ldap search filter for two groups
i have two groups in AD that i need to create a search filter for.
i know how to create a search filter for one group, but not two in the same filter.
this is the search filter for group eng2:
(&(objectclass=group)(memb
i need to search for groups eng2 AND chem1
how do i search for both in the same search filter?
i've already read over this article: http://msdn.microsoft.com/en-us/library/aa746475(v=vs.85).aspx
thanks!
i know how to create a search filter for one group, but not two in the same filter.
this is the search filter for group eng2:
(&(objectclass=group)(memb
i need to search for groups eng2 AND chem1
how do i search for both in the same search filter?
i've already read over this article: http://msdn.microsoft.com/en-us/library/aa746475(v=vs.85).aspx
thanks!
You just add the other group to your filter so the same thing
(&(objectcategory=group)(m
I did something similar here http://adisfun.blogspot.com/2009/06/find-users-who-are-not-in-specific.html
In my case I was looking for not a member of multiple groups hence the exclamation point for not !
Thanks
Mike
(&(objectcategory=group)(m
I did something similar here http://adisfun.blogspot.com/2009/06/find-users-who-are-not-in-specific.html
In my case I was looking for not a member of multiple groups hence the exclamation point for not !
Thanks
Mike
ASKER
still having problems with this.
the following works fine:
(&(objectclass=user)(membe
this does not work:
(&(objectclass=user)(membe
also tried this:
(&(objectclass=user)(membe
any ideas? i know i'm close!
the following works fine:
(&(objectclass=user)(membe
this does not work:
(&(objectclass=user)(membe
also tried this:
(&(objectclass=user)(membe
any ideas? i know i'm close!
are you trying to find a user that is a member of both groups?
ASKER
users contained within both
(&(objectcategory=person)(
Thanks
Mike
Thanks
Mike
ASKER
still no dice
let's try again.....
i have two groups containing users. these groups are eng2 and chem1.
when i try the suggested queries above, no results are returned BUT when i try to query only one or the other group, users ARE returned. for example, each of the following queries return users:
(&(objectclass=user)(membe
(&(objectclass=user)(membe
i need to combine these two queries. hopefully that makes sense. thanks again for everyone's help!
let's try again.....
i have two groups containing users. these groups are eng2 and chem1.
when i try the suggested queries above, no results are returned BUT when i try to query only one or the other group, users ARE returned. for example, each of the following queries return users:
(&(objectclass=user)(membe
(&(objectclass=user)(membe
i need to combine these two queries. hopefully that makes sense. thanks again for everyone's help!
I'm not sure why it is not working. So I created two groups eng1 and chem1 look at my query/screenshots
Thanks
Mike
mutiplegroups1.png
mutiplegroups2.png
Thanks
Mike
mutiplegroups1.png
mutiplegroups2.png
ASKER
man your screenshots look legit....
what if you made a separate test account for each group
run the query, will it return BOTH test accounts?
what if you made a separate test account for each group
run the query, will it return BOTH test accounts?
no, it will only list the user that is in both groups, so I just created two new uers put one in chem1 put one in eng1
...so test users is only returned...see screen shots
Thanks
Mike
chem1.png
eng1.png
groupspart2a.png
...so test users is only returned...see screen shots
Thanks
Mike
chem1.png
eng1.png
groupspart2a.png
ASKER
but i want to return test2 and test3 users
i don't want to return the common user - maybe that's where my explanation went wrong? is what i'm asking possible?
i don't want to return the common user - maybe that's where my explanation went wrong? is what i'm asking possible?
test2 and test2 are not in both groups, do you want users that are in either group
ASKER
i want the query to return all users found in either group
so if there are 10 users in chem1 and 10 users in eng1 > all unique users btw, then 20 users will be returned with the query.
so if there are 10 users in chem1 and 10 users in eng1 > all unique users btw, then 20 users will be returned with the query.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
great, i will give this a shot while on-site tomorrow!!!! thanks for your help, you've been awesome!
one last question, is objectcategory=person necessary? i've always stuck to objectclass=user, never had to include objectcategory in my syntax.
one last question, is objectcategory=person necessary? i've always stuck to objectclass=user, never had to include objectcategory in my syntax.
No problem, glad to help out
objectclass=user will also return computers (just search for objectclass=user yourself). Great overview here http://www.activedir.org/Articles/tabid/54/articleType/ArticleView/articleId/28/Default.aspx
I'm going to steal...and steal from someone that I consider the "Michael Jordan/Lebron James of the AD World" (especially outside of Microsoft).
Joe Richards http://www.joeware.net/index2.htm
Yes this is not for your exact situation I went over that but this is still a great learning opportunity.
I've saved this comment for years and refer to it often:
*****from Joe**********
Second, __in general__ when you are going after users you actually want to change (objectCategory=user) to (objectCategory=person)(ob
The user class is not an objectcategory, it is only an objectclass. When you specify (objectCategory=user) the system looks up the defaultObjectCategory of user and finds person. So (objectCategory=user) becomes (objectCategory=person) which means depending on the rest of the query it will be looking at all user and contact objects. If you have no contact objects, this works itself out, however if you have lots of contacts, you will feel the pinch in perf as the query looks over objects it doesn't need to.
*************
Thanks
Mike
objectclass=user will also return computers (just search for objectclass=user yourself). Great overview here http://www.activedir.org/Articles/tabid/54/articleType/ArticleView/articleId/28/Default.aspx
I'm going to steal...and steal from someone that I consider the "Michael Jordan/Lebron James of the AD World" (especially outside of Microsoft).
Joe Richards http://www.joeware.net/index2.htm
Yes this is not for your exact situation I went over that but this is still a great learning opportunity.
I've saved this comment for years and refer to it often:
*****from Joe**********
Second, __in general__ when you are going after users you actually want to change (objectCategory=user) to (objectCategory=person)(ob
The user class is not an objectcategory, it is only an objectclass. When you specify (objectCategory=user) the system looks up the defaultObjectCategory of user and finds person. So (objectCategory=user) becomes (objectCategory=person) which means depending on the rest of the query it will be looking at all user and contact objects. If you have no contact objects, this works itself out, however if you have lots of contacts, you will feel the pinch in perf as the query looks over objects it doesn't need to.
*************
Thanks
Mike
Follow up, Joe also had a great blog entry
http://blog.joeware.net/2007/03/24/831/
...and I was the first comment over four years ago :)
Thanks
Mike
http://blog.joeware.net/2007/03/24/831/
...and I was the first comment over four years ago :)
Thanks
Mike
ASKER
thanks!
(&(objectclass=group)(memb