Re: LDAP query help request.

Richard...

You rock! I also see where I was making my coding mistakes. Wow this
syntax is a bit odd to work with.
I think the mistake I was making in most of my attempts was understanding
the joining of the query.

Again, thank you very much Richard...


David.



"Richard Mueller" <rlmueller-NOSPAM@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:%23xBcDMwyGHA.4976@xxxxxxxxxxxxxxxxxxxxxxx
David Gibbons wrote:

I'm trying to create some LDAP queries and seem to be running into a
syntax problem.

(&(objectCategory=user)(|(department=*60)(department=*61))(&(|(department=0042*)(department=0043*))))

The above statement works however I'm trying to add one more filter to
the statement and nothing I do seems to work. The idea is as follows...

(employeeid=1111) or (((Department=*60) or (Department=*61)) and
((Department=0042*) or (Department=0043*)))

This would return all the results for the 4 department number
combinations plus the 1 user with the employee id or 1111.

I thought that this statement would work... (as well as many many many
different syntax changes and I think this is the last one I tried before
hitting the newsgroups.)

(&(objectCategory=user)(|(employeeid=1111))(|(department=*60)(department=*61))(&(|(department=0042*)(department=0043*)))(!userAccountControl:1.2.840.113556.1.4.803:=2))

But it return no results, just one user, every user in AD or is invalid
depending on the syntax change. I could do this is SQL but for some
reason I just can't seem to get the syntax correct in LDAP.

Anyone of there see what it is I'm doing wrong or could lead me to better
LDAP syntax example pages then the one I have found?

Hi,

If I understand correctly, I would try:

(&(objectCategory=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)(|(employeeid=1111)(&(|(department=*60)(department=*61))(|(department=0042*)(department=0043*)))))

This assumes you want:

((department=*60) Or (department=*61)) And ((department=0042*) Or
(department=0043*))

so departments 004260, 004261, 004360, and 004361 would satisfy the query
(among others).

--
Richard
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net



.

Relevant Pages

  • Re: LDAP query help request.
    ... different syntax changes and I think this is the last one I tried before ... reason I just can't seem to get the syntax correct in LDAP. ... LDAP syntax example pages then the one I have found? ...
    (microsoft.public.windows.server.active_directory)
  • Re: Books/References new to scripting in AD/2003
    ... bits of flag attributes like userAccountControl using SQL syntax. ... To restrict the query to an OU, ... The equivalent LDAP syntax query would be: ... Here is the part of the script where it is pulling the info from AD. ...
    (microsoft.public.windows.server.scripting)
  • Re: Setting Passwords via DSML with non-admin type Domain User Cre
    ... I got the syntax correctly coded for the delete then add. ... The DSML request is: ... > deleting the whole object from the tree. ... >> where I am running into the LDAP syntax. ...
    (microsoft.public.platformsdk.security)
  • Re: Refresh (Requery?) a subform from its popup
    ... > Never knew that Albert... ... That is referencing the base forms ... >> above syntax will not work if a form has NO CODE. ... >> The original poser MUST get his syntax correct. ...
    (microsoft.public.access.formscoding)