#91268 - 2003-01-29 05:23 PM
Trying to search the Global Catalog..
|
Kdyer
KiX Supporter
Registered: 2001-01-03
Posts: 6241
Loc: Tigard, OR
|
I am working with users in two domains. I would like to be able to search for users within either domain using the Global Catalog. This script errors out..
; ListGroupMembership.kix
break on
$group = GetObject("LDAP://User=Kent Dyer,dc=company,dc=com")
IF @error <> 0
?@error " error found"
Sleep 2
exit
endif
; - From codirectory.asp
for each $member in $group.members
;? $member.adspath ; -- AD Object Path
? "Login ID: "+$member.SamAccountName ; -- Login ID (jdoe)
? "E-Mail: "+$member.userPrincipalName ; -- e-mail address (jdoe@company.com)
? "Full Name: "+$member.fullname ; -- Full Name (John Doe)
? "First Name: "+$member.givenName ; -- First Name
? "Last Name: "+$member.Sn ; -- Last Name
? "Home Phone: "+$member.homePhone ; -- Home Phone
? "Work Phone: "+$member.telephoneNumber ; -- Work Phone
? "--"
next
$group=0
get $k
Thanks,
Kent
[ 29. January 2003, 17:33: Message edited by: kdyer ]
|
|
Top
|
|
|
|
#91269 - 2003-01-29 06:04 PM
Re: Trying to search the Global Catalog..
|
Bonji
Starting to like KiXtart
Registered: 2001-09-28
Posts: 169
Loc: Virginia
|
Kent,
I wrote a program that does all kinds of fun things in AD. However, when working with multiple domains I had to set the domain I was working in. Also, after a brief glance at your code it looks like $group is populated with user specific data hence the code
code:
for each $member in $group.members
is invalid because you are bound to a user object and not bound at a 'group' level.
Feel free to take a look at my Network Manager tool located on my website. I haven't worked on it lately since real work is keeping me from having fun, and there are a couple features left to add, but it's a fairly comprehensive tool for working with Users in AD.
-Ben
http://www.rgcweb.org/kix
|
|
Top
|
|
|
|
#91270 - 2003-01-29 06:29 PM
Re: Trying to search the Global Catalog..
|
Kdyer
KiX Supporter
Registered: 2001-01-03
Posts: 6241
Loc: Tigard, OR
|
Ben..
Yes this may help..
However, I did find some information from Microsoft that uses - "ntdsDsa" to search the whole catalog. I like the fact that you can select a specific domain in your Net Manager, but I need to start at the top of the tree and look through the whole forest.
From - http://msdn.microsoft.com/library/default.asp?url=/library/en-us/netdir/ad/binding_to_the_global_catalog.asp
quote:
To search the entire forest
Bind to the root of the GC namespace (GC:).
Enumerate the GC container. The GC container contains a single object that you can use to search the entire forest.
Use the object in the container to perform the search. In C/C++, call QueryInterfaceto get an IDirectorySearch pointer on the object so that you can use the IDirectorySearch interface to perform the search. In Visual Basic, use the object returned from the enumeration in your ADO query.
To enumerate the Global Catalog servers in a site, perform an LDAP subtree search of cn=,cn=sites,, using the following filter string:
(&(objectCategory=ntdsDsa)(options:1.2.840.113556.1.4.803:=1))
This filter uses the OID for the LDAP_MATCHING_RULE_BIT_AND operator (1.2.840.113556.1.4.803) to find nTDSDSA objects that have the low-order bit set in the bitmask of the options attribute. The low-order bit, which corresponds to the NTDSDSA_OPT_IS_GC constant defined in Ntdsapi.h, identifies the nTDSDSA object of a Global Catalog server.
The parent of the nTDSDSA object is the server object, and the dNSHostName property of the server object is the DNS name of the Global Catalog server.
You cannot use #define constants such as NTDSDSA_OPT_IS_GC and LDAP_MATCHING_RULE_BIT_AND directly in a search filter string. However, you could use these constants as arguments to a function such as wsprintf to insert the constant values into a filter string.
Kent
|
|
Top
|
|
|
|
|
#91271 - 2003-01-29 06:43 PM
Re: Trying to search the Global Catalog..
|
Bonji
Starting to like KiXtart
Registered: 2001-09-28
Posts: 169
Loc: Virginia
|
Kent,
GC: <---- That's the ticket.
