Re: LDAP query help request.

From: "Richard Mueller" <rlmueller-NOSPAM@xxxxxxxxxxxxxxxxxxxx>
Date: Mon, 28 Aug 2006 19:35:22 -0500

David Gibbons wrote:

I'm trying to create some LDAP queries and seem to be running into a
syntax problem.

(&(objectCategory=user)(|(department=*60)(department=*61))(&(|(department=0042*)(department=0043*))))

The above statement works however I'm trying to add one more filter to the
statement and nothing I do seems to work. The idea is as follows...

(employeeid=1111) or (((Department=*60) or (Department=*61)) and
((Department=0042*) or (Department=0043*)))

This would return all the results for the 4 department number combinations
plus the 1 user with the employee id or 1111.

I thought that this statement would work... (as well as many many many
different syntax changes and I think this is the last one I tried before
hitting the newsgroups.)

(&(objectCategory=user)(|(employeeid=1111))(|(department=*60)(department=*61))(&(|(department=0042*)(department=0043*)))(!userAccountControl:1.2.840.113556.1.4.803:=2))

But it return no results, just one user, every user in AD or is invalid
depending on the syntax change. I could do this is SQL but for some
reason I just can't seem to get the syntax correct in LDAP.

Anyone of there see what it is I'm doing wrong or could lead me to better
LDAP syntax example pages then the one I have found?

Hi,

If I understand correctly, I would try:

(&(objectCategory=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)(|(employeeid=1111)(&(|(department=*60)(department=*61))(|(department=0042*)(department=0043*)))))

This assumes you want:

((department=*60) Or (department=*61)) And ((department=0042*) Or
(department=0043*))

so departments 004260, 004261, 004360, and 004361 would satisfy the query
(among others).

--
Richard
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net

.

Follow-Ups:
- Re: LDAP query help request.
  - From: David Gibbons

References:
- LDAP query help request.
  - From: David Gibbons

Prev by Date: LDAP query help request.
Next by Date: Re: How can I list all service principals in a Windows 2003 Active Directory?
Previous by thread: LDAP query help request.
Next by thread: Re: LDAP query help request.
Index(es):
- Date
- Thread

Relevant Pages

Re: LDAP query help request.
... I also see where I was making my coding mistakes. ... syntax is a bit odd to work with. ... reason I just can't seem to get the syntax correct in LDAP. ... LDAP syntax example pages then the one I have found? ...
(microsoft.public.windows.server.active_directory)
Re: Question about passing by value
... Jack Klein wrote: ... And why exactly is the reason for that, ... don't see any other reason for any syntax changes. ...
(comp.lang.cpp)
LDAP query help request.
... I'm trying to create some LDAP queries and seem to be running into a syntax ... different syntax changes and I think this is the last one I tried before ... I just can't seem to get the syntax correct in LDAP. ...
(microsoft.public.windows.server.active_directory)
Re: Books/References new to scripting in AD/2003
... bits of flag attributes like userAccountControl using SQL syntax. ... To restrict the query to an OU, ... The equivalent LDAP syntax query would be: ... Here is the part of the script where it is pulling the info from AD. ...
(microsoft.public.windows.server.scripting)
Re: Setting Passwords via DSML with non-admin type Domain User Cre
... I got the syntax correctly coded for the delete then add. ... The DSML request is: ... > deleting the whole object from the tree. ... >> where I am running into the LDAP syntax. ...
(microsoft.public.platformsdk.security)