RE: [ActiveDir] LDAP query question
Actually I still haven't read the ADSI section of your book. I opened it, saw the ADSI piece was first, skipped through it and got to the LDAP and started reading. BTW, I should get royalties on that thing. You know how many people I have made go out and buy that book? Must be hundreds at this point. *does Amazon search for 'Gil Kirkpatrick'* Out of print? Boo! Guess I have to go steal Joe's copy or something. *starts the Do a 2nd Edition of the Book fund for Mssr. Kirkpatrick* :-) - Laura List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] LDAP query question
http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItemitem=5164895748category=183 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hunter, Laura E. Sent: Monday, February 21, 2005 9:40 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] LDAP query question Actually I still haven't read the ADSI section of your book. I opened it, saw the ADSI piece was first, skipped through it and got to the LDAP and started reading. BTW, I should get royalties on that thing. You know how many people I have made go out and buy that book? Must be hundreds at this point. *does Amazon search for 'Gil Kirkpatrick'* Out of print? Boo! Guess I have to go steal Joe's copy or something. *starts the Do a 2nd Edition of the Book fund for Mssr. Kirkpatrick* :-) - Laura List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Amazon searches (was RE: [ActiveDir] LDAP query question)
Hi, The readers of this list should probably know the following: The Amazon search feature may give you random results. For example, with the following search strings in the search box on Amazon's main page (http://www.amazon.com) you get the following results: kouti Inside Active Directory, 1st Edition is found sakari kouti Inside Active Directory, 2nd Edition is found If you search for kouti on another Amazon page, such as http://www.amazon.com/exec/obidos/tg/detail/-/0672315874/ , you get the 2nd Edition of Inside Active Directory. Yours, Sakari -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hunter, Laura E. Sent: Monday, February 21, 2005 4:40 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] LDAP query question Actually I still haven't read the ADSI section of your book. I opened it, saw the ADSI piece was first, skipped through it and got to the LDAP and started reading. BTW, I should get royalties on that thing. You know how many people I have made go out and buy that book? Must be hundreds at this point. *does Amazon search for 'Gil Kirkpatrick'* Out of print? Boo! Guess I have to go steal Joe's copy or something. *starts the Do a 2nd Edition of the Book fund for Mssr. Kirkpatrick* :-) - Laura List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: Amazon searches (was RE: [ActiveDir] LDAP query question)
That's another book I should get royalties for. :o) joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sakari Kouti Sent: Monday, February 21, 2005 3:29 PM To: ActiveDir@mail.activedir.org Subject: Amazon searches (was RE: [ActiveDir] LDAP query question) Hi, The readers of this list should probably know the following: The Amazon search feature may give you random results. For example, with the following search strings in the search box on Amazon's main page (http://www.amazon.com) you get the following results: kouti Inside Active Directory, 1st Edition is found sakari kouti Inside Active Directory, 2nd Edition is found If you search for kouti on another Amazon page, such as http://www.amazon.com/exec/obidos/tg/detail/-/0672315874/ , you get the 2nd Edition of Inside Active Directory. Yours, Sakari -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hunter, Laura E. Sent: Monday, February 21, 2005 4:40 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] LDAP query question Actually I still haven't read the ADSI section of your book. I opened it, saw the ADSI piece was first, skipped through it and got to the LDAP and started reading. BTW, I should get royalties on that thing. You know how many people I have made go out and buy that book? Must be hundreds at this point. *does Amazon search for 'Gil Kirkpatrick'* Out of print? Boo! Guess I have to go steal Joe's copy or something. *starts the Do a 2nd Edition of the Book fund for Mssr. Kirkpatrick* :-) - Laura List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: Amazon searches (was RE: [ActiveDir] LDAP query question)
groan -rtk -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir- [EMAIL PROTECTED] On Behalf Of joe Sent: Monday, February 21, 2005 3:00 PM To: ActiveDir@mail.activedir.org Subject: RE: Amazon searches (was RE: [ActiveDir] LDAP query question) That's another book I should get royalties for. :o) joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sakari Kouti Sent: Monday, February 21, 2005 3:29 PM To: ActiveDir@mail.activedir.org Subject: Amazon searches (was RE: [ActiveDir] LDAP query question) Hi, The readers of this list should probably know the following: The Amazon search feature may give you random results. For example, with the following search strings in the search box on Amazon's main page (http://www.amazon.com) you get the following results: kouti Inside Active Directory, 1st Edition is found sakari kouti Inside Active Directory, 2nd Edition is found If you search for kouti on another Amazon page, such as http://www.amazon.com/exec/obidos/tg/detail/-/0672315874/ , you get the 2nd Edition of Inside Active Directory. Yours, Sakari -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hunter, Laura E. Sent: Monday, February 21, 2005 4:40 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] LDAP query question Actually I still haven't read the ADSI section of your book. I opened it, saw the ADSI piece was first, skipped through it and got to the LDAP and started reading. BTW, I should get royalties on that thing. You know how many people I have made go out and buy that book? Must be hundreds at this point. *does Amazon search for 'Gil Kirkpatrick'* Out of print? Boo! Guess I have to go steal Joe's copy or something. *starts the Do a 2nd Edition of the Book fund for Mssr. Kirkpatrick* :-) - Laura List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [OT] Amazon searches (was RE: [ActiveDir] LDAP query question)
