RE: [ActiveDir] LDAP query on ObjectSID attribute

Tue, 26 Aug 2003 13:44:59 +0000 

Cool, haven't tried the earlier version for this task.

Thanks Tony!

BTW - hope you're doing well!

Regards,
/Jimmy

-------------------------------------
    Jimmy Andersson, Q Advice AB          
      CEO & Principal Advisor      
Microsoft MVP - Active Directory
---------- www.qadvice.com ---------- 


-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray
Sent: Tuesday, August 26, 2003 2:12 PM
To: [EMAIL PROTECTED]

Actually, it looks like the LDP version doesn't matter, both v3.0 and the
earlier one will work.  

The point is that the LDAP connection must be to a Windows Server 2003 DC.
The domain and forest functionality can still be Windows 2000.

Tony
---------- Original Message ----------------------------------
From: "Jimmy Andersson" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date:  Mon, 25 Aug 2003 21:23:23 +0200

I know, and I posted it some time ago but it hasn't showed up on the list
yet... 
I use LDP 3.0 in all my 'Inside AD' classes and it works perfect for all my
students and clients. 

Note-to-self, include the LDP version in the future. :)

Glad you got it working! 

Regards,
/Jimmy
-------------------------------------
    Jimmy Andersson, Q Advice AB          
      CEO & Principal Advisor      
Microsoft MVP - Active Directory
---------- www.qadvice.com ---------- 


-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AD
Sent: Monday, August 25, 2003 8:53 PM
To: [EMAIL PROTECTED]

Rick,
 
You found the solution to my problem. LDP version 3.0 worked flawlessly.
Jimmy's solution will not work with any other.
 
Thanks
 
Yves
 
 

________________________________

From: Rick Kingslan
Sent: Mon 25/08/2003 1:07 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute


Jimmy,

What version of OS and version of LDP are you doing this on?  I can't get it
to work either - and I'm using the Builtin Group SIDS.  I would suspect that
I should get a consistent return on those, but I'm getting a BAD_NAME error.

????

Rick Kingslan  MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
  

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jimmy Andersson
Sent: Monday, August 25, 2003 9:51 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute

I've tried it again and again.... With different SIDs on existing objects,
and it works every time for me.

Regards,
/Jimmy
-------------------------------------
    Jimmy Andersson, Q Advice AB          
      CEO & Principal Advisor      
Microsoft MVP - Active Directory
---------- www.qadvice.com ---------- 

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AD
Sent: Monday, August 25, 2003 4:02 PM
To: [EMAIL PROTECTED]

Can anyone test the following instructions from Jimmy and let me know if it
worked for you? I can't seem to get it to work.
 
I am not searching on a deleted SID. I am searching on an existing sid that
I cut and paste from an existing user.
 
Thanks
 
Y
 
 
________________________________

From: Jimmy Andersson
Sent: Fri 22/08/2003 5:03 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute


Set it like this:

Base DN <SID=S-1-5-21-709049380-3306950797-3746505139>
Filter (&(ObjectCategory=*)(name=*))

Don't forget the '<' and '>' on the SID, you might also need to put in the
'-' symbol within the SID itself.

Also you might need to check in the control 'Return deleted objects' if the
object exist in the Deleted Object container. You'll find the controls in
Search - Options - Controls.
You also might need to 

Regards,
/Jimmy
-------------------------------------
    Jimmy Andersson, Q Advice AB          
      CEO & Principal Advisor      
Microsoft MVP - Active Directory
---------- www.qadvice.com ---------- 


-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AD
Sent: Friday, August 22, 2003 9:58 PM
To: [EMAIL PROTECTED]

Tony,
 
I clicked on Browse and then Search in LDP. The little window comes up. (I
actually used bind first).
 
In the base DN field I typed in "SID=S15A913838F5E5A9AABF22742D54F69"
In the Filter field I type in "(&(ObjectCategory=*))"
My scope is set to Subtree.
I clicked on Run.
 
The ObjectSID was a cut and paste from my attribute.
 
I does not return anything. What am I doing wrong here? I tried SID=,
objectSID=, GUID=,objectGIUD=.
 
Any help would be appreciated.
 
Thanks
 
Y
 
 

________________________________

From: Tony Murray
Sent: Fri 22/08/2003 10:02 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute


It's not really using an attribute as your Base DN.  The starting point for
a search can be SID, GUID or DN.  

It works as Jimmy describes below.

Tony

---------- Original Message ----------------------------------
From: AD <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date:  Fri, 22 Aug 2003 09:26:36 -0400

I never heard of using an attribute as your BaseDN. 

If this worked for you I really would like to know how you did it.

Thanks

Y



From: Jimmy Andersson
Sent: Thu 21/08/2003 7:34 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute


Why not use LDP and set it like this:

Base DN <SID=S-1-5-21-709049380-3306950797-3746505139>
Filter (&(ObjectCategory=*)(name=*))

(I used a SID from my lab domain)

You might need to load the control for deleted objects, if it's deleted.

Regards,
/Jimmy
-------------------------------------
    Jimmy Andersson, Q Advice AB          
      CEO & Principal Advisor      
Microsoft MVP - Active Directory
---------- www.qadvice.com ---------- 


-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AD
Sent: Friday, August 22, 2003 12:35 AM
To: [EMAIL PROTECTED]

Anyone know how to query AD on the ObjectSID?

 

My query looks like this:

 

(&(ObjectCategory=user)(SamAccountName=*)(ObjectSID=S15-2-4-3412341341234124
32412344))

 

Doesn't return anything. I know the sid must converted but I am not sure
what format it should be in.

 

Thanks

 

Y


List info   : http://www.activedir.org/mail_list.htm
List FAQ    : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ    : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ    : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ    : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ    : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ    : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ    : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ    : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Reply via email to