Share via

How to connect to Azure Active Directory data using LDAP server

Lakshmi Narayana Sarma Bhamidipati 30 Reputation points
2024-07-04T10:27:37.02+00:00

We are trying to get Azure Active Directory data like AD Users, AD Groups into ADLS. There is one LDAP server configured. How to fetch data from AD into ADLS. Please let me know in detail. Thank you for your help.

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,236 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vinodh247 13,626 Reputation points
    2024-07-04T14:34:10.85+00:00

    Hi Lakshmi Narayana Sarma Bhamidipati,

    Thanks for reaching out to Microsoft Q&A.

    To fetch Azure Active Directory (AD) data such as AD Users and AD Groups into Azure Data Lake Storage (ADLS), you can try the following approaches:

    Approach 1:

    Configure Azure AD for LDAP Authentication:

    Enable LDAP on your Azure AD tenant and configure your LDAP client to use Azure AD as the authentication source.

    Use Azure AD Connect:

    Install Azure AD Connect to synchronize your local AD with Azure AD and configure an LDAP connector.

    Query AD Data:

    Use T-SQL with OPENROWSET or ADSDSOObject to access user data from LDAP.

    Synchronize with AD LDS:

    Configure Azure AD Connect with Active Directory Lightweight Directory Services (AD LDS) for synchronization.

    These steps will help you integrate AD data into ADLS using the configured LDAP server

    Approach 2:

    Step 1: Register an Application in Azure AD

    1. Go to the Azure portal and navigate to Azure Active Directory.
    2. Under App registrations, click on New registration.
    3. Provide a name for the application, select the supported account types, and click Register.
    4. Once the app is registered, note down the Application (client) ID and Directory (tenant) ID.
    5. Under Certificates & secrets, create a new client secret and note it down.

    Step 2: Set API Permissions for the App

    1. In the registered app, go to API permissions.
    2. Click on Add a permission and select Microsoft Graph.
    3. Add the necessary permissions to read users and groups (e.g., User.Read.All, Group.Read.All).
    4. Grant admin consent for the permissions.

    Step 3: Create a Linked Service in Azure Data Factory

    1. Go to the Azure portal and navigate to Azure Data Factory.
    2. In your Data Factory, go to Manage and then Linked Services.
    3. Click on New and select Azure Data Lake Storage Gen2.
    4. Provide the necessary details to connect to your ADLS account.

    Step 4: Create a Linked Service for Azure AD

    1. In the same Linked Services section, create a new linked service.
    2. Select HTTP as the type.
    3. Configure the HTTP linked service to connect to the Microsoft Graph API:
      • Base URL: https://graph.microsoft.com/v1.0/
        • Authentication type: Service Principal
          • Tenant: Your Azure AD tenant ID
            • Service Principal ID: Your Application (client) ID
              • Service Principal Key: Your client secret

    Step 5: Create a Pipeline to Extract Data

    1. In Azure Data Factory, go to Author & Monitor and create a new pipeline.
    2. Add an HTTP dataset to fetch data from Azure AD:
      • Set the linked service to the HTTP linked service created earlier.
      • Configure the relative URL to point to the desired endpoint (e.g., /users or /groups).
    3. Add an Azure Data Lake Storage Gen2 dataset to write data to ADLS.
    4. Use a Copy Data activity to copy data from the HTTP dataset to the ADLS dataset.

    Note: The above approaches are examples, you will have to tweak or change to suit according to your requirements.

    Please 'Upvote'(Thumbs-up) and 'Accept' as an answer if the reply was helpful. This will benefit other community members who face the same issue.