Don't make me smack you Rick. ;o) I work in large environments and when I say people should buy a certain book, quite a few do. I was telling people to buy Sakari's first book before I even made it through the fourth chapter. Next thing I knew people were asking me, hey did you check out chapter X? And I would be like crap no, haven't got past Chapter 4 yet because it is so good. Same thing happened on the schema chapter once I finally hit that as well. All this to say that Sakari and Mika's book is quite good as well. Geared towards admins versus the programmers that Gil's book is geared towards. Robbie has one or two good books as well. :o) Speaking of which I have to get back to reviewing... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kingslan, Rick T. Sent: Monday, February 21, 2005 4:21 PM To: ActiveDir@mail.activedir.org Subject: RE: Amazon searches (was RE: [ActiveDir] LDAP query question) groan -rtk -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir- [EMAIL PROTECTED] On Behalf Of joe Sent: Monday, February 21, 2005 3:00 PM To: ActiveDir@mail.activedir.org Subject: RE: Amazon searches (was RE: [ActiveDir] LDAP query question) That's another book I should get royalties for. :o) joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sakari Kouti Sent: Monday, February 21, 2005 3:29 PM To: ActiveDir@mail.activedir.org Subject: Amazon searches (was RE: [ActiveDir] LDAP query question) Hi, The readers of this list should probably know the following: The Amazon search feature may give you random results. For example, with the following search strings in the search box on Amazon's main page (http://www.amazon.com) you get the following results: kouti Inside Active Directory, 1st Edition is found sakari kouti Inside Active Directory, 2nd Edition is found If you search for kouti on another Amazon page, such as http://www.amazon.com/exec/obidos/tg/detail/-/0672315874/ , you get the 2nd Edition of Inside Active Directory. Yours, Sakari -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hunter, Laura E. Sent: Monday, February 21, 2005 4:40 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] LDAP query question Actually I still haven't read the ADSI section of your book. I opened it, saw the ADSI piece was first, skipped through it and got to the LDAP and started reading. BTW, I should get royalties on that thing. You know how many people I have made go out and buy that book? Must be hundreds at this point. *does Amazon search for 'Gil Kirkpatrick'* Out of print? Boo! Guess I have to go steal Joe's copy or something. *starts the Do a 2nd Edition of the Book fund for Mssr. Kirkpatrick* :-) - Laura List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] LDAP query question
Or you could use (just saw this link on another thread Im on) http://msdn.microsoft.com/library/default.asp?url=""> Im not much of an ADSI guy, just passing it along From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick Sent: Wednesday, February 16, 2005 2:50 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] LDAP query question Replace the forward slash with \2f -gil From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells Sent: Wednesday, February 16, 2005 1:03 PM To: Send - AD mailing list Subject: RE: [ActiveDir] LDAP query question Initial thought - string substitution, escape it with (ironically) a backslash \ ?? -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Passo, Larry Sent: Wednesday, February 16, 2005 2:05 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] LDAP query question I have developed a number of applications that do various queries on AD. However, I have run into a problem with doing an LDAP query in groups that have been named with the / character in their name. Since the group was named with a /, the distinguished name for the object also has the / character. When my app tries to connect to the object using the following, an error results: Create Object(LDAP:// distinguishedname) The LDAP query is assuming that Im trying to do a query of the form LDAP://server/distinguishedname. The WINNT provider has the same issue. Any suggestions? (Besides renaming the groups?)
RE: [ActiveDir] LDAP query question
Come on tell us what you really think
Gil...
Actually I still haven't read the ADSI section of your
book. I opened it, saw the ADSI piece was first, skipped through it and got to
the LDAP and started reading.
BTW, I should get royalties on that thing. You know how
many people I have made go out and buy that book? Must be hundreds at this
point.
joe
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gil
KirkpatrickSent: Wednesday, February 16, 2005 3:30 PMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] LDAP query
question
ADSI is so lame.
Try escaping the slash in the DN with "\2f", e.g.
"cn=foo\2fbar,cn=user,dc=domain,dc=com". If this is C or some variant, don't
forget to escape the backslash itself.
-gil
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Passo,
LarrySent: Wednesday, February 16, 2005 12:05 PMTo:
ActiveDir@mail.activedir.orgSubject: [ActiveDir] LDAP query
question
I have developed a
number of applications that do various queries on AD. However, I have run into a
problem with doing an LDAP query in groups that have been named with the /
character in their name. Since the group was named with a /, the distinguished
name for the object also has the / character. When my app tries to connect to
the object using the following, an error results:
Create Object("LDAP://"
distinguishedname)
The LDAP query is
assuming that Im trying to do a query of the form
LDAP://server/distinguishedname. The WINNT provider has the same
issue.
Any suggestions?
(Besides renaming the
groups?)
