Re: Querying AD
- From: "Jim in Arizona" <tiltowait@xxxxxxxxxxx>
- Date: Tue, 1 Apr 2008 11:16:32 -0700
Querying AD is all new to me so, of course, I didn't have my query right.
Joseph Corey pointed out that I had my OUs reversed in my string.
Thanks for the idea on on another avenue of searching though. I will most
likely give that option a try while working on my current web project. In
the meantime, It looks like I will need to do some further research on how
to properly query AD.
Jim
"Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:uFeA4JClIHA.1680@xxxxxxxxxxxxxxxxxxxxxxx
In general, the best thing to do here would probably be to find the user
object you are looking for (perhaps via a search with just sAMAccountName)
and then just look in the memberOf to see if the DN is there. You could
also search for the group based on its CN or sAMAccountName and see what
its DN actually is.
Learning a few things about how to use this tool to help you will serve
you well in your future efforts.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"Jim in Arizona" <tiltowait@xxxxxxxxxxx> wrote in message
news:OKdZCzBlIHA.2276@xxxxxxxxxxxxxxxxxxxxxxx
I fired up ldp.exe like you suggested then connected and binded to our
main DC. (this is the first time I've used this tool)
When donig a search for base DN of
CN=test,OU=testou1,DC=corp,DC=mydomain,DC=com
I do get a positive return. But, when I try:
CN=test,OU=testou1,OU=testou2,DC=corp,DC=mydomain,DC=com
It returns 0 entries.
When I look at the properties of the 2nd OU (by right clicking on it in
AD Users and Computers), under the Object tab, I get this:
corp.mydomain.com/testou1/testou2
Yep, I'm lost now. Is my DN malformed (OU=testou1,OU=testou2) ?
I'll take this up with the ADSI group if necessary but I was hoping to
resolve it here before I took it deeper.
Thanks Joe!
"Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:ePvl9lBlIHA.2268@xxxxxxxxxxxxxxxxxxxxxxx
Are you sure that the value you are using for memberOf in your filter is
the actual DN of the group?
I recommend using a lower level LDAP query tool like ldp.exe for testing
these types of queries and examining the actual values of attributes in
AD objects so you can see what is really going on.
I also recommend you redirect these types of questions to the
ms.public.adsi.general group as that is where most of the AD programming
discussions go on. It isn't a big deal, but this type of question is
less likely to get lost there.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
.
- References:
- Querying AD
- From: Jim in Arizona
- Re: Querying AD
- From: Joe Kaplan
- Re: Querying AD
- From: Jim in Arizona
- Re: Querying AD
- From: Joe Kaplan
- Querying AD
- Prev by Date: Re: Querying AD
- Next by Date: Re: How to: see AD user profile over network
- Previous by thread: Re: Querying AD
- Next by thread: Re: Querying AD
- Index(es):
Relevant Pages
|
