Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Users in Nested Groups LDAP Query Help

Posted on 2013-01-11
3
Medium Priority
?
1,868 Views
Last Modified: 2013-01-16
My LDAP Query will not run. Its purpose is to enumerate users of groups and users in groups nested below target group.

(&((objectCategory=user)(memberOf:1.2.840.113556.1.4.1941:=CN=xxx,OU=xxx,OU=xx,OU=xx,DC=xxx,DC=xx,DC=xx,DC=xx)))

Can someone tell me why this is not working?

Error: The query filter "(&(&(&((objectCategory=user)(memberOf:1.2.840.113556.1.4.1941:=CN=xxx,OU=xxx,OU=xx,OU=xx,DC=xxx,DC=xx,DC=xx,DC=xx)))))" is not a valid query string.
0
Comment
Question by:elv1s
  • 2
3 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 1500 total points
ID: 38768702
Is this in ADUC, I have some other ways to do it here

http://adisfun.blogspot.com/2009/06/find-group-members.html

also use (objectcategory=person)(objectclass=user)  > for the user portion.

Thanks

Mike
0
 

Author Comment

by:elv1s
ID: 38772012
Yes this is in ADUC. I would like to keep the LDAP filter in ADUC. I am sure this is possible. Help is appreciated.
0
 

Author Comment

by:elv1s
ID: 38772038
fixed with info from mkline71

(&(objectcategory=person)(objectclass=user)(memberOf:1.2.840.113556.1.4.1941:=CN=xxx,OU=xxx,OU=xx,OU=xxx,DC=xxx,DC=xxx,DC=xxx,DC=xxx))
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question