Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » need LDAP query to capture nested group ?
need LDAP query to capture nested group ? [message #156723] Wed, 24 June 2009 01:18 Go to next message
vivekmohan  is currently offline vivekmohan  United States
Messages: 1
Registered: June 2009
Junior Member
hi all,

i need LDAP query to capture the nested group for identified server (s)
per identified domain..?

i have assigned permission list of server (list of server with
permission assigned) for that server(s) i need to capture nested group
for each unique domain need LDAP query to reslove this........


--
vivekmohan
------------------------------------------------------------ ------------
vivekmohan's Profile: http://forums.techarena.in/members/108111.htm
View this thread: http://forums.techarena.in/active-directory/1202690.htm

http://forums.techarena.in
Re: need LDAP query to capture nested group ? [message #156727 is a reply to message #156723] Wed, 24 June 2009 04:13 Go to previous messageGo to next message
rlmueller-nospam  is currently offline rlmueller-nospam  United States
Messages: 292
Registered: July 2009
Senior Member
"vivekmohan" <vivekmohan.3u9xfb@DoNotSpam.com> wrote in message
news:vivekmohan.3u9xfb@DoNotSpam.com...
>
> hi all,
>
> i need LDAP query to capture the nested group for identified server (s)
> per identified domain..?
>
> i have assigned permission list of server (list of server with
> permission assigned) for that server(s) i need to capture nested group
> for each unique domain need LDAP query to reslove this........
>
>
> --
> vivekmohan

To retrieve all members of a group, including members of nested groups, you
can use the dsget command line utility. For example:

dsget group "cn=Test Group,ou=West,dc=MyDomain,dc=com" -members -expand

No single LDAP query will do this. You would need to query recursively.

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--
RE: need LDAP query to capture nested group ? [message #156735 is a reply to message #156723] Wed, 24 June 2009 08:49 Go to previous messageGo to next message
pber  is currently offline pber
Messages: 4
Registered: June 2009
Junior Member
"vivekmohan" wrote:

>
> hi all,
>
> i need LDAP query to capture the nested group for identified server (s)
> per identified domain..?
>
> i have assigned permission list of server (list of server with
> permission assigned) for that server(s) i need to capture nested group
> for each unique domain need LDAP query to reslove this........
>
>
> --
> vivekmohan
> ------------------------------------------------------------ ------------
> vivekmohan's Profile: http://forums.techarena.in/members/108111.htm
> View this thread: http://forums.techarena.in/active-directory/1202690.htm
>
> http://forums.techarena.in
>
>

You can dump all users from nested groupsif you use the LDAP-match-in-chain
rule (http://msdn.microsoft.com/en-us/library/aa746475(VS.85).aspx).

For example, to see all users nested within the Administrators group you
would use this command:
(&(objectCategory=person)(memberOf:1.2.840.113556.1.4.19 41:=cn=administrators,cn=Builtin,dc=yourdomain,dc=com))
Re: need LDAP query to capture nested group ? [message #156742 is a reply to message #156735] Wed, 24 June 2009 10:26 Go to previous messageGo to next message
rlmueller-nospam  is currently offline rlmueller-nospam  United States
Messages: 292
Registered: July 2009
Senior Member
"pber" <pber@discussions.microsoft.com> wrote in message
news:6F6C4E53-FA84-4EE2-A716-ADB6BF70AF2F@microsoft.com...
> "vivekmohan" wrote:
>
>>
>> hi all,
>>
>> i need LDAP query to capture the nested group for identified server (s)
>> per identified domain..?
>>
>> i have assigned permission list of server (list of server with
>> permission assigned) for that server(s) i need to capture nested group
>> for each unique domain need LDAP query to reslove this........
>>
>>
>> --
>> vivekmohan
>> ------------------------------------------------------------ ------------
>> vivekmohan's Profile: http://forums.techarena.in/members/108111.htm
>> View this thread: http://forums.techarena.in/active-directory/1202690.htm
>>
>> http://forums.techarena.in
>>
>>
>
> You can dump all users from nested groupsif you use the
> LDAP-match-in-chain
> rule (http://msdn.microsoft.com/en-us/library/aa746475(VS.85).aspx).
>
> For example, to see all users nested within the Administrators group you
> would use this command:
> (&(objectCategory=person)(memberOf:1.2.840.113556.1.4.19 41:=cn=administrators,cn=Builtin,dc=yourdomain,dc=com))
>

I forgot about the LDAP_MATCHING_RULE_IN_CHAIN operator. Thanks for pointing
this out. However, it requires a hotfix applied to Windows Server 2003,
unless you have the x64 version (or you have Windows Server 2008). See this
link:

http://support.microsoft.com/kb/914828

Also, note the error in the first link (the extra parentheses), pointed out
by Joe Richards.

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--
Re: need LDAP query to capture nested group ? [message #156746 is a reply to message #156742] Wed, 24 June 2009 12:40 Go to previous message
pber  is currently offline pber
Messages: 4
Registered: June 2009
Junior Member
"Richard Mueller [MVP]" wrote:

>
> "pber" <pber@discussions.microsoft.com> wrote in message
> news:6F6C4E53-FA84-4EE2-A716-ADB6BF70AF2F@microsoft.com...
> > "vivekmohan" wrote:
> >
> >>
> >> hi all,
> >>
> >> i need LDAP query to capture the nested group for identified server (s)
> >> per identified domain..?
> >>
> >> i have assigned permission list of server (list of server with
> >> permission assigned) for that server(s) i need to capture nested group
> >> for each unique domain need LDAP query to reslove this........
> >>
> >>
> >> --
> >> vivekmohan
> >> ------------------------------------------------------------ ------------
> >> vivekmohan's Profile: http://forums.techarena.in/members/108111.htm
> >> View this thread: http://forums.techarena.in/active-directory/1202690.htm
> >>
> >> http://forums.techarena.in
> >>
> >>
> >
> > You can dump all users from nested groupsif you use the
> > LDAP-match-in-chain
> > rule (http://msdn.microsoft.com/en-us/library/aa746475(VS.85).aspx).
> >
> > For example, to see all users nested within the Administrators group you
> > would use this command:
> > (&(objectCategory=person)(memberOf:1.2.840.113556.1.4.19 41:=cn=administrators,cn=Builtin,dc=yourdomain,dc=com))
> >
>
> I forgot about the LDAP_MATCHING_RULE_IN_CHAIN operator. Thanks for pointing
> this out. However, it requires a hotfix applied to Windows Server 2003,
> unless you have the x64 version (or you have Windows Server 2008). See this
> link:
>
> http://support.microsoft.com/kb/914828
>
> Also, note the error in the first link (the extra parentheses), pointed out
> by Joe Richards.
>
> --
> Richard Mueller
> MVP Directory Services
> Hilltop Lab - http://www.rlmueller.net
> --

Thanks for the hotfix info. That hotfix must have been integrated into SP2
as I have never applied it and it works like a charm. To be honest, I never
use that specific filter prior to when we went to SP2.
Previous Topic:Change ADAM Service A/c Password
Next Topic:New AD tree or AD forest?
Goto Forum:
  


Current Time: Wed Jan 17 04:12:42 MST 2018

Total time taken to generate the page: 0.02153 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software