• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 551
  • Last Modified:

Query quandries with LDAP sql dialect syntax for Active Directory

I am using asp.net to get to the Active Directory GAL for Windows 2003 and Exchange information.

1)  is the OR operator with parenthesis supported in the SQL dialect of LDAP?
This works but results don't reflect the msExchHideFromAddressLists or mail criteria:
   strQuery = "SELECT cn,telephoneNumber,physicalDeliveryOfficeName,title,company,sn,objectClass, " _
& "from 'LDAP://MYSERVERl' "  _
& "where  objectClass='user'  or  objectClass='group'  and msExchHideFromAddressLists<>TRUE and mail='*' "  _
& "order by cn"

But this doesn't work and returns an error:
   strQuery = "SELECT cn,telephoneNumber,physicalDeliveryOfficeName,title,company,sn,objectClass, " _
& "from 'LDAP://MYSERVER' "  _
& "where  (objectClass='user'  or  objectClass='group')  and msExchHideFromAddressLists<>TRUE and mail='*' "  _
& "order by cn"

2) And how do I limit the query to truly just 'users'?
My results above return more than just Objectclass=User, computer accounts are also included.  
In ActiveDirectory Users and Computers, on a computer object on the 'Object' tab reports it as: "Computer"
BUT in ADSI that same object reports values in an array style list - the top one is 'computer' but the full list includes others:
Computer
OrganizationalPerson
Person
top
user

0
thefumbler
Asked:
thefumbler
  • 2
1 Solution
 
ihenryCommented:
1) Yes.
The error might because of unsupported attribute used in the criteria isn'by object returned from the query.

2) Try
SELECT [field list...]
FROM [yourAdsPath]
WHERE
     objectCategory='person' AND objectClass='user' msExchHideFromAddressLists<>TRUE AND mail='*'
ORDER BY cn
0
 
thefumblerAuthor Commented:
jhenry, your solution to #2 works great.  

I don't quite understand #1 though - can you elaborate?  Do you mean that I must also use the criteria in the field list of any LDAP query?
0
 
ihenryCommented:
Some typos in my previous post, sorry for the confusion. What I meant with the unsupported attribute is that, your search might be returning some objects that do not support msExchHideFromAddressLists attribute. For example, group object as it is spesified in the search criteria. I think msExchHideFromAddressLists attribute isn't supported by object class other than person, user or contact. I could be wrong, though.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now