|
Hello! I work in a small company where we have need of some LDAP
query assistance to identify a group of users out of AD. We only have
basic LDAP knowledge in house and our query is not finding what we need.
I would really appreciate any assistance you could lend to the following: We are trying to identify synchronize a group called “LLUsers”
within AD with an external application- so that we can do single-sign-on (AD
Authentication) Our Active Directory is structured as follows: Parent Domain – contains global security group
called “LLUsers” Two
child domains – each contains a Global Security Group called “LLUsers” In the Parent Domain, there is an additional Local
Security Group called “LLUsersLocal” whose members are the “LLUsers”
groups from all three domains. We want to construct a single LDAP query that will
return the Users from all three “LLUsers” groups. Right now, the LDAP query we have pulls individual
users added to the LLUsers group in the parent domain. Is there a way to create a nested or “OR”
query that can look in “LLUsersLocal – and pull out the Individual
Users in each group within? This is the current LDAP query (&(objectcategory=user)(memberOf=CN=LLUsers,CN=users,DC=res-ltd,DC=com)) We have tried many others – often a variation
of: (&(objectcategory=user)(|(memberOf=CN=LLUsersLocal,CN=users,DC=res-ltd,DC=com)(memberOf=CN=LLUserslocal,CN=users,DC=glasgow,DC=res-ltd,DC=com)(memberOf=CN=LLUserslocal,CN=users,DC=austin,DC=res-ltd,DC=com))) Or –
perhaps the AD design with Parent and Child directories makes this
impossible? We have received some advice that we should move to a flat
structure with only one domain and use work groups within. Amanda Rose, Renewable Energy Systems [EMAIL PROTECTED]
(email) |
- [ActiveDir] LDAP query assistance Amanda Rose
- Re: [ActiveDir] LDAP query assistance Paul Williams
