Solved

Querying Active Direct using T-SQL

Posted on 2014-01-14
4
417 Views
Last Modified: 2014-01-15
I'm querying active directory using the syntax below.  The query returns no rows even though distinguishedName contains the characters "XYZ".  I'm attempting to do a "Like" comparison.  Records are returned when I use this "where" clause: Where sn = ''*lber*''
Select * 
From OpenQuery(ADSI,'Select distinguishedName
	, title
	, displayName
	, sAMAccountName
	, mail
	, mobile
	, department
	, manager
	, adspath
From  ''LDAP://DC=mydomain,DC=COM''
Where distinguishedName = ''*XYZ*''')

Open in new window

0
Comment
Question by:waverazor
  • 3
4 Comments
 
LVL 59

Expert Comment

by:Kevin Cross
ID: 39779327
Hi.  The issue is it likely is not going down the subtree.  In other words, is the object you are searching on directly in the LDAP path you have in the FROM?  If not, you will need to tell it to search child containers.  I post an example shortly.

EDIT: hmm, it is not the subtree issue.  It is doing that properly.  I search on sAMAccountName and works fine.  I know I have used distinguishedName before, so testing before posting again.
0
 
LVL 59

Assisted Solution

by:Kevin Cross
Kevin Cross earned 400 total points
ID: 39779408
I do not recall having any issues with distinguishedName, but it appears it is not allowing wildcard searches just on that field.  If I type in the full distinguishedName, it finds the object just fine.

A workaround is to bring back everything (you can limit by object type or something else), then filter on the SQL side.

For example:
Select * 
From OpenQuery(ADSI,'Select distinguishedName
	, title
	, displayName
	, sAMAccountName
	, mail
	, mobile
	, department
	, manager
	, adspath
From  ''LDAP://DC=mydomain,DC=COM''
Where objectCategory = ''Person'' And objectClass = ''user''
')
Where distinguishedName Like '%XYZ%'
;

Open in new window

0
 

Author Comment

by:waverazor
ID: 39780434
I have a 1,000 row limit on queries.  Will the OpenQuery stop at the 1,000 row limit before before the second "where" clause filters?
0
 
LVL 59

Accepted Solution

by:
Kevin Cross earned 400 total points
ID: 39782364
Most likely.  Therefore, another workaround is to use sAMAccountName, or other field, to get the match you need.  For example, if XYZ is the CN, the wildcard filter works on sAMAccountName.  I tried LDAP syntax, and wildcard search still did not work on distinguishedName.  Therefore, it appears it is specific to that column because it contains a path as adspath also fails.  There possibly is something on the LDAP settings that can help, but it has been too long.

You can click Request Attention and see if the Moderators can attract more Experts, especially in the Active Directory/LDAP topic areas, to see if they can offer more assistance.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This videos aims to give the viewer a basic demonstration of how a user can query current session information by using the SYS_CONTEXT function
Via a live example, show how to backup a database, simulate a failure backup the tail of the database transaction log and perform the restore.

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question