?
Solved

LDAP search query to show group and members

Posted on 2015-01-23
4
Medium Priority
?
961 Views
Last Modified: 2015-01-23
hi all

im trying to figure out a LDAP search query that will show me the group name and the members inside.
sounds fairly simple but i cant get my head around the syntax and filters..

i have the following code that finds the group name.. and this one works.

(&(objectCategory=group)(cn=SEC_Laserforms))

Open in new window


ive tried the following various queries... but with no luck, they are obviously incorrect...

Filter: (&(memberof=cn=SEC_Laserforms,dc=domain,dc=co,dc=uk))
base dn: cn=SEC_Laserforms,dc=domain,dc=co,dc=uk))
attributes: ['member']


(&(objectCategory=group)(cn=SEC_Laserforms)(objectClass=user)(sAMAccountName=*))

Open in new window


im not really sure how to put the query together so it shows me group name and the members inside that group..

is this even possible?


thanks!
0
Comment
Question by:mishcondereya
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 3

Accepted Solution

by:
Waddah Dahah earned 2000 total points
ID: 40566206
Hi

memberOf (in AD) is stored as a list of distinguishedNames. Your filter needs to be something like:

(&
    (objectCategory=user)
    (memberOf=cn=MyCustomGroup,ou=ouOfGroup,dc=subdomain,dc=domain,dc=com)
)

Open in new window


If you don't yet have the distinguished name, you can search for it with:

(&(objectCategory=group)(cn=myCustomGroup))

Open in new window


and return the attribute distinguishedName. Case may matter.
0
 

Author Comment

by:mishcondereya
ID: 40566453
perfect!

thanks for your help, i got it working using the distinguished name... now it does what i want

(&(objectCategory=user)(memberOf=CN=SEC_Laserforms,OU=Security Groups,OU=_AD Management,OU=TEST_R1,DC=domain,DC=co,DC=uk))

Open in new window

0
 

Author Closing Comment

by:mishcondereya
ID: 40566494
perfect advice

thanks
0
 
LVL 3

Expert Comment

by:Waddah Dahah
ID: 40567028
Glad that i help :-)
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question