Announcement

Collapse
No announcement yet.

Query total users across two groups?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Query total users across two groups?

    Hello,

    I've had a requirement to query the AD for total users across two groups. Unfortunately when I run my query is only brings back the users which have membership to the two groups I specify.

    Is there anyway to run a query to say : Give me a list of all the users from group A and the group B together in one list? - I need to do achieve this via an LDAP query.

    Thanks

    GGTD

  • #2
    Re: Query total users across two groups?

    dsget group "DN" "DN" -members

    Comment


    • #3
      Re: Query total users across two groups?

      Originally posted by Meekrobe View Post
      dsget group "DN" "DN" -members
      thanks for the feedback but I actually need the LDAP query - I need to feed this into another program which will use the query.

      Comment


      • #4
        Re: Query total users across two groups?

        (&(objectClass=user)(|(memberOf=DN)(memberOf=DN) ))

        Comment


        • #5
          Re: Query total users across two groups?

          Originally posted by Meekrobe View Post
          (&(objectClass=user)(|(memberOf=DN)(memberOf=DN) ))
          this is the query I have been using.

          It only reports back with users who have member ship of both groups - it won't list the content off all users from both groups.

          Comment


          • #6
            Re: Query total users across two groups?

            (&(objectClass=user)(|(memberOf=DN)(memberOf=DN) )) = members of either group

            (&(objectClass=user)(&(memberOf=DN)(memberOf=DN) )) = members of both groups

            Works as expected on my system.

            Comment


            • #7
              Re: Query total users across two groups?

              Originally posted by Meekrobe View Post
              (&(objectClass=user)(|(memberOf=DN)(memberOf=DN) )) = members of either group

              (&(objectClass=user)(&(memberOf=DN)(memberOf=DN) )) = members of both groups

              Works as expected on my system.
              ahhh, haven't tried the latter combination out yet - i shall try soon and let you know.

              ta

              Comment


              • #8
                Re: Query total users across two groups?

                Hi,

                Right, that worked fine returned all users as expected.

                However I also wanted to filter these accounts at the same time so 'disabled' accounts are not included.

                Again, I've tried my query in various forms but doesn't work. Any ideas?

                (&(objectCategory=user)(|(memberOf=OU=Group1,DC=do main,DC=co,DC=uk)(memberOf=CN=Group2,DC=domain,DC= co,DC=uk)(!(userAccountControl:1.2.840.113556.1.4. 803:=2))))


                Any ideas?


                Thanks

                Comment


                • #9
                  Re: Query total users across two groups?

                  Try (objectCategory=user)(!userAccountControl:1.2.840. 113556.1.4.803:=2)(|(memberOf=DN)(memberOf=DN))

                  Comment


                  • #10
                    Re: Query total users across two groups?

                    note: The forums will add automatically a space after 50 characters_without_one_space_in_between!!
                    So if you have copied the code from one of the posts above and it does not work -> check for space that doesn't belong in the LDAP filter string.

                    Is best to wrap 'code' in [code]-tags by using the # button to avoid spaces being automatically added.

                    [code]
                    Code:
                     
                    (&(objectCategory=person)(ObjectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(|(memberOf=CN=Group1,OU=My Groups,DC=domain,DC=co,DC=uk)(memberOf=CN=Group2,OU=My Groups,DC=domain,DC=co,DC=uk)))
                    [/code]


                    And,
                    Ofcourse you know that there are just users in the group so in this case the clause (objectCategory=user) will return just user objects. But you must keep in mind that just this clause can return both User and Computer objects. If you want User objects only use a filter like (&(objectCategory=person)(ObjectClass=user))

                    \Rems

                    This posting is provided "AS IS" with no warranties, and confers no rights.

                    __________________

                    ** Remember to give credit where credit's due **
                    and leave Reputation Points for meaningful posts

                    Comment


                    • #11
                      Re: Query total users across two groups?

                      Originally posted by Meekrobe View Post
                      Try (objectCategory=user)(!userAccountControl:1.2.840. 113556.1.4.803:=2)(|(memberOf=DN)(memberOf=DN))
                      sorted - all done putting the accountcontrol element first resolve the issue.

                      thanks

                      Comment


                      • #12
                        Re: Query total users across two groups?

                        Originally posted by golfgtdude View Post
                        putting the accountcontrol element first resolve the issue.
                        Formally, that is not the correct conclusion because this will work too;
                        Code:
                         
                        (&(objectCategory=person)(ObjectClass=user)(|(memberOf=CN=Group1,OU=My Groups,DC=domain,DC=co,DC=uk)(memberOf=CN=Group2,OU=My Groups,DC=domain,DC=co,DC=uk))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
                        This was what you did at first, userAccountControl is in the red colored compound filter with the "OR" operator (Notice the "|" that means "OR")
                        Code:
                        (&(objectCategory=user)(|(memberOf=CN=Group1,DC=domain,DC=co,DC=uk)(memberOf=CN=Group2,DC=domain,DC=co,DC=uk)(!(userAccountControl:1.2.840.113556.1.4.803:=2))))
                        The red colored part shows that you were searching for user objects that have a membership in group1 "OR" in group2 "OR" the user is not disabled. While it should have been: searching user objects that have a membership in group1 "OR" in group2 "AND" the user is not disabled.
                        - http://www.google.com/search?q=ldap filter tutorial

                        \Rems
                        Last edited by Rems; 16th August 2008, 19:45.

                        This posting is provided "AS IS" with no warranties, and confers no rights.

                        __________________

                        ** Remember to give credit where credit's due **
                        and leave Reputation Points for meaningful posts

                        Comment

                        Working...
                        X