Using LDAP for saved queries in AD

A friend asked me about setting up a query for returning all the users in one group.

I first tried to set it up by using the wizard which I could noit get to work and then I found the option called “Custon Search” which uses a standard LDAP query. I tried this and after a little fiddeling around finding the correct CN I came up with this:

(&(objectcategory=person)(objectclass=user)(memberof=CN=Group,OU=OrgUnit,DC=domain,DC=local))

The problem from the beginning was that I did not use the CN (eg CN=Group ,OU=OrgUnit,DC=domain,DC=local)

If you want to find all users NOT in a certain group you use:

(&(objectcategory=person)(objectclass=user)(!(memberof=CN=Group,OU=OrgUnit,DC=domain,DC=local)))

While looking around I also found this for finding disabled users:

(&(objectcategory=person)(objectclass=user)(userAccountControl:1.2.840.113556.1.4.803:=2))

Here is a link to some other LDAP queries.

Comments

Leave a Reply

To respond on your own website, enter the URL of your response which should contain a link to this post's permalink URL. Your response will then appear (possibly after moderation) on this page. Want to update or remove your response? Update or delete your post and re-enter your post's URL again. (Find out more about Webmentions.)