I'm trying to create an LDAP Label that will find any computer in the specified Active Directory security group. When doing the test, it works perfectly but when the LDAP label is enabled, it appears to add all computers when they sync.

Search Base DN: DC=company,DC=com

Search Filter: (&(name=KBOX_COMPUTER_NAME)(memberOf=CN=Sandbox - Managed Install,OU=Sandbox Security Groups,OU=Sandbox,DC=company,DC=com))


At the moment there are two computers in the Sandbox - Managed Install security group and when using an * for testing, it returns only the two computers in the group. However every computer in the inventory is added to the ldap label when they sync with the Kbox.

Can anyone explain where I'm going wrong?

Answer Summary:
0 Comments   [ + ] Show Comments


Please log in to comment



What server version are you on?

Answered 09/09/2013 by: AbhayR
Fourth Degree Black Belt

  • try changing name=KBOX_COMPUTER_NAME to cn=KBOX_COMPUTER_NAME but your filter looks right.

    when testing though I wouldn't use * , use the actually name of the machine and then a machine not in the group.
  • Thanks for the replies.

    I'm not sure what I was doing wrong initially but as soon as I posted this message, I tested it once again and it worked fine.
Please log in to comment
Answer this question or Comment on this question for clarity