Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » Re: LDAP Query for memeber of one group
Re: LDAP Query for memeber of one group [message #329198] Fri, 27 November 2009 10:45 Go to next message
rommel543  is currently offline rommel543  United States
Messages: 1
Registered: November 2009
Junior Member
I'm having a similar issue, except I'm attempting to pull ALL users from
AD except the ones in a specific group.

(&(objectCategory=Person)(objectClass=User)(!memberOf=CN =GroupToExclude,CN=General,CN=Security
Groups,OU=*corporate,OU=base,DC=domain,DC=com))

I did up a quick LDAP query test and found that I'm able to pull out or
filter users with the following:

(&(objectCategory=Person)(objectClass=User)(memberOf=CN= TestSharepointGroup,CN=Users,DC=domain,DC=com))
(&(objectCategory=Person)(objectClass=User)(memberOf=CN= Alberta
Region,CN=Region Distribution List,CN=Email
Distribution,OU=base,DC=domain,DC=com))

I picked a different group with in the same container as the problem
group and found this DOES NOT work:

(&(objectCategory=Person)(objectClass=User)(memberOf=CN= differnetGroup,CN=General,CN=Security
Groups,OU=*corporate,OU=base,DC=domain,DC=com))

Can anyone point to any issue with the query, or a possible issue with
a ldap query to nested OUs?


--
rommel543
------------------------------------------------------------ ------------
rommel543's Profile: http://forums.techarena.in/members/158788.htm
View this thread: http://forums.techarena.in/active-directory/1134186.htm

http://forums.techarena.in
Re: LDAP Query for memeber of one group [message #329338 is a reply to message #329198] Fri, 27 November 2009 13:40 Go to previous message
rlmueller-nospam  is currently offline rlmueller-nospam  United States
Messages: 292
Registered: July 2009
Senior Member
"rommel543" <rommel543.42bnza@DoNotSpam.com> wrote in message
news:rommel543.42bnza@DoNotSpam.com...
>
> I'm having a similar issue, except I'm attempting to pull ALL users from
> AD except the ones in a specific group.
>
> (&(objectCategory=Person)(objectClass=User)(!memberOf=CN =GroupToExclude,CN=General,CN=Security
> Groups,OU=*corporate,OU=base,DC=domain,DC=com))
>
> I did up a quick LDAP query test and found that I'm able to pull out or
> filter users with the following:
>
> (&(objectCategory=Person)(objectClass=User)(memberOf=CN= TestSharepointGroup,CN=Users,DC=domain,DC=com))
> (&(objectCategory=Person)(objectClass=User)(memberOf=CN= Alberta
> Region,CN=Region Distribution List,CN=Email
> Distribution,OU=base,DC=domain,DC=com))
>
> I picked a different group with in the same container as the problem
> group and found this DOES NOT work:
>
> (&(objectCategory=Person)(objectClass=User)(memberOf=CN= differnetGroup,CN=General,CN=Security
> Groups,OU=*corporate,OU=base,DC=domain,DC=com))
>
> Can anyone point to any issue with the query, or a possible issue with
> a ldap query to nested OUs?
>
>

Wildcard characters are not allowed in DN attributes, like memberOf
(assuming that's the purpose of the "*" character). If there are three OU's
with groups of the same name, you can AND 3 clauses, each of which specifies
the full DN of a group.

If the DN value itself includes a "*" character, it must escaped by
replacing it with "\2A".

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--
Previous Topic:Server2003 2008 error !!
Next Topic:Web pages to view/modify AD users fields
Goto Forum:
  


Current Time: Wed Jan 17 05:27:35 MST 2018

Total time taken to generate the page: 0.01910 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software