Well I wrote this little asp/adsi browsing script (sloppy code) to see what exactly I could query against... (see attached)
The only thing with the OU in the user object is the distinguishedName.
However, all my attempts to exclude any distinguishedName with *Contact*
also failed.
The ou is an optional as you will see if you run the ASP, but does not get
populated automatically by the server.
I hate to iterate a loop through OU's but it looks like this may be the only
option...
-----Original Message-----
From: Mohammed Joueid
To: [EMAIL PROTECTED]
Sent: 27/05/2002 3:55 AM
Subject: RE: [ActiveDir] Searching LDAP
Tony,
I ran into a smiliar problem not long ago. I was unable to fully
determine whether AD support extensible matching, but tests showed that
it didn't.
Thanks
-----Original Message-----
From: Tony Murray [mailto:[EMAIL PROTECTED]]
Sent: 25 May 2002 16:36
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Searching LDAP
Gil,
I don't believe this will work. The search filter includes
"ojbectClass=user" and user objects do not contain an "ou" attribute.
As an alternative, I have tried to make it work using extensible
matching
(described in RFC2252), without specifying a matching rule, e.g.
(&(objectClass=user)(:dn:=Contacts))
and
(&(objectClass=user)(ou:dn:=Contacts))
.... but this also failed. I guess that unless there is a DN substrings
matching rule this approach will not work? If this is the case then the
only alternative I can think of is to run an initial search to identify
all
the OUs that do not match "ou=Contacts" and then work the results (as
indicated in my other mail).
BTW, I found an excellent overview of LDAP with good examples here:
http://bcook.cs.gasou.edu/cs523/2ravi/firstpage.htm
Tony
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Gil Kirkpatrick
Sent: Friday, May 24, 2002 6:14 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Searching LDAP
Brendan,
You were almost correct... try this (note the additional parens around
the
negated expression):
(&(objectClass=user)(objectCategory=person)(sn=*)(!(ou=*Contacts*));samA
ccou
ntName,name,company,telephoneNumber,AdsPath;subtree
http://www.ietf.org/rfc/rfc2251.txt?number=2251 has the complete
description
of LDAP search filter syntax.
Gil Kirkpatrick
Chief Technology Officer, NetPro
Author of "Active Directory Programming" from MacMillan
Got eBook? Get your free Active Directory Troubleshooting eBook at:
http://www.netpro.com/ebook
-----Original Message-----
From: Stephens, Brendan [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 24, 2002 7:22 AM
To: ''[EMAIL PROTECTED]' '
Subject: [ActiveDir] Searching LDAP
If anyone is familiar with LDAP syntax, I could use some help on this
one...
Our directory structure is separated into OU's, and I am trying to
filter a
specific OU out of the picture...
I can pull the users by using the following syntax for ADO... strSQL =
"<LDAP://"; & Domain
&">;(&(objectClass=user)(objectCategory=person)(sn=*);samAccountName,nam
e,co
mpany,telephoneNumber,AdsPath;subtree"
But how do I filter out an OU? (Contacts)
I have tried:
strSQL = "<LDAP://"; & Domain
&">;(&(objectClass=user)(objectCategory=person)(sn=*)(!ou=*Contacts*);sa
mAcc
ountName,name,company,telephoneNumber,AdsPath;subtree"
and a couple of other variants on this, but to no avail...
Any suggestions or guru's on this matter?
Brendan Stephens
Web Applications Developer
Tech-Advances
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
adsi_properties.txt
Description: Binary data
