?
Solved

PHP: Get all groups from Active Directory

Posted on 2013-06-26
3
Medium Priority
?
360 Views
Last Modified: 2013-07-03
I am trying to just get all the global and local groups from active directory.
I am able to bind to the ldap, but I don't know how to go about getting the groups.
Can someone help?

The following code worked with set variables:

$ldapconn = ldap_connect($ad_host,$ad_port) or die("Could not connect to LDAP server.");	
@ldap_set_option($ldapconn , LDAP_OPT_PROTOCOL_VERSION, 3);
@ldap_set_option($ldapconn , LDAP_OPT_REFERRALS, 0);

// binding to ldap server
$ldapbind = ldap_bind($ldapconn,$userlogin, $password);

Open in new window


This is where I don't know what filter to use to get the group:

if ($ldapbind)
{
  $baseDN = "dc=test,dc=local";
  $strFilter = "(ou=accounts)";
  $strAttributes = array("Group");

  $group_search = ldap_search($ldapconn,$baseDN,$strFilter,$strAttributes);
}

Open in new window

0
Comment
Question by:lgduong
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 58

Expert Comment

by:Julian Hansen
ID: 39280482
Try filter objectcategory=group
0
 

Author Comment

by:lgduong
ID: 39281849
JulianH,

It is not objectcategory=group.  It is objectClass=group.  I was able to parse out the group from this.  As a follow up, do you know how I can get the name or number of users that belong to this group?

Thanks for your assistance.
0
 
LVL 58

Accepted Solution

by:
Julian Hansen earned 1400 total points
ID: 39282162
You have to get all users in the group and then loop through the collection and count them.

Not a PHP example but illustrates the point

http://blogs.technet.com/b/heyscriptingguy/archive/2007/09/19/how-can-i-count-the-number-of-users-in-a-group.aspx
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article discusses how to implement server side field validation and display customized error messages to the client.
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question