/build/static/layout/Breadcrumb_cap_w.png

LDAP User Query

I am trying to pull in users from AD and am getting stuck on the query syntax

We have an OU called User Accounts that I am using as the search base DN.

Within AD, there are sub OUs including Marketing and MIS such as:

User Accounts
___Marketing
___MIS


I wish to specify the OUs I want users from.

Right now I can run two kinds of queries in KACE:

1) Run a query to find all users in User Accounts with a search filter of:
(sAMAccountName=*)

This finds 1100 users

2) Run a query to find the OUs, but not the individual users with a sub-tree search filter of:
(|(ou=mis)(ou=marketing))

This finds 2 OUs.

I tried the query builder to specify both sAMAccountName and the OUs but it returned zero results. Not sure if this can be done via query builder or if it has to be done by hand.

Thanks in advance.

0 Comments   [ + ] Show comments

Answers (2)

Posted by: GillySpy 13 years ago
7th Degree Black Belt
0
Go to step 1 of the ldap browser and click on one of the search bases. Then change the search filter to be
samaccountname=jdoe

Make sure that jdoe is a member of the group you're interested in. e.g. marketing

If you click on jdoe now, on the right hand side of the ldap browser now does it show a memberOf as one of the attributes? Look for the one relevant to marketing and copy the value E.g. memberOf=CN=Marketing,OU=MyGroups,DC=Corp,DC=Company,DC=com
If so then you can use an import filter (or LDAP Browser test) like:

Search Base DN: OU=Users,CN=Company,CN=com
Search Filter: (&(memberOf=CN=Marketing,OU=MyGroups,DC=Corp,DC=Company,DC=com)(samaccountname=*))


or for an auth filter:

Search Base DN: OU=Users,CN=Company,CN=com
Search Filter: (&(memberOf=CN=Marketing,OU=MyGroups,DC=Corp,DC=Company,DC=com)(samaccountname=KBOX_USER))
Posted by: bostonbound 13 years ago
Purple Belt
0
Thanks! I ended up working in both a base OU and a security group and are nearly getting the desired results. I think we need to clean up the security group we're working with and we'll be set.
Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