top of page
  • kevinkeathley3

Case Study: Other FPL Uses - AD Verification

Fluency Processing Language Naming Compliance

Fluency’s FPL has other uses than just event queries. One such case is the use of FPL to validate an organization's Active Directory schema. This is a situation where an organization has specific rules that need to be followed for naming conventions, e-mail addresses, required data, etc.

FPL can pull and query against what Fluency refers to as Resources. Resources are data trees that are pulled periodically such as Active Directory, Office 365 Users, Office 365 Applications, and more. Using these resources, Fluency can then use FPL to verify certain organizational rules.

For example, here the FPL will load data from Active Directory for a specific group and then process the data to ensure that naming conventions are followed:

function loadAccounts()
    load resource ADUser
    let {sAMAccountName,userPrincipalName, distinguishedName} = f("@ADUser")
    where   sEndswith(distinguishedName,"OU=User Accounts,OU=Users,OU=AmericasDC=SAMPLE,DC=ORG")

stream accts=loadAccounts()
where not sRegexp(userPrincipalName,"^[A-Za-z\-]+\.[A-Za-z\-]+[0-9]*@SAMPLE\.ORG$") or
        not sRegexp(sAMAccountName,"^[A-Za-z\-]{2,8}[0-9]*$") and
        not sRegexp(sAMAccountName,"^tst-[A-Za-z\-]{2,8}[0-9]*$")
table sAMAccountName, userPrincipalName, distinguishedName
export BadNames

As you can see here, the FPL loads the AD data (list of users and their information) and applies several filters to identify bad account names. It verifies each principal name ends in SAMPLE.ORG (the e-mail address) and follows the organization’s e-mail schema (letters dot letters optional numbers).

Then, the FPL applies similar filters against the SAM account names to ensure that the names were converted properly (letters dash length 2 to 8 optional numbers with exceptions for test accounts (tst prepending).

Due to the flexibility of FPL, organizations are now able to use it to verify that their domains (for example) follow their company’s naming schema. This can shorten the time it takes administrators to do the same manually across large organizations where they have many sub-orgs that manage their own trees. Of course, Active Directory is just one example.

36 views0 comments


bottom of page