LDAP User Query
I am trying to pull in users from AD and am getting stuck on the query syntax
We have an OU called User Accounts that I am using as the search base DN.
Within AD, there are sub OUs including Marketing and MIS such as:
User Accounts
___Marketing
___MIS
I wish to specify the OUs I want users from.
Right now I can run two kinds of queries in KACE:
1) Run a query to find all users in User Accounts with a search filter of:
(sAMAccountName=*)
This finds 1100 users
2) Run a query to find the OUs, but not the individual users with a sub-tree search filter of:
(|(ou=mis)(ou=marketing))
This finds 2 OUs.
I tried the query builder to specify both sAMAccountName and the OUs but it returned zero results. Not sure if this can be done via query builder or if it has to be done by hand.
Thanks in advance.
We have an OU called User Accounts that I am using as the search base DN.
Within AD, there are sub OUs including Marketing and MIS such as:
User Accounts
___Marketing
___MIS
I wish to specify the OUs I want users from.
Right now I can run two kinds of queries in KACE:
1) Run a query to find all users in User Accounts with a search filter of:
(sAMAccountName=*)
This finds 1100 users
2) Run a query to find the OUs, but not the individual users with a sub-tree search filter of:
(|(ou=mis)(ou=marketing))
This finds 2 OUs.
I tried the query builder to specify both sAMAccountName and the OUs but it returned zero results. Not sure if this can be done via query builder or if it has to be done by hand.
Thanks in advance.
0 Comments
[ + ] Show comments
Answers (2)
Please log in to answer
Posted by:
GillySpy
13 years ago
Go to step 1 of the ldap browser and click on one of the search bases. Then change the search filter to be
samaccountname=jdoe
Make sure that jdoe is a member of the group you're interested in. e.g. marketing
If you click on jdoe now, on the right hand side of the ldap browser now does it show a memberOf as one of the attributes? Look for the one relevant to marketing and copy the value E.g. memberOf=CN=Marketing,OU=MyGroups,DC=Corp,DC=Company,DC=com
If so then you can use an import filter (or LDAP Browser test) like:
or for an auth filter:
samaccountname=jdoe
Make sure that jdoe is a member of the group you're interested in. e.g. marketing
If you click on jdoe now, on the right hand side of the ldap browser now does it show a memberOf as one of the attributes? Look for the one relevant to marketing and copy the value E.g. memberOf=CN=Marketing,OU=MyGroups,DC=Corp,DC=Company,DC=com
If so then you can use an import filter (or LDAP Browser test) like:
Search Base DN: OU=Users,CN=Company,CN=com
Search Filter: (&(memberOf=CN=Marketing,OU=MyGroups,DC=Corp,DC=Company,DC=com)(samaccountname=*))or for an auth filter:
Search Base DN: OU=Users,CN=Company,CN=com
Search Filter: (&(memberOf=CN=Marketing,OU=MyGroups,DC=Corp,DC=Company,DC=com)(samaccountname=KBOX_USER))
Posted by:
bostonbound
13 years ago
Thanks! I ended up working in both a base OU and a security group and are nearly getting the desired results. I think we need to clean up the security group we're working with and we'll be set.
Rating comments in this legacy AppDeploy message board thread won't reorder them,so that the conversation will remain readable.