I want to create a query in my 2003 AD.
I want to list all the users which are member of a particular set of groups,
like all members of the groups which contain the word "Sales"
if I can't do this by security group membership, can I do this by OU?
All user under all OU which contain the word "sales"
I have try this:
(&(objectCategory=person)(objectClass=user)(dn=*sales*))
without success.
I have also a group called "All sales security group" which contain all the
sales groups I want to identify.
thanks for your help.
Jerome.
If you want to search for all users who are in a group with the word
'sales' in it, OR are in a group with the word 'marketing' in it, you'd
do this:
(&(|(memberof=*marketing*)(memberof=*sales*))(objectClass=User))
When you want to search a particular container only, just make sure
you've set your base DN properly when you search - i.e.
OU=Sales,DC=your,DC=domain,DC=com.
Bill
Joe K.
"Bill Nitz" <wcn...@gmail.com> wrote in message
news:1109768720.8...@f14g2000cwb.googlegroups.com...
Sorry for the misinformation.
Joe K.
"Bill Nitz" <wcn...@gmail.com> wrote in message
news:1109781107.8...@f14g2000cwb.googlegroups.com...
I'll use another method i think
"Joe Kaplan (MVP - ADSI)" <joseph....@removethis.accenture.com> wrote
in message news:%23Ww2pZ1...@TK2MSFTNGP15.phx.gbl...
adfind (www.joeware.net) will do this, but it does it by filtering the records
after they are returned, there is no way to query with a wildcard DN value as
JoeK mentions.
As for doing it through the groups, you could retrieve all groups that match
your criteria
&(objectcategory=group)(name=*sales*)
then take the returned DNs and form an OR query so that it ends up looking like
&(objectcategory=person)(objectclass=user)(|(memberof=somedn)(memberof=somedn2)(memberof=somedn3)(etc))
joe
--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net
only 1 memberof return the list of user, but with 2 memberof (with the |
(or) syntax) nothing returned.
The user appear only in 1 of the 2 groups.
"Joe Richards [MVP]" <humore...@hotmail.com> wrote in message
news:e1U4j0ZI...@TK2MSFTNGP09.phx.gbl...
I have retyped entirely the query, and now the same syntax works fine, the
only difference :
a carriage return in the query!
without CR the query works, with a CR the query doesn't works!
"Jéjé" <willgart_A_@hotmail_A_.com> wrote in message
news:edcq4QDJ...@TK2MSFTNGP10.phx.gbl...
--
Paul Williams
http://www.msresource.net/
http://forums.msresource.net/
So is the query tool shipped from MS bugged?
e-
(&(objectCategory=user)(memberOf=admins))
It would have to be:
(&(objectCategory=user)(memberOf=CN=Domain
Admins,CN=whatever,DC=etc,DC=com))
memberOf is a DN-syntax attribute and must be an exact match.
Also, remember that this query won't return users that are members of that
group via nesting.
Joe K.
"Eric - ARUP" <Eric...@discussions.microsoft.com> wrote in message
news:99A3FA4F-23D4-4498...@microsoft.com...
I had to change CN=whatever to be 'OU=Security Groups', or in this case the
place where the group 'domain admins' was located. Which threw me off cause
the objectCategory was user so i thought i had to search the CN that had my
users in it. Which was a different place.
thanks for the follow up help Joe.
e-
Hopefully that helps make some sense. I think file system analogies are the
most useful for learning LDAP searches since most people are pretty familiar
with how the work. The only problem is that file system files don't really
have a good analogy for attributes, unless you count the basics like last
modified date.
The good thing about LDAP is that it is 10X simpler than SQL as the data is
not relational and there are many fewer options. However, it is a little
weird getting used to. :)
Joe K.
"Eric - ARUP" <Eric...@discussions.microsoft.com> wrote in message
news:1F27AAC1-D224-43BA...@microsoft.com...