Solved

How do i write an LDAP query to list groups in an OU

Posted on 2008-06-19
5
1,944 Views
Last Modified: 2012-05-05
I'm Trying to write an LDAP query in AD users and computers to return a list of groups in an OU.

I have
(objectCategory=group)(OU=WKS,OU=Bacup,OU=Pennine,OU=BBGE,DC=engineering,DC=bb,dc=wan)

But this returns an error

"The query filter "(&(objectCategory=group)(OU=WKS,OU=Bacup,OU=Pennine,OU=BBGE,DC=engineering,DC=bb,dc=wan))" is not a valid query string

Any help would be appreciated

Thanks
0
Comment
Question by:Darren_Clifford
  • 2
  • 2
5 Comments
 
LVL 26

Expert Comment

by:farhankazi
ID: 21821053
1. Right click the Saved Queries folder and select New, Query.
2. Enter an appropriate Name and Description.
3. Make sure the query root is set to the domain level you want the query to pertain to.
   - In this case browse to WKS -> Bacup -> Pennine -> BBGE
4. Select the Include subcontainers check box if you want the query to search all subcontainers.
5. Click Define Query.
6. In the Find dialog box, click the Find drop-down arrow and select Custom Search.
7. On the Advanced tab, enter your LDAP query string into the Enter LDAP query box.
   - In this case (objectcategory=group)(samaccountname=*)
8. Click OK twice.

Hope this helps!
Farhan

0
 

Author Comment

by:Darren_Clifford
ID: 21821168
That works , however I want to include the OU string in the query to get to the exact ou. How can i do this?

0
 
LVL 26

Expert Comment

by:farhankazi
ID: 21821396
I don't think it is possible (at least not in my knowledge).
Will it be ok if you query from command line?
Like:

DSQuery * "OU=WKS,OU=Bacup,OU=Pennine,OU=BBGE,DC=engineering,DC=bb,dc=wan" -Filter "(&(objectClass=group))" -Limit 0
 
OR
 
DSQuery * "OU=WKS,OU=Bacup,OU=Pennine,OU=BBGE,DC=engineering,DC=bb,dc=wan" -Filter "(&(objectClass=group))" -Attr Name -Limit 0

Open in new window

0
 

Author Comment

by:Darren_Clifford
ID: 21821436
What this is for is a third part application that needs to query AD . The application queries using LDAP. Hence I wanted to test the LDAP query in windows first
0
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 500 total points
ID: 21822207
The OU doesn't belong in the query string. It is the -base- for the query.  What you are effectively saying is:

Search beginning at -base X- (the OU) for stuff that meets the criteria of -query string Y- (objectclass=blah, or whatever).

If you really, really, for whatever reason, insist on using the query string to do this, you'll have to do something like "(&(objectclass=group)(dn=*ou=blah,dc=blah,dc=blah"))". However, I strongly (and I mean S. T. R. O. N. G. L. Y.) advise against that, as it creates a medial search query which is dreadfully inefficient at scale.
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This article runs through the process of deploying a single EXE application selectively to a group of user.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question