Announcement

Collapse
No announcement yet.

LDAP query for OU

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • LDAP query for OU

    I currently have the following AD setup

    CompanyName.com
    OU= MyOU1
    CN= MyGroup1 (which contains 2 uers)
    OU = MyOU2
    CN= MyGroup2 (Which contains 1 users)


    I am trying to build a LDAP query to retrieve all three users from the 2 groups

    if I go directly to the CN
    (memberOf=CN=MyGroup1,OU=MyOU1,DC=ComapnyName,DC=C om)
    I will get my 2 users but what I want is to be able to query the OU above (MyOU1). Becasue the reality is I have 700 groups under this OU so writing a query for each would be insane.
    memberof is not a property of an OU, can anyone please tell me what I should use?

  • #2
    Re: LDAP query for OU

    You'll have to specify both values using the OR operator ("|")

    (the boolean operators available to use in a LDAP query are: AND ("&"), OR ("|"), and NOT ("!"))


    Query:

    Search AD explicitly for User objects,
    Code:
    search filter: (&(objectCategory=person)(ObjectClass=user))
    Where its memberOff attribute contains at leased one of the defined DN's of specific groups,
    Code:
    search filter: (&(|(memberOf=cn=MyGroup1,ou=MyOU1,dc=CompanyName,dc=com)(memberOf=cn=MyGroup2,ou=MyOU2,dc=CompanyName,dc=com)))

    The whole LDAP query string will then be like:
    Code:
    (&(objectCategory=person)(ObjectClass=user)(|(memberOf=cn=MyGroup1,ou=MyOU1,dc=CompanyName,dc=com)(memberOf=cn=MyGroup2,ou=MyOU2,dc=CompanyName,dc=com)))
    \Rems

    This posting is provided "AS IS" with no warranties, and confers no rights.

    __________________

    ** Remember to give credit where credit's due **
    and leave Reputation Points for meaningful posts

    Comment


    • #3
      Re: LDAP query for OU

      Hi,

      if you can install powershell and quest ad command lets (both free).

      Then you can use this script. It will do all for you. Just run the script with group name as parameter. It will automatically find the group in ad, enumerate the group members and gives u total count. Very helpful script. I have used it in several occasions and it works like charm

      save the script as somename.ps1
      **********************************************
      ###################################
      # Get-MyGroupMembersRecursive.ps1 #
      # Created by Hugo Peeters #
      # http://www.peetersonline.nl #
      ###################################

      param($ParentGroupNames)

      $Global:myCol = @()

      function Indent
      {
      param([Int]$Level)
      $Global:Indent = $null
      For ($x = 1 ; $x -le $Level ; $x++)
      {
      $Global:Indent += "`t"
      }
      }

      function Get-MySubGroupMembersRecursive
      {
      param($DNs)
      ForEach ($DN in $DNs)
      {
      $Object = Get-QADObject $DN
      If ($Object.Type -eq "Group")
      {
      $i++
      Indent $i
      Write-Host ("{0}{1}" -f $Indent,$Object.DisplayName) -ForegroundColor "yellow"
      $Group = Get-QADGroup $DN
      If ($Group.Members.Length -ge 1)
      {
      Get-MySubGroupMembersRecursive $Group.Members
      }
      $i--
      Indent $i
      Clear-Variable Group -ErrorAction SilentlyContinue
      }
      Else
      {
      $userfound = Get-QADUser $DN | Select Name, Email
      Write-Host ("{0} {1}" -f $Indent,$userfound.Name)
      $Global:myCol += $userfound
      Clear-Variable userfound -ErrorAction SilentlyContinue
      }
      }
      }

      ForEach ($ParentGroupName in $ParentGroupNames)
      {
      $Global:Indent = $null
      $ParentGroup = Get-QADGroup -Name $ParentGroupName
      Write-Host "====================="
      Write-Host " TREE VIEW PER GROUP"
      Write-Host "====================="
      Write-Host ("{0}" -f $ParentGroup.DisplayName) -ForegroundColor "yellow"
      If ($ParentGroup -eq $null)
      {
      Write-Warning "Group $ParentGroupName not found."
      break
      }
      Else
      {
      $FirstMembers = $ParentGroup.Members
      ForEach ($member in $firstmembers)
      {
      Get-MySubGroupMembersRecursive $member
      }
      }
      }
      Write-Host ""
      Write-Host "====================="
      Write-Host " All Unique Members: "
      Write-Host "====================="
      $myCol | Sort Name | Select Name, Email -Unique
      **********************************************
      Thanks & Regards
      v-2nas

      MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
      Sr. Wintel Eng. (Investment Bank)
      Independent IT Consultant and Architect
      Blog: http://www.exchadtech.blogspot.com

      Show your appreciation for my help by giving reputation points

      Comment

      Working...
      X