Solved

How do i write an LDAP query to list groups in an OU

Posted on 2008-06-19
5
1,942 Views
Last Modified: 2012-05-05
I'm Trying to write an LDAP query in AD users and computers to return a list of groups in an OU.

I have
(objectCategory=group)(OU=WKS,OU=Bacup,OU=Pennine,OU=BBGE,DC=engineering,DC=bb,dc=wan)

But this returns an error

"The query filter "(&(objectCategory=group)(OU=WKS,OU=Bacup,OU=Pennine,OU=BBGE,DC=engineering,DC=bb,dc=wan))" is not a valid query string

Any help would be appreciated

Thanks
0
Comment
Question by:Darren_Clifford
  • 2
  • 2
5 Comments
 
LVL 26

Expert Comment

by:farhankazi
ID: 21821053
1. Right click the Saved Queries folder and select New, Query.
2. Enter an appropriate Name and Description.
3. Make sure the query root is set to the domain level you want the query to pertain to.
   - In this case browse to WKS -> Bacup -> Pennine -> BBGE
4. Select the Include subcontainers check box if you want the query to search all subcontainers.
5. Click Define Query.
6. In the Find dialog box, click the Find drop-down arrow and select Custom Search.
7. On the Advanced tab, enter your LDAP query string into the Enter LDAP query box.
   - In this case (objectcategory=group)(samaccountname=*)
8. Click OK twice.

Hope this helps!
Farhan

0
 

Author Comment

by:Darren_Clifford
ID: 21821168
That works , however I want to include the OU string in the query to get to the exact ou. How can i do this?

0
 
LVL 26

Expert Comment

by:farhankazi
ID: 21821396
I don't think it is possible (at least not in my knowledge).
Will it be ok if you query from command line?
Like:

DSQuery * "OU=WKS,OU=Bacup,OU=Pennine,OU=BBGE,DC=engineering,DC=bb,dc=wan" -Filter "(&(objectClass=group))" -Limit 0
 

OR
 

DSQuery * "OU=WKS,OU=Bacup,OU=Pennine,OU=BBGE,DC=engineering,DC=bb,dc=wan" -Filter "(&(objectClass=group))" -Attr Name -Limit 0

Open in new window

0
 

Author Comment

by:Darren_Clifford
ID: 21821436
What this is for is a third part application that needs to query AD . The application queries using LDAP. Hence I wanted to test the LDAP query in windows first
0
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 500 total points
ID: 21822207
The OU doesn't belong in the query string. It is the -base- for the query.  What you are effectively saying is:

Search beginning at -base X- (the OU) for stuff that meets the criteria of -query string Y- (objectclass=blah, or whatever).

If you really, really, for whatever reason, insist on using the query string to do this, you'll have to do something like "(&(objectclass=group)(dn=*ou=blah,dc=blah,dc=blah"))". However, I strongly (and I mean S. T. R. O. N. G. L. Y.) advise against that, as it creates a medial search query which is dreadfully inefficient at scale.
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
server DNS address could not be found 22 124
Error login w2012 domain 6 60
ADFS Redirection 4 31
How to apply the PAC URL and PAC file to a Windows 7 PC 2 22
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now