Re: ADAM Subset
- From: "Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx>
- Date: Sat, 18 Mar 2006 18:10:41 -0500
LOL.
Yep this would be a case for an attribute scoped query and as JoeK indicates would require a base level query, I.E. You specify the DN of the group and set the scope to BASE.
The next version of ADFIND which will be available at the end of this month will actually do this...
C:\>f:\dev\cpp\adfind\adfind -b CN=rangetestgroup,OU=tmptestou,OU=joeware2,OU=Exchange,DC=joe,DC=com -asq member -f objectclass=* samaccountname -maxe 10
AdFind BETA V01.31.00cpp BETA Joe Richards (joe@xxxxxxxxxxx) March 2006
Using server: 2k3dc01.joe.com:389
Directory: Windows Server 2003
dn:CN=u2,OU=tmptestou,OU=joeware2,OU=Exchange,DC=joe,DC=com
>sAMAccountName: u2
dn:CN=u3,OU=tmptestou,OU=joeware2,OU=Exchange,DC=joe,DC=com
>sAMAccountName: u3
dn:CN=u4,OU=tmptestou,OU=joeware2,OU=Exchange,DC=joe,DC=com
>sAMAccountName: u4
dn:CN=u5,OU=tmptestou,OU=joeware2,OU=Exchange,DC=joe,DC=com
>sAMAccountName: u5
dn:CN=u6,OU=tmptestou,OU=joeware2,OU=Exchange,DC=joe,DC=com
>sAMAccountName: u6
dn:CN=u7,OU=tmptestou,OU=joeware2,OU=Exchange,DC=joe,DC=com
>sAMAccountName: u7
dn:CN=u8,OU=tmptestou,OU=joeware2,OU=Exchange,DC=joe,DC=com
>sAMAccountName: u8
dn:CN=u9,OU=tmptestou,OU=joeware2,OU=Exchange,DC=joe,DC=com
>sAMAccountName: u9
dn:CN=u10a,OU=tmptestou,OU=joeware2,OU=Exchange,DC=joe,DC=com
>sAMAccountName: u1234567890123456789
dn:CN=u11,OU=tmptestou,OU=joeware2,OU=Exchange,DC=joe,DC=com
>sAMAccountName: u11
10 Objects returned
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
Joe Kaplan (MVP - ADSI) wrote:
Joe R. is a much better query optimizer than I am (mostly because he actually checks the query stats and I often lack initiative), but Lee pretty much has it..
There is a trick called attribute scope query that ADAM supports that allows you to search within the values of a DN-syntax attribute (like member) to filter the results and return attributes on the objects therein. However, you can only do that one one group at at time because it requires a base search.
Building a giant filter with all the DNs from the group members and doing a subtree search usually works pretty well too. You can get into some really amazingly large filters that way, but that seems to work pretty well up into the hundreds of clauses.
Joe K.
"Lee Flight" <lef@xxxxxxxxxxxxxxx> wrote in message news:O$0pT%23vQGHA.2300@xxxxxxxxxxxxxxxxxxxxxxxHi
if the only criteria of selection is membership of the groups
then you would need to pull the members with one search
and then loop through those distinguishedNames binding to
each or using each as search base. Alternatively you could bunch
the distinguishedNames retrieved into a single filter and run
another (subtree scope) search based on that. Try posting
on the adsi.general newsgroup, Joe Kaplan or joe Richards
might spot your question and tell you which approach is likely
to be optimal.
Lee Flight
"drm" <don.mai@xxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:1141851980.891968.86010@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxLee,
Your filter with the member attribute will tell me who is in each
group. I need to retrieve some of the attributes from each member. Do
I need to set up a separate search for each member or is there a way to
accomplish this with one search.
- References:
- ADAM Subset
- From: drm
- Re: ADAM Subset
- From: Lee Flight
- Re: ADAM Subset
- From: drm
- Re: ADAM Subset
- From: Lee Flight
- Re: ADAM Subset
- From: Joe Kaplan \(MVP - ADSI\)
- ADAM Subset
- Prev by Date: Re: Finding sidhistory with Adfind
- Next by Date: Re: Mailbox creation
- Previous by thread: Re: ADAM Subset
- Next by thread: Re: ADAM Subset
- Index(es):
Relevant Pages
|
Loading