[ActiveDir] LDAP query question
I have developed a number of applications that do various queries on AD. However, I have run into a problem with doing an LDAP query in groups that have been named with the / character in their name. Since the group was named with a /, the distinguished name for the object also has the / character. When my app tries to connect to the object using the following, an error results: Create Object(LDAP:// distinguishedname) The LDAP query is assuming that Im trying to do a query of the form LDAP://server/distinguishedname. The WINNT provider has the same issue. Any suggestions? (Besides renaming the groups?)
RE: [ActiveDir] LDAP query question
Initial thought - string substitution, escape it with (ironically) a
backslash "\" ??
--Dean WellsMSEtechnology* Email: dwells@msetechnology.comhttp://msetechnology.com
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Passo,
LarrySent: Wednesday, February 16, 2005 2:05 PMTo:
ActiveDir@mail.activedir.orgSubject: [ActiveDir] LDAP query
question
I have developed a
number of applications that do various queries on AD. However, I have run into a
problem with doing an LDAP query in groups that have been named with the /
character in their name. Since the group was named with a /, the distinguished
name for the object also has the / character. When my app tries to connect to
the object using the following, an error results:
Create Object("LDAP://"
distinguishedname)
The LDAP query is
assuming that Im trying to do a query of the form
LDAP://server/distinguishedname. The WINNT provider has the same
issue.
Any suggestions?
(Besides renaming the
groups?)
RE: [ActiveDir] LDAP query question
ADSI is so lame.
Try escaping the slash in the DN with "\2f", e.g.
"cn=foo\2fbar,cn=user,dc=domain,dc=com". If this is C or some variant, don't
forget to escape the backslash itself.
-gil
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Passo,
LarrySent: Wednesday, February 16, 2005 12:05 PMTo:
ActiveDir@mail.activedir.orgSubject: [ActiveDir] LDAP query
question
I have developed a
number of applications that do various queries on AD. However, I have run into a
problem with doing an LDAP query in groups that have been named with the /
character in their name. Since the group was named with a /, the distinguished
name for the object also has the / character. When my app tries to connect to
the object using the following, an error results:
Create Object("LDAP://"
distinguishedname)
The LDAP query is
assuming that Im trying to do a query of the form
LDAP://server/distinguishedname. The WINNT provider has the same
issue.
Any suggestions?
(Besides renaming the
groups?)
RE: [ActiveDir] LDAP query question
Yep.
But I would truly recommend renaming the objects. I would
also kill any names with spaces in them and commas in them, those are also a
pain to deal with.
joe
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dean
WellsSent: Wednesday, February 16, 2005 3:03 PMTo: Send -
AD mailing listSubject: RE: [ActiveDir] LDAP query
question
Initial thought - string substitution, escape it with (ironically) a
backslash "\" ??
--Dean WellsMSEtechnology* Email: dwells@msetechnology.comhttp://msetechnology.com
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Passo,
LarrySent: Wednesday, February 16, 2005 2:05 PMTo:
ActiveDir@mail.activedir.orgSubject: [ActiveDir] LDAP query
question
I have developed a
number of applications that do various queries on AD. However, I have run into a
problem with doing an LDAP query in groups that have been named with the /
character in their name. Since the group was named with a /, the distinguished
name for the object also has the / character. When my app tries to connect to
the object using the following, an error results:
Create Object("LDAP://"
distinguishedname)
The LDAP query is
assuming that Im trying to do a query of the form
LDAP://server/distinguishedname. The WINNT provider has the same
issue.
Any suggestions?
(Besides renaming the
groups?)
RE: [ActiveDir] LDAP query question
Replace the forward slash with "\2f"
-gil
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dean
WellsSent: Wednesday, February 16, 2005 1:03 PMTo: Send -
AD mailing listSubject: RE: [ActiveDir] LDAP query
question
Initial thought - string substitution, escape it with (ironically) a
backslash "\" ??
--Dean WellsMSEtechnology* Email: dwells@msetechnology.comhttp://msetechnology.com
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Passo,
LarrySent: Wednesday, February 16, 2005 2:05 PMTo:
ActiveDir@mail.activedir.orgSubject: [ActiveDir] LDAP query
question
I have developed a
number of applications that do various queries on AD. However, I have run into a
problem with doing an LDAP query in groups that have been named with the /
character in their name. Since the group was named with a /, the distinguished
name for the object also has the / character. When my app tries to connect to
the object using the following, an error results:
Create Object("LDAP://"
distinguishedname)
The LDAP query is
assuming that Im trying to do a query of the form
LDAP://server/distinguishedname. The WINNT provider has the same
issue.
Any suggestions?
(Besides renaming the
groups?)
