Announcement

Collapse
No announcement yet.

LDAP query to get all users from multiple OUs

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • LDAP query to get all users from multiple OUs

    Hi Everyone,
    I'm new to LDAP querying and have googled for an answer but nothing.
    Basically, I have OUs of with users within each year (and every year a new OU is added):
    -Year
    --2008
    ---TempStaff
    --2009
    ---TempStaff
    --2010
    ---TempStaff
    --Test
    --Sample


    Now I can return all OUs with a 2 in it:
    (&(objectclass=organizationalunit)(ou=2*))

    But I'm trying to pull out users who are in OUs beginning with 2 and also in TempStaff. All I have is (objectclass=user) which returns everyone - how would I incorporate (&(objectclass=organizationalunit)(ou=2*)) with this query?

    Thanks for your time and help,

    Jon

  • #2
    Re: LDAP query to get all users from multiple OUs

    If you would rather use a user friendly GUI for getting information out of AD then you might want to look at my AD querying tool, AD Info (just google "cjwdev ad info" and you will find it).
    Software for IT Pros that I've written: http://www.cjwdev.co.uk/Software.html

    My blog: http://cjwdev.wordpress.com

    Comment


    • #3
      Re: LDAP query to get all users from multiple OUs

      Sometimes, people just want to do things for themselves, for any number of reasons, not least is just learning how to do things and how to understand things.


      While your applications look interesting and useful, out of 5 posts on this forum, 2 have directly referenced your applications, while offering very little else.

      I'm not saying you can't, or shouldn't, recommend your applications (and indeed, I'm not really in a POA to do so) I'm suggesting that you maybe use some of the knowledge that you must have gained to write those applications, and help others out in gaining that same knowledge, rather than just pushing your own applications.
      Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

      Comment


      • #4
        Re: LDAP query to get all users from multiple OUs

        Yeah I do appreciate that, and I don't want to just look like I'm only here to advertise my software, but whilst sometimes people do want to figure things out for themselves and learn, a lot of the time people just want the easiest and quickest way to get the information they are after so I was just offering a suggestion for an easier way to do this. I wrote AD Info to make this kind of thing easier, so it seems daft not to at least mention it when someone is trying to do exactly what my program is designed for.

        Also, whilst I am not that active on this particular forum, I do spend a lot of time helping people on other forums (spiceworks, vbforums, MSDN, Technet, etc) and posting helpful tips on my blog and of course writing several free apps for IT Pros as well, so please don't just think I'm some selfish guy just out to advertise my software in any way I can.
        Software for IT Pros that I've written: http://www.cjwdev.co.uk/Software.html

        My blog: http://cjwdev.wordpress.com

        Comment


        • #5
          Re: LDAP query to get all users from multiple OUs

          nah nah, I never said you were selfish, or seemed selfish.
          my point was more along the lines of my view that your post may have been more valuable if it was something like


          "well, you could try this, this and this. If you want to do it graphically though, you could use my tool adinfo, which would save heaps of time"
          Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

          Comment


          • #6
            Re: LDAP query to get all users from multiple OUs

            Yeah well to be honest I was also going to offer an LDAP filter that would do what he wanted but I couldn't get it to work and then got given a fairly urgent job at work and though well I'll look at it later and just mention AD Info for now in case that helps.

            I've had chance to look at it now and realised why what I was trying to do wouldn't work, I was trying to use the distinguishedName attribute as that holds the full path to the user account, so I was going to do something like this:
            Code:
            (&(sAMAccountType=805306368)(distinguishedName=*OU=2*))
            but this won't work (not just because of the = symbol not being escaped) because you cannot use a wildcard when querying the distinguishedName attribute. So I don't actually know of a way you could do it with a plain LDAP filter I'm afraid... be interested to see other people's suggestions.

            Oh and anyone wondering why I'm using sAMAccountType, its just an easier way of finding only user accounts rather than doing ((objectClass=user)(objectClass=person)) and also more efficient because sAMAccountType is an indexed attribute where as objectClass is not.
            Last edited by chris128; 12th May 2011, 10:37.
            Software for IT Pros that I've written: http://www.cjwdev.co.uk/Software.html

            My blog: http://cjwdev.wordpress.com

            Comment


            • #7
              Re: LDAP query to get all users from multiple OUs

              Thanks Chris for looking at it.
              I've not downloaded that app yet but will next week with time.

              I wasn't sure if it was possible or not to use a wildcard in DN.
              I guess the only way is to manually specify each OU for distinguishedName?

              Or if anyone has other ideas, would appreciate your help.

              Cheers,
              Have a nice weekend,
              Jon

              Comment


              • #8
                Re: LDAP query to get all users from multiple OUs

                Originally posted by jonspurs View Post
                I guess the only way is to manually specify each OU for distinguishedName?
                I don't think that will work, because the distinguishedName is not just the OUs, it includes the name of the user account as well and as you can't use a wildcard you can't really make this work for more than one account at a time. Not sure how familiar you are with distinguished names but if you had a domain called mydomain.local and in there you had an OU called SiteA and then an OU within there named OfficeA and you had a user account in there called John Smith then the distinguished name for that user would be:
                Code:
                CN=John Smith,OU=OfficeA,OU=SiteA,DC=mydomain,DC=local
                Not wanting to just plug my app again but I think in this particular case you are not going to be able to do it with a plain LDAP query and will need to use a third party application like AD Info. Like I said though, if anyone else knows of another way to do it I would be keen to see it
                Software for IT Pros that I've written: http://www.cjwdev.co.uk/Software.html

                My blog: http://cjwdev.wordpress.com

                Comment

                Working...
                X