| KIXKicks |
| (Starting to like KiXtart) |
| 2013-08-14 05:43 PM |
|
LDAP Wildcard Query
|
We have separated out our user accounts in Active Directory into different OUs (Normal Network Users remain in the Users OU, Shopfloor Accounts are in a different OU, and there are others).
Our code is hardcoded to the Users OU, can it be made to search all OUs?
The commented out line works but only for the Network Users in the Users OU.
Code:
If $ADSERVER = "" ;$ADSTRING = "LDAP://" + $DCSERVER + ".DOMAIN.DOM/CN=%USERNAME%,CN=Users,DC=domain,DC=dom" $ADSTRING = "LDAP://" + $DCSERVER + ".DOMAIN.DOM/CN=%USERNAME%,CN=*,DC=domain,DC=dom" $ADSERVER = GetObject($ADSTRING) EndIf
Glenn Barnas
|
| (KiX Supporter) |
| 2013-08-14 06:21 PM |
|
|
Re: LDAP Wildcard Query
|
The "Users OU" isn't an OU, it's a container. That's why it isn't recommended to place user objects there. We generally create a root OU, with a Users OU, and then sub-OUs for different types of accounts. Allows global searches from "OU=Users,OU=MyCompany,DC=domain" or specific searches by specifying an additional OU level. I don't believe that you can mix OUs and containers in a single LDAP query.
Glenn
| KIXKicks |
| (Starting to like KiXtart) |
| 2013-08-14 06:57 PM |
|
|
|
Re: LDAP Wildcard Query
|
Thanks Glenn...I just added the extra OUs to the code...it works now!
|
Glenn Barnas
|
| (KiX Supporter) |
| 2013-08-14 07:39 PM |
|
|
|
Re: LDAP Wildcard Query
|
Cool - FYI - I just created a GetLDAPData UDF to my site. It is a front-end to fnLDAPQuery that returns a single-dimension array of users, groups, computers, OUs, or Sites from AD. You can specify a starting path (OU=Special Accounts,) and a qualifier (EU*) to limit the results, but it defaults to all objects found from the root, down. Might be helpful. The single-dim array is easier to work with than the array of arrays returned by fnLDAPQuery. There are a couple of LDAP and OU search UDFs on the site.
Glenn