I haven't seen anything on that one before. Here's a quick and dirty code example on how to use it. Since I only have one domain in my network it only returns one name, however I would like to hear back from you if this worked as needed.
code:
BREAK ON
$adsDomains = GETOBJECT(GC:)
? @SERROR + " : " + @ERROR
FOR EACH $ELEMENT IN $adsDomains
? $ELEMENT.Name
NEXT
My first thought is that you can enumerate the list of domains and then do a search in each domain until all matching users are found. Hopefully this will do what you need. I may also add a feature to my tool to do a global search for a user going outside of the selected domain.
-Ben
http://www.rgcweb.org/kix
[ 29. January 2003, 18:44: Message edited by: Ben Dulaney ]
|
|
Top
|
|
|
|
|
#91272 - 2003-01-29 06:47 PM
Re: Trying to search the Global Catalog..
|
Kdyer
KiX Supporter
Registered: 2001-01-03
Posts: 6241
Loc: Tigard, OR
|
Ben,
Tried your code..
Only found one domain. Went back to your netmanager code and found 12 (yes 12 domains)!
Kent
|
|
Top
|
|
|
|
|
#91273 - 2003-01-29 06:54 PM
Re: Trying to search the Global Catalog..
|
Chris S.
MM club member
Registered: 2002-03-18
Posts: 2368
Loc: Earth
|
|
|
Top
|
|
|
|
|
#91274 - 2003-01-29 06:56 PM
Re: Trying to search the Global Catalog..
|
Bonji
Starting to like KiXtart
Registered: 2001-09-28
Posts: 169
Loc: Virginia
|
I apparantly didn't take my code far enough. Try this one out...
code:
BREAK ON
$adsDomains = GetObject(GC:)
? @SERROR + " : " + @ERROR
FOR EACH $ELEMENT IN $adsDomains
? $ELEMENT.Name
$adsDomain2 = GetObject("WinNT://"+$ELEMENT.Name)
;? @SERROR + " : " + @ERROR
$adsDomain2.Filter = "User",""
FOR EACH $ELEMENT2 IN $adsDomain2
? $ELEMENT2.Name
NEXT
NEXT
It should return all users in each domain. But once again if it would work for only one domain, I can't tell because I only have one domain.
-Ben
http://www.rgcweb.org/kix
|
|
Top
|
|
|
|
|
#91275 - 2003-01-29 07:04 PM
Re: Trying to search the Global Catalog..
|
Bonji
Starting to like KiXtart
Registered: 2001-09-28
Posts: 169
Loc: Virginia
|
Come to think about it, I don't think my above code did anything different then before. I'll check my utility and see what I did to enumerate domains. I'll follow up shortly.
-Ben
http://www.rgcweb.org/kix
|
|
Top
|
|
|
|
|
#91276 - 2003-01-29 07:06 PM
Re: Trying to search the Global Catalog..
|
Chris S.
MM club member
Registered: 2002-03-18
Posts: 2368
Loc: Earth
|
More...
Check out Searching Active Directory, specifically listing 5.31.
|
|
Top
|
|
|
|
|
#91277 - 2003-01-29 07:07 PM
Re: Trying to search the Global Catalog..
|
Bonji
Starting to like KiXtart
Registered: 2001-09-28
Posts: 169
Loc: Virginia
|
Kent,
I think this will find all your domains for you...
code:
BREAK ON
$adsDomain = GetObject("WinNT:")
? @SERROR + " : " + @ERROR
FOR EACH $ELEMENT IN $adsDomain
? $ELEMENT.Name
NEXT
Let me know...
-Ben
http://www.rgcweb.org/kix
|
|
Top
|
|
|
|
|
#91278 - 2003-01-29 07:12 PM
Re: Trying to search the Global Catalog..
|
Kdyer
KiX Supporter
Registered: 2001-01-03
Posts: 6241
Loc: Tigard, OR
|
Ben..
Hmm.. That only enumerates the first domain and the users within and not the other domains..
Chris - I will dig into the code from the link you provided.
Kent
|
|
Top
|
|
|
|
|
#91279 - 2003-01-29 07:13 PM
Re: Trying to search the Global Catalog..
|
Kdyer
KiX Supporter
Registered: 2001-01-03
Posts: 6241
Loc: Tigard, OR
|
Scratch that..
The new code works.. Now, to trawl through the forest.
Kent
|
|
Top
|
|
|
|
Moderator: Shawn, ShaneEP, Ruud van Velsen, Arend_, Jochen, Radimus, Glenn Barnas, Allen, Mart
|
0 registered
and 476 anonymous users online.
|
|
|