RE: [ActiveDir] LDAP query question
How did you manage to create a group with a / in the samaccountname? When I create a group (in W2K3) in tells me that's an illegal character and it will be replaced with an underscore. Then again, when I think of it the samaccountname does not contain the / character but the CN does. In the latter case apply a \ in front of it. CN=GROUP\/NAME,OU=BLABLA,DC=DOMAIN,DC=LOCAL Try that. When I look at the DN of this object with Ldp I don't see the \ . However when I have a , in the name I see a \ in front of the , (\,) Cheers Jorge -Original Message- From: [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: 2/16/2005 8:05 PM Subject: [ActiveDir] LDAP query question I have developed a number of applications that do various queries on AD. However, I have run into a problem with doing an LDAP query in groups that have been named with the / character in their name. Since the group was named with a /, the distinguished name for the object also has the / character. When my app tries to connect to the object using the following, an error results: Create Object(LDAP://; distinguishedname) The LDAP query is assuming that I'm trying to do a query of the form LDAP://server/distinguishedname. The WINNT provider has the same issue. Any suggestions? (Besides renaming the groups?) This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] LDAP query question
Thanks to all, changing / to \/ in the dn did the trick. Unfortunately, I cant get the groups renamed. Luckily, none of my users have created the groups using commas in their names. We do have numerous groups with embedded spaces and those havent caused any of my apps to fail. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Wednesday, February 16, 2005 12:44 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] LDAP query question Yep. But I would truly recommend renaming the objects. I would also kill any names with spaces in them and commas in them, those are also a pain to deal with. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells Sent: Wednesday, February 16, 2005 3:03 PM To: Send - AD mailing list Subject: RE: [ActiveDir] LDAP query question Initial thought - string substitution, escape it with (ironically) a backslash \ ?? -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Passo, Larry Sent: Wednesday, February 16, 2005 2:05 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] LDAP query question I have developed a number of applications that do various queries on AD. However, I have run into a problem with doing an LDAP query in groups that have been named with the / character in their name. Since the group was named with a /, the distinguished name for the object also has the / character. When my app tries to connect to the object using the following, an error results: Create Object(LDAP:// distinguishedname) The LDAP query is assuming that Im trying to do a query of the form LDAP://server/distinguishedname. The WINNT provider has the same issue. Any suggestions? (Besides renaming the groups?)
RE: [ActiveDir] LDAP query question
Hi Larry,
That escape trick is probably enough for you (using perhaps
the VBS Replace function, if your DNs are in variables), but depending on what
you are doing, you have also other options to get access to the objects with
slash characters in the RDN:
- Use ADO over ADSI (of course, this is read
only)
- First bind to the parent container and then enumerate
with For Each objChild...
- First bind to the parent container and then bind to the
child with an RDN instead of a DN, that is "Set objChild =
objContainer.GetObject("group", "CN=some/group")
Yours, Sakari
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Passo,
LarrySent: Thursday, February 17, 2005 12:08 AMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] LDAP query
question
Thanks to all,
changing / to \/ in the dn did the trick.
Unfortunately, I
cant get the groups renamed. Luckily, none of my users have created the
groups using commas in their names. We do have numerous groups with embedded
spaces and those havent caused any of my apps to
fail.
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of joeSent: Wednesday, February 16, 2005 12:44
PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] LDAP query
question
Yep.
But I would truly
recommend renaming the objects. I would also kill any names with spaces in
them and commas in them, those are also a pain to deal with.
joe
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Dean
WellsSent: Wednesday,
February 16, 2005 3:03 PMTo:
Send - AD mailing listSubject: RE: [ActiveDir] LDAP query
question
Initial thought -
string substitution, escape it with (ironically) a backslash "\"
??
--Dean
WellsMSEtechnology* Email: [EMAIL PROTECTED]http://msetechnology.com
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Passo,
LarrySent: Wednesday,
February 16, 2005 2:05 PMTo:
ActiveDir@mail.activedir.orgSubject: [ActiveDir] LDAP query
question
I have developed a
number of applications that do various queries on AD. However, I have run into
a problem with doing an LDAP query in groups that have been named with the /
character in their name. Since the group was named with a /, the
distinguished name for the object also has the / character. When my app
tries to connect to the object using the following, an error
results:
Create
Object("LDAP://" distinguishedname)
The LDAP query is
assuming that Im trying to do a query of the form
LDAP://server/distinguishedname. The WINNT provider has the same
issue.
Any suggestions?
(Besides renaming the
groups?)
