I am trying to create LDAP labels based on AD OU groups.  I have the following AD structure that is structured the same for 6 locations:

Base DN--

    --Office1 (OU)

        --Servers (OU)

        --Workstations (OU)

When trying to create a search filter that selects the correct devices for the label, I am getting all devices in the domain or none.  I have read just about every article I can find on the topic, but I am still missing something somewhere.  Please help me understand the LDAP query feature and the LDAP Browser.

Here is what I am testing on:

Base DN:  DC=domain,DC=com

Advanced search and results: 

  • (&(objectClass=computer)) - I get a list of all computers on the domain as expected
  • (&(name=KBOX_COMPUTER_NAME)(objectClass=computer)) - I get "No matching Entries" but that is expected, if I use actual device name it matches on the one device, so I know the query is working

However, I need to query the specific OUs

  • (&(objectClass=computer)(memberOf=OU=Servers,OU=Office1,DC=domain,DC=com)) - any time I try to include the "memberof" criteria I get "No matching Entries"
  • (&(objectClass=computer)(memberOf=DC=domain,DC=com)) - I still get "No matching Entries" even without the OUs listed

I am fairly certain that I understand that I will need the "(name=KBOX_COMPUTER_NAME)" in the final query to make the LDAP label work correctly, but I would like to be able to test that I am selecting the correct computers in an OU.  How can I do this?

Thank you...

Answer Summary:
0 Comments   [ - ] Hide Comments


Please log in to comment

Answer Chosen by the Author


My AD is structured in a similar manner so I found it easier to just change the Base to the OU I'm searching in. 

ex: Base DN: ou=workstation,ou=office1,dc=your,dc=domain,dc=com.

Here are some other articles:

Hope this helps!
Answered 06/03/2016 by: getElementById
Third Degree Blue Belt

Please log in to comment
Answer this question or Comment on this question for clarity