Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

LDAP query to return list of sub-OUs?

Posted on 2009-07-15
6
Medium Priority
?
1,334 Views
Last Modified: 2013-12-24
Is it possible to use an LDAP query to return the list of 2nd level OU's within "Alphabet" below? If so, what would that query look like?

OU=Alphabet
   |- OU=A
         |- OU=Green
   |- OU=B
   |- OU=C
         |- OU=Yellow
   |- OU=D
OU=Numbers
   |- OU=Five

So I would just want a list of A, B, C, D returned by the query. The LDAP source is Active Directory 2003. I'm only after the names of the OU's, not anything inside of or below them.
0
Comment
Question by:jessc7
  • 3
  • 3
6 Comments
 
LVL 71

Accepted Solution

by:
Chris Dent earned 2000 total points
ID: 24863536

Afraid not, you can have a filter return OUs ("(objectClass=organizationalUnit)"), and OUs with specific names ("(&(objectClass=organizationalUnit)(name=A))"), but only second level, or a range of names is a bit beyond Ldap Filters.

It could be scripted pretty easily if you need to.

Chris
0
 
LVL 16

Author Comment

by:jessc7
ID: 24863644
In effect, what would the script do? Would a script see the returned OU's as arrays, and be able to easily determine the '2nd level' OU's that way?
0
 
LVL 71

Assisted Solution

by:Chris Dent
Chris Dent earned 2000 total points
ID: 24863694

That would be a reasonable enough approach.

I like PowerShell, so I'd probably do...

Get-QADObject -LdapFilter "(objectClass=organizationalUnit)" | ?{ $_.DN.Split(",").Count -eq 4 }

Where 4 is made up of 2 elements of OU names, and 2 elements of domain name. It would find:

OU=SecondLevel,OU=FirstLevel,DC=domain,DC=com

But not FirstLevel or ThirdLevel.

Chris
0
Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

 
LVL 16

Author Comment

by:jessc7
ID: 24863934
I'm still new on Powershell. Would your example return only one OU, or would it return all at the second level? So back to my original scenario I would be looking to dynamically return a list of:

OU=A,OU=Alphabet,DC=domain,DC=com
OU=B,OU=Alphabet,DC=domain,DC=com
OU=C,OU=Alphabet,DC=domain,DC=com
OU=D,OU=Alphabet,DC=domain,DC=com

And ultimately I am wanting to get at the values of A, B, C, D.
0
 
LVL 71

Assisted Solution

by:Chris Dent
Chris Dent earned 2000 total points
ID: 24863984
It would return all of those as an array of objects. You might tag Select-Object onto the end like this:

Get-QADObject -LdapFilter "(objectClass=organizationalUnit)" | `
  ?{ $_.DN.Split(",").Count -eq 4 } | `
  Select-Object Name, DN

Which would give you the simple OU name as well as the DN as you have it above.

Get-QADObject is part of Quest's CmdLet set which can be downloaded here:

http://www.quest.com/activeroles-server/arms.aspx

There's more available than shown with the select, if you wanted to see the full list of properties available for each OU you could run:

Get-QADObject -LdapFilter "(objectClass=organizationalUnit)" | `
  ?{ $_.DN.Split(",").Count -eq 4 } | `
  Format-List *

Chris
0
 
LVL 16

Author Closing Comment

by:jessc7
ID: 31603967
Thanks for the feedback, and scripting example for an alternative
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In today's business world, data is more important than ever for informing marketing campaigns. Accessing and using data, however, may not come naturally to some creative marketing professionals. Here are four tips for adapting to wield data for insi…
What we learned in Webroot's webinar on multi-vector protection.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question