RE: [ActiveDir] LDAP Query Question
Title: LDAP Query Question I wholeheartedly agree with point 2. I will look at doing STATS in ADFIND in the next rev or two. Give me a month, maybe two. Just starting to see the light of day again. :o) joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric FleischmanSent: Wednesday, April 21, 2004 10:28 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] LDAP Query Question 1) It should process objectcategory which is why I said I think perf gain should be small. 2) Right, expensive on insert. My comment was only that indexes need be considered before being just flipped on. If you flip on an index for a once-a-year query, thats not your best use of resources.youre better off taking the somewhat larger perf hit there than you are taking the small perf hit every day for the whole year.No further tuple index docs that Im aware of. 3) Umm, Id say dont parse the STATS output, just dump it. I cant imagine parsing is going to help..STATS output tends to be one of those things that if you can read it, great.but if not, parsing isnt going to help much. :) 4) Good question. I assume this is a subtree search?Show me some stats spew and I can answer for sure, but if forced to guess, Id guess the second one is faster, but not by much. At least that is my hunch. We cant do a ton to optimize those two last terms short of possibly reordering a bit, but that wont buy us anything huge. We cant drop a term, we cant simplify the logic and we cant hit any extra indexes through optimization that I can think of.I dont have a good data set on a local DC here, but if you do, run these and get me STATS spew on em both. Ill be able to see if Im right about that. J From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Wednesday, April 21, 2004 6:47 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] LDAP Query Question 1. I would tend to agree that the poerf difference should be small on this one, that is why I said may or may not get a performance gain, it really depends on how AD optimizes the query. I would hope it was smart enough to process the indexed pieces first and then use the non-indexed pieces. At that point, the subset needed to be gone over for non-indexed checks should be small, but I could be wrong in my guess (too generous) on how the optimizer is working. 2. When you say expensive, I guess you mean expensive on the insert operations, they shouldn't have to be touched other than on an update or a new add correct? Just day to day unless you are writing and rewriting an attribute it shouldn't be an issue and if you are constantly rewriting an attrib there is question as to whether or not it should be in an LDAP Store anyway. Is there further docs on tuple indices, there is so little MS documentation that I have ever found. 3. Thanks on the STATS output stuff. I haven't even looked at it yet but from what I have seen in Docs, the output doesn't seem to be heavily documented which makes me think I will have to be careful in my parsing of it. I have to really look to see if I need to restructure anything yet in the main code body. 4. Eric, which version of the query in 3 should be more efficient based on your knowledge of the optimizer? - http://www.joeware.net (download joeware) http://www.cafeshops.com/joewarenet (wear joeware) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric FleischmanSent: Tuesday, April 20, 2004 11:31 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] LDAP Query Question A few things inline (in red) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Tuesday, April 20, 2004 8:30 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] LDAP Query Question A couple of things 1. You don't really need objectclass for this query. You may or may not get a performance gain for removing it.[EFLEIS] perf win here should be small if you made me guess. If it is large, let me know, Id be curious to investigate why. With STATS output I could probably answer the question. 2. You don't mention anything around the *SMS* part of the query.. if you don't need it, dump it, it will be the slowest part of your query unless you have tuple (medial)indices (not a default).[EFLEIS] Tuple indexes are seriously expensive..Id rather take the perf hit unless youre really going to be working this box with that query over and over. Remember, perf gain of an index need outweight perf loss in maintaining that index over the long haul. Else it isnt worth using that index. 3. The (!(samccountname=_*)(samaccountname=\2a*)(samaccountname=*SMS*)) isn't really doing what I think you expect. I think you expect it would NOT all of those items.It probably should NOT the first item and OR in the rest and then ORed in all of them together. For your original problem statement I think I would do something like ((objectcategory=person
RE: [ActiveDir] LDAP Query Question
Title: LDAP Query Question 1. I would tend to agree that the poerf difference should be small on this one, that is why I said may or may not get a performance gain, it really depends on how AD optimizes the query. I would hope it was smart enough to process the indexed pieces first and then use the non-indexed pieces. At that point, the subset needed to be gone over for non-indexed checks should be small, but I could be wrong in my guess (too generous) on how the optimizer is working. 2. When you say expensive, I guess you mean expensive on the insert operations, they shouldn't have to be touched other than on an update or a new add correct? Just day to day unless you are writing and rewriting an attribute it shouldn't be an issue and if you are constantly rewriting an attrib there is question as to whether or not it should be in an LDAP Store anyway. Is there further docs on tuple indices, there is so little MS documentation that I have ever found. 3. Thanks on the STATS output stuff. I haven't even looked at it yet but from what I have seen in Docs, the output doesn't seem to be heavily documented which makes me think I will have to be careful in my parsing of it. I have to really look to see if I need to restructure anything yet in the main code body. 4. Eric, which version of the query in 3 should be more efficient based on your knowledge of the optimizer? - http://www.joeware.net (download joeware) http://www.cafeshops.com/joewarenet (wear joeware) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric FleischmanSent: Tuesday, April 20, 2004 11:31 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] LDAP Query Question A few things inline (in red) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Tuesday, April 20, 2004 8:30 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] LDAP Query Question A couple of things 1. You don't really need objectclass for this query. You may or may not get a performance gain for removing it.[EFLEIS] perf win here should be small if you made me guess. If it is large, let me know, Id be curious to investigate why. With STATS output I could probably answer the question. 2. You don't mention anything around the *SMS* part of the query.. if you don't need it, dump it, it will be the slowest part of your query unless you have tuple (medial)indices (not a default).[EFLEIS] Tuple indexes are seriously expensive..Id rather take the perf hit unless youre really going to be working this box with that query over and over. Remember, perf gain of an index need outweight perf loss in maintaining that index over the long haul. Else it isnt worth using that index. 3. The (!(samccountname=_*)(samaccountname=\2a*)(samaccountname=*SMS*)) isn't really doing what I think you expect. I think you expect it would NOT all of those items.It probably should NOT the first item and OR in the rest and then ORed in all of them together. For your original problem statement I think I would do something like ((objectcategory=person)(|(!(sAMAccountName=_*))(!(sAMAccountName=\2a*))) Not really sure if that or ((objectcategory=person)(!(|(sAMAccountName=_*)(sAMAccountName=\2a* would be faster. Best would be to test them both, maybe use the STATS control (yes I have to add that one to ADFIND) or turn on the ldap query logging on the DCs to see how they show up in terms of efficiency. [EFLEIS] If you need help understanding the STATS output just holler. And yes it should be exposed in adfind, although Ive still never used adfind, but it sounds useful. Oh, and the comment about logging and STATS..yea, mostly useful if running 2k03 which you didnt mention. If not 2k03 you wont get as much spew from the logging options and such. joe - http://www.joeware.net (download joeware) http://www.cafeshops.com/joewarenet (wear joeware) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]Sent: Monday, April 19, 2004 3:06 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] LDAP Query Question Hey folks, Im trying to write an LDAP query to return the users that dont begin with two different characters, either an underscore (_) or an asterisk (*). Ive searched the archives so forgive me if this is a repeat. J ( (objectcategory=person) (objectclass=user) (| (! (sAMAccountName=_*) (sAMAccountName=\2a*) (sAMAccountName=*SMS*) ) ) ) Any suggestions? J Thanks!
