Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1956
  • Last Modified:

How do i write an LDAP query to list groups in an OU

I'm Trying to write an LDAP query in AD users and computers to return a list of groups in an OU.

I have
(objectCategory=group)(OU=WKS,OU=Bacup,OU=Pennine,OU=BBGE,DC=engineering,DC=bb,dc=wan)

But this returns an error

"The query filter "(&(objectCategory=group)(OU=WKS,OU=Bacup,OU=Pennine,OU=BBGE,DC=engineering,DC=bb,dc=wan))" is not a valid query string

Any help would be appreciated

Thanks
0
Darren_Clifford
Asked:
Darren_Clifford
  • 2
  • 2
1 Solution
 
Farhan KaziSystems EngineerCommented:
1. Right click the Saved Queries folder and select New, Query.
2. Enter an appropriate Name and Description.
3. Make sure the query root is set to the domain level you want the query to pertain to.
   - In this case browse to WKS -> Bacup -> Pennine -> BBGE
4. Select the Include subcontainers check box if you want the query to search all subcontainers.
5. Click Define Query.
6. In the Find dialog box, click the Find drop-down arrow and select Custom Search.
7. On the Advanced tab, enter your LDAP query string into the Enter LDAP query box.
   - In this case (objectcategory=group)(samaccountname=*)
8. Click OK twice.

Hope this helps!
Farhan

0
 
Darren_CliffordAuthor Commented:
That works , however I want to include the OU string in the query to get to the exact ou. How can i do this?

0
 
Farhan KaziSystems EngineerCommented:
I don't think it is possible (at least not in my knowledge).
Will it be ok if you query from command line?
Like:

DSQuery * "OU=WKS,OU=Bacup,OU=Pennine,OU=BBGE,DC=engineering,DC=bb,dc=wan" -Filter "(&(objectClass=group))" -Limit 0
 
OR
 
DSQuery * "OU=WKS,OU=Bacup,OU=Pennine,OU=BBGE,DC=engineering,DC=bb,dc=wan" -Filter "(&(objectClass=group))" -Attr Name -Limit 0

Open in new window

0
 
Darren_CliffordAuthor Commented:
What this is for is a third part application that needs to query AD . The application queries using LDAP. Hence I wanted to test the LDAP query in windows first
0
 
LauraEHunterMVPCommented:
The OU doesn't belong in the query string. It is the -base- for the query.  What you are effectively saying is:

Search beginning at -base X- (the OU) for stuff that meets the criteria of -query string Y- (objectclass=blah, or whatever).

If you really, really, for whatever reason, insist on using the query string to do this, you'll have to do something like "(&(objectclass=group)(dn=*ou=blah,dc=blah,dc=blah"))". However, I strongly (and I mean S. T. R. O. N. G. L. Y.) advise against that, as it creates a medial search query which is dreadfully inefficient at scale.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now