+ Post New Thread
Results 1 to 8 of 8
How do you do....it? Thread, LDAP Query Language against AD in Technical; I'm using the MS Active Directory Users and Computers Management Console, using find, selecting custom search and then clicking on ...
  1. #1


    Join Date
    May 2009
    Posts
    2,943
    Thank Post
    259
    Thanked 773 Times in 588 Posts
    Rep Power
    284

    LDAP Query Language against AD

    I'm using the MS Active Directory Users and Computers Management Console, using find, selecting custom search and then clicking on teh advanced tab to run queries. Simple queries, (objectClass=person) work fine. I'm trying to build a query which lists the members of a group, it should be :

    (&(objectClass=person)(memberOf=CN=<group>,OU=<o rg unit>,DC=<domain>,DC=org,DC=uk))

    But it doesn't work. Infact, even

    (ObjectClass=person, OU=Users,DC=<domain>,DC=org,DC=uk)

    Doesn't work. I need to know what stupid I am doing!

  2. #2

    Join Date
    Jan 2007
    Location
    Nottinghamshire
    Posts
    530
    Thank Post
    1
    Thanked 84 Times in 58 Posts
    Rep Power
    38
    I use

    (&(objectCategory=person)(ObjectClass=user)(member of=CN=groupname,OU=Groups,DC=school,DC=local)(!(us erAccountControl:1.2.840.113556.1.4.803:=2))

    for enabled users in a group groupname in an ou Groups in a domain school.local, so remove the last part for all users

    (&(objectCategory=person)(ObjectClass=user)(member of=CN=groupname,OU=Groups,DC=school,DC=local))

  3. Thanks to mavhc from:

    pcstru (25th April 2013)

  4. #3


    Join Date
    May 2009
    Posts
    2,943
    Thank Post
    259
    Thanked 773 Times in 588 Posts
    Rep Power
    284
    Thankyou. That's helpful.

  5. #4


    Join Date
    May 2009
    Posts
    2,943
    Thank Post
    259
    Thanked 773 Times in 588 Posts
    Rep Power
    284
    Where I seem to be struggling is where the group lives in a container or OU other than the root I'm searching from. So we have something like

    School.Local->Users
    School.Local->Teachers
    School.Local->Students

    The group "Domain Users" lives in the container Users, but the people I want listed will be in Teachers or Students. So

    (&(objectCategory=person)(ObjectClass=user)(member of=CN=Domain Users,CN=Users,DC=<School>))

    will list people/users in the container Users, but

    (&(objectCategory=person)(ObjectClass=user)(member of=CN=Domain Users,OU=Teachers,DC=<School>))

    Returns no results. Does that make sense to anyone? If so, any thoughts?

  6. #5
    Hedghog's Avatar
    Join Date
    Jul 2006
    Location
    North Wales
    Posts
    194
    Thank Post
    35
    Thanked 17 Times in 16 Posts
    Rep Power
    37
    I think if your domain name inclues the .local suffix there should be an entry for DC=local

  7. #6


    Join Date
    May 2009
    Posts
    2,943
    Thank Post
    259
    Thanked 773 Times in 588 Posts
    Rep Power
    284
    The domain is something.org.uk , so where I have written DC=<School> the actual content expands to DC=something,DC=org,DC=uk

  8. #7

    Join Date
    Jan 2007
    Location
    Nottinghamshire
    Posts
    530
    Thank Post
    1
    Thanked 84 Times in 58 Posts
    Rep Power
    38
    Don't confuse OUs and Groups, you're wanting to restrict the search to within an OU?

  9. #8


    Join Date
    May 2009
    Posts
    2,943
    Thank Post
    259
    Thanked 773 Times in 588 Posts
    Rep Power
    284
    Quote Originally Posted by mavhc View Post
    Don't confuse OUs and Groups, you're wanting to restrict the search to within an OU?
    I want the search to run across all OU's in the domain, regardless of what OU the group is in. The solution seems to be to make sure the group itself is at the root of the domain organisational structure.

SHARE:
+ Post New Thread

Similar Threads

  1. Authenticate IIS against AD transparently
    By FN-GM in forum Web Development
    Replies: 19
    Last Post: 22nd September 2010, 10:53 PM
  2. Replies: 1
    Last Post: 4th November 2009, 05:30 PM
  3. Replies: 24
    Last Post: 15th April 2008, 09:54 AM
  4. Run LDAP query intranet server
    By ryan_powell in forum Web Development
    Replies: 4
    Last Post: 18th February 2008, 02:23 PM
  5. DNS LDAP query
    By SpuffMonkey in forum Wireless Networks
    Replies: 1
    Last Post: 5th February 2007, 04:26 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •