>" } }
4️⃣ Set the MemberOfGroupID
parameter to the GUID of a specific group to return accounts that are members of the group
{ "IncludedProperties": [ "LogonName", "NetBiosName", "FriendlyName", "AccountOrganizationStatusFriendlyName", "AccountUsageTypeFriendlyName", "ResourceID", "AccountID", "Name", "Description", "CreatedDate", "ExpiresOn", "AccountStoreFriendlyName", ], "Parameters": { "AccountStoreID": null, "SecurityBoundaryID": null, "SecurityBoundaryTypeID": null, "AccountTypeID": null, "ShowSystemAccountsOnly": null, "ShowSystemBuiltInAccountsOnly": null, "AccountUsageTypeID": null, "IsOrphan": null, "Disabled": null, "LockedOut": null, "NeverLoggedInOnly": null, "HideInEmpowerID": null, "OrgZoneID": null, "PersonID": null, "ManagerPersonID": null, "MemberOfGroupID": "4E375004-5E6F-415D-B049-4A112C100D12", "textToSearch": null, "pageLength": 5, "resourceTags": null, "start": 0, "totalCount": null "columnsToSearch": "%[[][[]%<Conditions/>" } }
SearchTerms
Each identity object in the EmpowerID Identity Warehouse has a SearchTerms
property with a specific set of search values that can used to return all objects matching those values. For accounts, SearchTerms
encompass the Name
, FriendlyName
, Email
, FirstName
, LastName
, LogonName
, and UserPrincipalName
properties. When used, the API returns all accounts where the specified search value finds a match in any of those properties. For example, if the search value is set to “Rogers”, the API would return all the following accounts
Any account with a match in the name
Any account with a match in the friendly name
Any account with a match in the first name
Any account with a match in the last name
Any account with a match in the logon name
Any account with a match in the email address
Any account with a match in the User Principal Name
The following examples illustrate how to use SearchTerms
to return a subset of accounts:
1️⃣ Use SearchTerms
to return the Account ID, friendly name, first name, last name, Logon name, EmpowerID Logon, NetBiosName, email address and account manager friendly name for all accounts where the search value is set to "rogers"
{ "IncludedProperties": [ "AccountID", "FriendlyName", "FirstName", "LastName", "LogonName", "EmpowerIDLogon", "NetBiosName", "Email", "AccountManagerFriendlyName" ], "Parameters": { "AccountTypeID": null, "AccountUsageTypeID": null, "Disabled": null, "HideInEmpowerID": null, "IsOrphan": null, "LockedOut": null, "NeverLoggedInOnly": null, "OrgZoneID": null, "SecurityBoundaryID": null, "SecurityBoundaryTypeID": null, "ShowSystemAccountsOnly": null, "ShowSystemBuiltInAccountsOnly": null, "accountStoreID": null, "textToSearch":"AdvancedSearch", "pageLength": 5, "resourceTags": null, "start": 0, "totalCount": null, "columnsToSearch":"%[[][[]%<Conditions><Condition PropertyName=\"SearchTerms\" SearchValue=\"rogers\" Operator=\"EqualTo\" QuerySuffix=\"\" StartGroupString=\"\" EndGroupString=\"\" Index=\"0\" SearchType=\"String\"/></Conditions>" } }
The response includes all people matching the search value. Note the properties where the match occurs.
{ "Tags": [], "Data": [ { "AccountID": 7598177, "FriendlyName": "Steve Rogers", "FirstName": null, "LastName": null, "LogonName": "steve.rogers", "EmpowerIDLogon": null, "NetBiosName": "CALDAP-NEW2", "Email": null, "AccountManagerFriendlyName": null }, { "AccountID": 474585, "FriendlyName": "RDice", "FirstName": "Robert", "LastName": "Dice", "LogonName": "0xbb25b643614a1b40b1d63f935aa08c62", "EmpowerIDLogon": null, "NetBiosName": "DEVDOMAIN1", "Email": "bdice@rogers.com", "AccountManagerFriendlyName": null }, { "AccountID": 478601, "FriendlyName": "RDice", "FirstName": "Robert", "LastName": "Dice", "LogonName": "0xe419fc6d9da1b24a98d112175396ac6b", "EmpowerIDLogon": null, "NetBiosName": "DEVDOMAIN1", "Email": "bdice@rogers.com", "AccountManagerFriendlyName": null }, { "AccountID": 490102, "FriendlyName": "RDice", "FirstName": "Robert", "LastName": "Dice", "LogonName": "0x658a5369fba3d249ace199425fd428e9", "EmpowerIDLogon": null, "NetBiosName": "DEVDOMAIN1", "Email": "bdice@rogers.com", "AccountManagerFriendlyName": null }, { "AccountID": 484459, "FriendlyName": "Mindi Idell Rogers", "FirstName": "atinder", "LastName": "IdellRogers", "LogonName": "Mindi.IdellRogers", "EmpowerIDLogon": "Mindi.IdellRogers", "NetBiosName": "DEVDOMAIN1", "Email": "Mindi.IdellRogers@omd.com", "AccountManagerFriendlyName": null } ], "OutParameters": [ { "Name": "totalCount", "Value": 1150 } ] }
2️⃣ Return all people belonging to the “CALDAP-NEW2” domain with a SearchTerm
match equal to "Steve."
{ "IncludedProperties": [ "AccountID", "FriendlyName", "FirstName", "LastName", "LogonName", "EmpowerIDLogon", "NetBiosName", "Email", "AccountManagerFriendlyName" ], "Parameters": { "AccountTypeID": null, "AccountUsageTypeID": null, "Disabled": null, "HideInEmpowerID": null, "IsOrphan": null, "LockedOut": null, "NeverLoggedInOnly": null, "OrgZoneID": null, "SecurityBoundaryID": null, "SecurityBoundaryTypeID": null, "ShowSystemAccountsOnly": null, "ShowSystemBuiltInAccountsOnly": null, "accountStoreID": null, "textToSearch":"AdvancedSearch", "pageLength": 5, "resourceTags": null, "start": 0, "totalCount": null, "columnsToSearch":"%[[][[]%<Conditions><Condition PropertyName=\"SearchTerms\" SearchValue=\"rogers\" Operator=\"EqualTo\" QuerySuffix=\" AND \" StartGroupString=\"\" EndGroupString=\"\" Index=\"0\" SearchType=\"String\"/> <Condition PropertyName=\"NetBiosName\" SearchValue=\"CALDAP-NEW2\" Operator=\"EqualTo\" QuerySuffix=\"\" StartGroupString=\"\" EndGroupString=\"\" Index=\"0\" SearchType=\"String\"/></Conditions>" } }
Sample Responses
IN THIS ARTICLE
- No labels