I am trying to pull in users from AD and am getting stuck on the query syntax

We have an OU called User Accounts that I am using as the search base DN.

Within AD, there are sub OUs including Marketing and MIS such as:

User Accounts
___Marketing
___MIS


I wish to specify the OUs I want users from.

Right now I can run two kinds of queries in KACE:

1) Run a query to find all users in User Accounts with a search filter of:
(sAMAccountName=*)

This finds 1100 users

2) Run a query to find the OUs, but not the individual users with a sub-tree search filter of:
(|(ou=mis)(ou=marketing))

This finds 2 OUs.

I tried the query builder to specify both sAMAccountName and the OUs but it returned zero results. Not sure if this can be done via query builder or if it has to be done by hand.

Thanks in advance.
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Answers

0
Go to step 1 of the ldap browser and click on one of the search bases. Then change the search filter to be
samaccountname=jdoe

Make sure that jdoe is a member of the group you're interested in. e.g. marketing

If you click on jdoe now, on the right hand side of the ldap browser now does it show a memberOf as one of the attributes? Look for the one relevant to marketing and copy the value E.g. memberOf=CN=Marketing,OU=MyGroups,DC=Corp,DC=Company,DC=com
If so then you can use an import filter (or LDAP Browser test) like:

Search Base DN: OU=Users,CN=Company,CN=com
Search Filter: (&(memberOf=CN=Marketing,OU=MyGroups,DC=Corp,DC=Company,DC=com)(samaccountname=*))


or for an auth filter:

Search Base DN: OU=Users,CN=Company,CN=com
Search Filter: (&(memberOf=CN=Marketing,OU=MyGroups,DC=Corp,DC=Company,DC=com)(samaccountname=KBOX_USER))
Answered 01/11/2011 by: GillySpy
Seventh Degree Black Belt

Please log in to comment
0
Thanks! I ended up working in both a base OU and a security group and are nearly getting the desired results. I think we need to clean up the security group we're working with and we'll be set.
Answered 01/11/2011 by: bostonbound
Purple Belt

Please log in to comment
Answer this question or Comment on this question for clarity