Announcement

Collapse
No announcement yet.

LDAP query

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • LDAP query

    Hi all,

    I need to build a query in AdFind which results in the users that aren't a member of one of multiple (distribution) groups. This is what I've come up with so far, but this does returns me all the users, so I've made an error, but don't see what's wrong with it:

    Code:
     
    AdFind -f "(&(objectClass=User)(objectCategory=Person)(|(!memberOf=Group 1)(!memberOf=Group 2)(!memberOf=Group 3)(!memberOf=Group 4)(!memberOf=Group 5)(!memberOf=Group 6)(!memberOf=Group 7)(!memberOf=Group 8)(!memberOf=Group 9)(!memberOf=Group 10)(!memberOf=Group 11)))" cn
    Can anyone give me some advice?

    Very kind regards,

    Duncan

  • #2
    Re: LDAP query

    You should provide the 'distinguest name' of each group, because that is how it is added to the Memberof attribute.


    Filter:
    Code:
    "(&(objectClass=User)(objectCategory=Person)(!(|(memberOf=cn=Group 1,ou=My Groups,dc=domain,dc=local)(memberOf=cn=Group 2,ou=My Groups,dc=domain,dc=local)(memberOf=cn=Group 3,ou=My Groups,dc=domain,dc=local)(memberOf=cn=Group 4,ou=My Groups,dc=domain,dc=local)(memberOf=cn=Group 5,ou=My Groups,dc=domain,dc=local)(memberOf=cn=Group 6,ou=My Groups,dc=domain,dc=local)(memberOf=cn=Group 7,ou=My Groups,dc=domain,dc=local)(memberOf=cn=Group 8,ou=My Groups,dc=domain,dc=local)(memberOf=cn=Group 9,ou=My Groups,dc=domain,dc=local)(memberOf=cn=Group 10,ou=My Groups,dc=domain,dc=local)(memberOf=cn=Group 11,ou=My Groups,dc=domain,dc=local))))"
    \Rems

    This posting is provided "AS IS" with no warranties, and confers no rights.

    __________________

    ** Remember to give credit where credit's due **
    and leave Reputation Points for meaningful posts

    Comment


    • #3
      Re: LDAP query

      Rems,

      Thanks for yor reply, your remark about the DN was very helpful.

      At first I still didn't receive the desired result from the query, but after some fiddling around with the operators, I've nailed it!!! I had to use the AND operator instead.

      This is the code I used:

      Code:
      (&(&(objectClass=User)(objectClass=Person)(!(memberOf=CN=Group 1,OU=My Groups,DC=domain,DC=local)))(!(memberOf=CN=Group 2,OU=My Groups,DC=domain,DC=local)))(!(memberOf=CN=Group 3,OU=My Groups,DC=domain,DC=local)))(!(memberOf=CN=Group 4,OU=My Groups,DC=domain,DC=local)))(!(memberOf=CN=Group 5,OU=My Groups,DC=domain,DC=local))
      Regards,

      Duncan




      Very kind regards,

      Duncan
      Last edited by snurbnacnud; 22nd March 2010, 14:42. Reason: Finally nailed it!!!

      Comment

      Working...
      X