[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 527
  • Last Modified:

Troubleshooting LDAP query tool

Hi All,

My domain is emea.kam.com, within the kam.com forest. We have another domain name us.kam.com

There is a universal security group that a department wants to get membership for repeatedly. One of their vendors has provided them with a tool to do this.

Unfortunately, the tool doesn't pull all the members from us.kam.com out for some reason.

The search root is: dc=kam, dc=com
LDAP server: ukgc1
Port: 3268

If I use the same settings on the another LDAP query tool (the brilliant Quest Powershell tool) then it works fine, so it's defo a problem with the original tool (Tool1).

One thing I notice on Tool1 is that I can view the search query 'area'...i.e. if I enter a DC, it bring ups up the DC graphically and it's OU's (as you see in ADUC)....however, the Naming Context is dc=emea., dc=kam, dc=com even though I am selecting the search root at the forest root. Is this to be expected?

Also, there is a drop down menu by the DC icon, and I can see, cn=configuration and cn=schema.

Should I be expecting to see cn=domain as well?

Just trying to figure out where the problem with Tool1 is!

Thanks for any help in advance!
  • 2
1 Solution
Chris DentPowerShell DeveloperCommented:

> Should I be expecting to see cn=domain as well?

Nope :)

It does sound like it's incorrectly setting the search base. Do you have any DCs in a root domain (kam.com) you can select?

kam_ukAuthor Commented:
Thanks...will try this out.

Out of interest, why would we not be able to see cn=domain, but be able to see cn=schema and cn=configuration?
Chris DentPowerShell DeveloperCommented:

Because CN=domain doesn't exist whereas the other two do :)

The "domain" part of the directory resides under DC=kam,DC=com and so on for each domain.

Configuration and Schema are separate trees, and although they are named as subordinate to the root domain partition they're not.


Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now