RE: [ActiveDir] LDAP Query Question
Title: LDAP Query Question I would be using ADFIND but unfortunately this is for an application that requires LDAP query strings I just got softerra ldap browser yesterday I must be encountering a steep learning curve. I havent felt this dumb for awhile J From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. Smith Sent: Monday, April 19, 2004 4:20 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] LDAP Query Question I use adfind and ADUC for my LDAP testing. Easier than LDP! :-) Another program I've found very useful is Softerra LDAP Browser (free). From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, April 19, 2004 4:10 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] LDAP Query Question Thanks for the tip Michael. Going to give this a try interestingly enough, I ran what I wrote and didnt get an error back probably is, I cant tell in LDP if I got the results I wanted. J From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. Smith Sent: Monday, April 19, 2004 3:30 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] LDAP Query Question This is the way I wrote it. ( (objectCategory=person) (objectClass=user) ( !( |( (samaccountname=_*) (samaccountname=\2a*) (samaccountname=*SMS*) ) ) ) ) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, April 19, 2004 3:06 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] LDAP Query Question Hey folks, Im trying to write an LDAP query to return the users that dont begin with two different characters, either an underscore (_) or an asterisk (*). Ive searched the archives so forgive me if this is a repeat. J ( (objectcategory=person) (objectclass=user) (| (! (sAMAccountName=_*) (sAMAccountName=\2a*) (sAMAccountName=*SMS*) ) ) ) Any suggestions? J Thanks!
RE: [ActiveDir] LDAP Query Question
Title: LDAP Query Question What do you mean by I would be using ADFIND but unfortunately this is for an application that requires LDAP query strings - http://www.joeware.net (download joeware) http://www.cafeshops.com/joewarenet (wear joeware) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]Sent: Tuesday, April 20, 2004 9:36 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] LDAP Query Question I would be using ADFIND but unfortunately this is for an application that requires LDAP query strings I just got softerra ldap browser yesterday I must be encountering a steep learning curve. I havent felt this dumb for awhile J From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. SmithSent: Monday, April 19, 2004 4:20 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] LDAP Query Question I use adfind and ADUC for my LDAP testing. Easier than LDP! :-) Another program I've found very useful is Softerra LDAP Browser (free). From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]Sent: Monday, April 19, 2004 4:10 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] LDAP Query Question Thanks for the tip Michael. Going to give this a try interestingly enough, I ran what I wrote and didnt get an error back probably is, I cant tell in LDP if I got the results I wanted. J From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. SmithSent: Monday, April 19, 2004 3:30 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] LDAP Query Question This is the way I wrote it. ( (objectCategory=person) (objectClass=user) ( !( |( (samaccountname=_*) (samaccountname=\2a*) (samaccountname=*SMS*) ) ) ) ) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]Sent: Monday, April 19, 2004 3:06 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] LDAP Query Question Hey folks, Im trying to write an LDAP query to return the users that dont begin with two different characters, either an underscore (_) or an asterisk (*). Ive searched the archives so forgive me if this is a repeat. J ( (objectcategory=person) (objectclass=user) (| (! (sAMAccountName=_*) (sAMAccountName=\2a*) (sAMAccountName=*SMS*) ) ) ) Any suggestions? J Thanks!
RE: [ActiveDir] LDAP Query Question
Title: LDAP Query Question A couple of things 1. You don't really need objectclass for this query. You may or may not get a performance gain for removing it. 2. You don't mention anything around the *SMS* part of the query.. if you don't need it, dump it, it will be the slowest part of your query unless you have tuple (medial)indices (not a default). 3. The (!(samccountname=_*)(samaccountname=\2a*)(samaccountname=*SMS*)) isn't really doing what I think you expect. I think you expect it would NOT all of those items.It probably should NOT the first item and OR in the rest and then ORed in all of them together. For your original problem statement I think I would do something like ((objectcategory=person)(|(!(sAMAccountName=_*))(!(sAMAccountName=\2a*))) Not really sure if that or ((objectcategory=person)(!(|(sAMAccountName=_*)(sAMAccountName=\2a* would be faster. Best would be to test them both, maybe use the STATS control (yes I have to add that one to ADFIND) or turn on the ldap query logging on the DCs to see how they show up in terms of efficiency. joe - http://www.joeware.net (download joeware) http://www.cafeshops.com/joewarenet (wear joeware) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]Sent: Monday, April 19, 2004 3:06 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] LDAP Query Question Hey folks, Im trying to write an LDAP query to return the users that dont begin with two different characters, either an underscore (_) or an asterisk (*). Ive searched the archives so forgive me if this is a repeat. J ( (objectcategory=person) (objectclass=user) (| (! (sAMAccountName=_*) (sAMAccountName=\2a*) (sAMAccountName=*SMS*) ) ) ) Any suggestions? J Thanks!
