Solved

Help with LDAP query

Posted on 2011-02-21
8
264 Views
Last Modified: 2012-05-11
Hi

I am running Windows 2008 DC's. I have an application running on a seperate Windows 2003 server and I want the app to perform an LDAP call. Within the app, the only fields I have to input are:

Query Root:
Query:

The DC I want to use is dc31.domain.com. It is located in Domain\domain controllers OU.

I want the query to run at the root of my domain so it captures all users and objects. I know what the query should be, but what should the query root be so that I can also have the DC listed in there?

Secondly, if I wanted the query to only search within an OU named Marketing that was located in Domain\UK\Marketing, how would the Query root look?


0
Comment
Question by:tomd1976
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 8

Expert Comment

by:Toxacon
ID: 34946754
Try Query Root

LDAP://dc31.domain.com

Open in new window


And for Query

(objectClass=*)

Open in new window

0
 

Author Comment

by:tomd1976
ID: 34946783
Hi

Regarding Query Root, that just specifies the DC's doesn't it? It doesn't actually tell the app where to search?

And what if I wanted to change where the app searches, as per question #2?
0
 
LVL 8

Expert Comment

by:Toxacon
ID: 34946875
It greatly depends on the software if it adds the mandatory LDAP:// prefix...

LDAP://dc31.domain.com/ou=Marketing,ou=UK,dc=domain,dc=com

Open in new window

0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 8

Expert Comment

by:Toxacon
ID: 34946890
Oh, I reread your comment... If you specify server name, you bind to that specific server and not to defaultNamingContext (serverless binding).
0
 

Author Comment

by:tomd1976
ID: 34946929
Hi

Ok, so I don't need to specify the actual location of the DC in the LDAP string, it's just:

LDAP://<dc>/<location where I want to run the query>

Am I correct?

And how do you mean defaultnamingcontext? Are you saying there's a way to run the query without specifying a DC (better for us in case DC goes offline)
0
 
LVL 8

Accepted Solution

by:
Toxacon earned 500 total points
ID: 34947110
No, you don't have to specify the server if you make a query from a computer that "knows" where to find the DC for the LDAP path. A domain member is that kind of a computer.

Your defaultNamingContext is

dc=domain,dc=com

Open in new window


You can run an LDAP query without knowing the name of the server:

LDAP://ou=Marketing,ou=UK,dc=domain,dc=com

Open in new window


with the example above you can bind to Marketing OU without a need to specify a server.
0
 

Author Comment

by:tomd1976
ID: 34947126
So for Query Root, we can just run:

LDAP://ou=Marketing,ou=UK,dc=domain,dc=com

It will automatically find the closest DC? Or will just find any DC?
0
 
LVL 8

Expert Comment

by:Toxacon
ID: 34947235
It will propably choose the server that authenticated you but basically, it's able to choose any server, while it prefers servers on the same AD Site.
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question