Re: LDP query for user groups nested?

In my earlier post you'll notice I mentioned that the base object DN
within the search MUST be the user itself, not the parent OU or
container. As such, if you wish to perform this action against many
users, you'll need to re-iterate the query against each individually ...
though I realize this seems an expensive action, it is curently a
requirement.

--
Dean Wells [MVP / Directory Services]
MSEtechnology
[[ Please respond to the Newsgroup only regarding posts ]]
R e m o v e t h e m a s k t o s e n d e m a i l

Eric - ARUP wrote:
> It makes sense but returns no results, as follows
>
> **Searching...
> ldap_search_s(ld, "CN=users,DC=Domain,DC=net", 0, "objectclass=*",
> attrList, 1, &msg)
> Result <0>: (null)
> Matched DNs:
> Getting 1 entries:
>>> Dn: CN=users,DC=Domain,DC=net
>
>
> I am using LDP currently, is the syntax for the options > attributes
> just 'tokenGroups'?
>
> thank you for your help
> e-
>
> "Dean Wells [MVP]" wrote:
>
>> I'd initially suggest submitting something along the lines of the
>> following query -
>>
>> base dn: <user object>
>> scope: base
>> filter: obectclass=*
>> attributes: tokenGroups
>>
>> .... note that the scope of the query must be 'base' since
>> tokenGroups is a constructed attribute and the DSA will not return
>> its value with larger result sets.
>>
>> Does this suffice?
>>
>> --
>> Dean Wells [MVP / Directory Services]
>> MSEtechnology
>> [[ Please respond to the Newsgroup only regarding posts ]]
>> R e m o v e t h e m a s k t o s e n d e m a i l
>>
>> Eric - ARUP wrote:
>>> Hello
>>>
>>> Is it possible to query AD for a user to get the groups he is a
>>> member of, and if any of those groups are nested then also return
>>> those uplevel groups as well.
>>>
>>> Currently testing this we query the user and get his memberOf, but
>>> unless we query each group we dont get the uplevel groups for those
>>> that are nested without a seperate query.
>>>
>>> thanks
>>> e-


.

Relevant Pages

  • Re: LDP query for user groups nested?
    ... the query and it does return the tokenGroups attribute. ... you'll need to re-iterate the query against each individually ... ... > though I realize this seems an expensive action, ... >>> MSEtechnology ...
    (microsoft.public.windows.server.active_directory)
  • Re: LDP query for user groups nested?
    ... > attributes: tokenGroups ... note that the scope of the query must be 'base' since tokenGroups is ... >> member of, and if any of those groups are nested then also return ... >> unless we query each group we dont get the uplevel groups for those ...
    (microsoft.public.windows.server.active_directory)
  • Re: LDP query for user groups nested?
    ... google for download ADAM). ... > reran the query and it does return the tokenGroups attribute. ... though I realize this seems an expensive action, ...
    (microsoft.public.windows.server.active_directory)
  • LDP query for user groups nested?
    ... Is it possible to query AD for a user to get the groups he is a member of, ... and if any of those groups are nested then also return those uplevel groups ... Currently testing this we query the user and get his memberOf, ... Prev by Date: ...
    (microsoft.public.windows.server.active_directory)
  • Re: LDP query for user groups nested?
    ... note that the scope of the query must be 'base' since tokenGroups is ... > unless we query each group we dont get the uplevel groups for those ...
    (microsoft.public.windows.server.active_directory)
Loading