RE: [ActiveDir] LDAP Query Question
Title: LDAP Query Question A few things inline (in red) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Tuesday, April 20, 2004 8:30 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] LDAP Query Question A couple of things 1. You don't really need objectclass for this query. You may or may not get a performance gain for removing it. [EFLEIS] perf win here should be small if you made me guess. If it is large, let me know, Id be curious to investigate why. With STATS output I could probably answer the question. 2. You don't mention anything around the *SMS* part of the query.. if you don't need it, dump it, it will be the slowest part of your query unless you have tuple (medial)indices (not a default). [EFLEIS] Tuple indexes are seriously expensive..Id rather take the perf hit unless youre really going to be working this box with that query over and over. Remember, perf gain of an index need outweight perf loss in maintaining that index over the long haul. Else it isnt worth using that index. 3. The (!(samccountname=_*)(samaccountname=\2a*)(samaccountname=*SMS*)) isn't really doing what I think you expect. I think you expect it would NOT all of those items.It probably should NOT the first item and OR in the rest and then ORed in all of them together. For your original problem statement I think I would do something like ((objectcategory=person)(|(!(sAMAccountName=_*))(!(sAMAccountName=\2a*))) Not really sure if that or ((objectcategory=person)(!(|(sAMAccountName=_*)(sAMAccountName=\2a* would be faster. Best would be to test them both, maybe use the STATS control (yes I have to add that one to ADFIND) or turn on the ldap query logging on the DCs to see how they show up in terms of efficiency. [EFLEIS] If you need help understanding the STATS output just holler. And yes it should be exposed in adfind, although Ive still never used adfind, but it sounds useful. Oh, and the comment about logging and STATS..yea, mostly useful if running 2k03 which you didnt mention. If not 2k03 you wont get as much spew from the logging options and such. joe - http://www.joeware.net (download joeware) http://www.cafeshops.com/joewarenet (wear joeware) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, April 19, 2004 3:06 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] LDAP Query Question Hey folks, Im trying to write an LDAP query to return the users that dont begin with two different characters, either an underscore (_) or an asterisk (*). Ive searched the archives so forgive me if this is a repeat. J ( (objectcategory=person) (objectclass=user) (| (! (sAMAccountName=_*) (sAMAccountName=\2a*) (sAMAccountName=*SMS*) ) ) ) Any suggestions? J Thanks!
[ActiveDir] LDAP Query Question
Title: LDAP Query Question Hey folks, Im trying to write an LDAP query to return the users that dont begin with two different characters, either an underscore (_) or an asterisk (*). Ive searched the archives so forgive me if this is a repeat. J ( (objectcategory=person) (objectclass=user) (| (! (sAMAccountName=_*) (sAMAccountName=\2a*) (sAMAccountName=*SMS*) ) ) ) Any suggestions? J Thanks!
RE: [ActiveDir] LDAP Query Question
Title: LDAP Query Question This is the way I wrote it. ( (objectCategory=person) (objectClass=user) ( !( |( (samaccountname=_*) (samaccountname=\2a*) (samaccountname=*SMS*) ) ) ) ) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]Sent: Monday, April 19, 2004 3:06 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] LDAP Query Question Hey folks, Im trying to write an LDAP query to return the users that dont begin with two different characters, either an underscore (_) or an asterisk (*). Ive searched the archives so forgive me if this is a repeat. J ( (objectcategory=person) (objectclass=user) (| (! (sAMAccountName=_*) (sAMAccountName=\2a*) (sAMAccountName=*SMS*) ) ) ) Any suggestions? J Thanks!
