I'm trying to avoid creating an bunch of AD group for each of my sites (I would end up creating 35 groups). So I'm trying to write an LDAP label that would check if the computer  is in a specific group as well as in a certain OU. This is what I have:

(&(&(memberOf=CN=**Name of Group**,DC=**Domain**,DC=com)(name=KBOX_COMPUTER_NAME)(objectclass=organizationalunit) (name=OU=**Name of OU**,DC=**Domain Name**,DC=com)))

It works for just the group, but I can't seem to get it to work with both. Is what I'm trying to do even possible?
0 Comments   [ + ] Show Comments


Please log in to comment



The syntax of your LDAP filter may be a bit off. Try something like this:

(&(memberOf=CN=**Name of Group**,DC=**Domain**,DC=com)(name=KBOX_COMPUTER_NAME)(objectclass=organizationalunit)(name=OU=**Name of OU**,DC=**Domain Name**,DC=com))

You should only need one & to "AND" all those statements together.

Answered 09/19/2014 by: BHC-Austin
Fourth Degree Black Belt

  • Thanks for the reply BHC. But sadly, I've tried that already to no avail. I might end up just creating AD groups for each of my sites which I really don't want to do :(
    • This content is currently hidden from public view.
      Reason: Removed by member request
      For more information, visit our FAQ's.
Please log in to comment

Another approach would be to set your Base DN to the OU that you want the label to search in. So in the Base DN field, you would put:

OU=**Name of OU**,DC=**Domain Name**,DC=com

And then in your filter, put just the Group filter as:

(&(memberOf=CN=**Name of Group**,DC=**Domain**,DC=com)(name=KBOX_COMPUTER_NAME))

Of course, each LDAP label would then have a unique Base DN

Answered 09/19/2014 by: BHC-Austin
Fourth Degree Black Belt

  • I tried this and it didn't work.

    I have a feeling since the base DN is the actual OU I want to search I'm not going to be able to check the AD group. But I appreciate the help.
Please log in to comment
Answer this question or Comment on this question for clarity