Re: Querying AD

Are you sure that the value you are using for memberOf in your filter is the
actual DN of the group?

I recommend using a lower level LDAP query tool like ldp.exe for testing
these types of queries and examining the actual values of attributes in AD
objects so you can see what is really going on.

I also recommend you redirect these types of questions to the
ms.public.adsi.general group as that is where most of the AD programming
discussions go on. It isn't a big deal, but this type of question is less
likely to get lost there.

Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Jim in Arizona" <tiltowait@xxxxxxxxxxx> wrote in message
news:%23oDmZNBlIHA.1164@xxxxxxxxxxxxxxxxxxxxxxx
Although I'm wrting VB.NET code, the part of the code I'm in need of help
on is AD querying so I figured this group would be more appropriate for
the question.

I'm trying to query AD to see if a username is a member of a group. For
some reason, it only works in a top level OU. Anything below that and it
does not work.

The Problem:

I have a top level OU called testou1. Inside that OU is a group called
testgroup. Within that group is a single user called testuser.

If I run this code (code snipped for brevity), it returns a positive
result by writing the users username to the screen:


osearcher.Filter =
"(&(sAMAccountName=tuser)(memberOf=CN=testgroup,OU=testou1,DC=corp,DC=mydomain,DC=com))"


The above returns the user just fine. Now, if I have a second ou called
testou2 that inside testou1, and I move the group called testgroup from
the OU testou1 to the OU testou2 and I try this code:


osearcher.Filter =
"(&(sAMAccountName=tuser)(memberOf=CN=testgroup,OU=testou1,OU=testou2,DC=corp,DC=mydomain,DC=com))"


I get nothing returned from the query.

I'm hoping someone can clue me in.

TIA,
Jim



.