RE: [ActiveDir] LDAP Query Question
Title: LDAP Query Question Shouldn't that be: ( (objectCategory=person) (objectClass=user) (! (| (samaccountname=_*) (samaccountname=\2a*) (samaccountname=*SMS*) ) ) ) (Extra parentheses around the samaccountname conditionals removed) Paul From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. SmithSent: Monday, April 19, 2004 2:30 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] LDAP Query Question This is the way I wrote it. ( (objectCategory=person) (objectClass=user) ( !( |( (samaccountname=_*) (samaccountname=\2a*) (samaccountname=*SMS*) ) ) ) ) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]Sent: Monday, April 19, 2004 3:06 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] LDAP Query Question Hey folks, Im trying to write an LDAP query to return the users that dont begin with two different characters, either an underscore (_) or an asterisk (*). Ive searched the archives so forgive me if this is a repeat. J ( (objectcategory=person) (objectclass=user) (| (! (sAMAccountName=_*) (sAMAccountName=\2a*) (sAMAccountName=*SMS*) ) ) ) Any suggestions? J Thanks! === Important: This electronic mail message and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies. ===
RE: [ActiveDir] LDAP Query Question
Title: LDAP Query Question I've loved extra parentheses ever since I studied LISP in 1980. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Cotter, Paul M.Sent: Monday, April 19, 2004 3:56 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] LDAP Query Question Shouldn't that be: ( (objectCategory=person) (objectClass=user) (! (| (samaccountname=_*) (samaccountname=\2a*) (samaccountname=*SMS*) ) ) ) (Extra parentheses around the samaccountname conditionals removed) Paul From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. SmithSent: Monday, April 19, 2004 2:30 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] LDAP Query Question This is the way I wrote it. ( (objectCategory=person) (objectClass=user) ( !( |( (samaccountname=_*) (samaccountname=\2a*) (samaccountname=*SMS*) ) ) ) ) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]Sent: Monday, April 19, 2004 3:06 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] LDAP Query Question Hey folks, Im trying to write an LDAP query to return the users that dont begin with two different characters, either an underscore (_) or an asterisk (*). Ive searched the archives so forgive me if this is a repeat. J ( (objectcategory=person) (objectclass=user) (| (! (sAMAccountName=_*) (sAMAccountName=\2a*) (sAMAccountName=*SMS*) ) ) ) Any suggestions? J Thanks! === Important: This electronic mail message and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies. ===
RE: [ActiveDir] LDAP Query Question
Title: LDAP Query Question Thanks for the tip Michael. Going to give this a try interestingly enough, I ran what I wrote and didnt get an error back probably is, I cant tell in LDP if I got the results I wanted. J From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. Smith Sent: Monday, April 19, 2004 3:30 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] LDAP Query Question This is the way I wrote it. ( (objectCategory=person) (objectClass=user) ( !( |( (samaccountname=_*) (samaccountname=\2a*) (samaccountname=*SMS*) ) ) ) ) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, April 19, 2004 3:06 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] LDAP Query Question Hey folks, Im trying to write an LDAP query to return the users that dont begin with two different characters, either an underscore (_) or an asterisk (*). Ive searched the archives so forgive me if this is a repeat. J ( (objectcategory=person) (objectclass=user) (| (! (sAMAccountName=_*) (sAMAccountName=\2a*) (sAMAccountName=*SMS*) ) ) ) Any suggestions? J Thanks!
RE: [ActiveDir] LDAP Query Question
Title: LDAP Query Question :-) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. SmithSent: Monday, April 19, 2004 2:59 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] LDAP Query Question I've loved extra parentheses ever since I studied LISP in 1980. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Cotter, Paul M.Sent: Monday, April 19, 2004 3:56 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] LDAP Query Question Shouldn't that be: ( (objectCategory=person) (objectClass=user) (! (| (samaccountname=_*) (samaccountname=\2a*) (samaccountname=*SMS*) ) ) ) (Extra parentheses around the samaccountname conditionals removed) Paul From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. SmithSent: Monday, April 19, 2004 2:30 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] LDAP Query Question This is the way I wrote it. ( (objectCategory=person) (objectClass=user) ( !( |( (samaccountname=_*) (samaccountname=\2a*) (samaccountname=*SMS*) ) ) ) ) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]Sent: Monday, April 19, 2004 3:06 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] LDAP Query Question Hey folks, Im trying to write an LDAP query to return the users that dont begin with two different characters, either an underscore (_) or an asterisk (*). Ive searched the archives so forgive me if this is a repeat. J ( (objectcategory=person) (objectclass=user) (| (! (sAMAccountName=_*) (sAMAccountName=\2a*) (sAMAccountName=*SMS*) ) ) ) Any suggestions? J Thanks! === Important: This electronic mail message and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies. === === Important: This electronic mail message and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies. ===
RE: [ActiveDir] LDAP Query Question
Title: LDAP Query Question I use adfind and ADUC for my LDAP testing. Easier than LDP! :-) Another program I've found very useful is Softerra LDAP Browser (free). From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]Sent: Monday, April 19, 2004 4:10 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] LDAP Query Question Thanks for the tip Michael. Going to give this a try interestingly enough, I ran what I wrote and didnt get an error back probably is, I cant tell in LDP if I got the results I wanted. J From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. SmithSent: Monday, April 19, 2004 3:30 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] LDAP Query Question This is the way I wrote it. ( (objectCategory=person) (objectClass=user) ( !( |( (samaccountname=_*) (samaccountname=\2a*) (samaccountname=*SMS*) ) ) ) ) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]Sent: Monday, April 19, 2004 3:06 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] LDAP Query Question Hey folks, Im trying to write an LDAP query to return the users that dont begin with two different characters, either an underscore (_) or an asterisk (*). Ive searched the archives so forgive me if this is a repeat. J ( (objectcategory=person) (objectclass=user) (| (! (sAMAccountName=_*) (sAMAccountName=\2a*) (sAMAccountName=*SMS*) ) ) ) Any suggestions? J Thanks!
