Blackwell_tech
asked on
Simple LDAP query not working
I am trying to run the simplest of LDAP queries, via an advanced custom search in ADUC. All I want to do is to list all the members of a particular group, let's call it MyGroup.
So I am entering the query (memberOf=MyGroup)
This should return what I need, no? If I try (memberOf=*) then it duly returns every object whose group membership is not null. But if you actually specify which group you want it to return (any group - I've tried many), it just returns zero results.
It's starting to drive me very slightly insane - can anyone offer any help or explanation?!
This is a Win2003 domain in native mode.
Thank you!
So I am entering the query (memberOf=MyGroup)
This should return what I need, no? If I try (memberOf=*) then it duly returns every object whose group membership is not null. But if you actually specify which group you want it to return (any group - I've tried many), it just returns zero results.
It's starting to drive me very slightly insane - can anyone offer any help or explanation?!
This is a Win2003 domain in native mode.
Thank you!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Just thought of something.....the above will work if searching from the default query root level of "domain.name".... you may have to adjust the string if searching for trusted forrests/domains, etc.
I do find it strange that if you change the query root to the OU where your Group actually resides, and run a simpe (memberOf=MyGroup), it doesn't display any results. I'd be all ears if someone could elaborate on that one...
I do find it strange that if you change the query root to the OU where your Group actually resides, and run a simpe (memberOf=MyGroup), it doesn't display any results. I'd be all ears if someone could elaborate on that one...
ASKER
Thanks trippleO7, that worked a treat ;o) It had been bugging us for ages!!
Appreciate your help.
Appreciate your help.
I still don't fully understand if/why they designed it this way either. Because you can run other queries (computers, OS's, etc) and it will work without all the extra search strings.
mygroup*
or
MYGROUP*
perhaps it's a case issue?
I have a script that would do this for you, if you're interested...