LDAP Query in AD

  • Thread starter Timothy H. Schilbach
  • Start date
T

Timothy H. Schilbach

Hi Everyone,

I am trying to construct an LDAP query that will return some information.
My Cirteria is:

1. Get everyone with an email address ("MAIL")
2. Do a subtree search from the root (No problem)
3. Exclude anyone who is in the "Contractors" OU

Ok the 1st 2 are very easy and I used this query to do them:

(&(objectClass=person)(mail=*))

Ok and #3 is easy too by itself like so:


(&(objectClass=organizationalUnit)(!distinguishedName=OU=contractors,DC=doma
in,DC=com))

ok Now how do we combine them for a compound query? I have tried:

(&(objectClass=person)(mail=Timothy*)(&(objectClass=organizationalUnit)(!dis
tinguishedName=OU=contractors,DC=domain,DC=com)))

And it doesnt seem to return anything. I know this can be done, just have
the syntax all goofed I think. Anyone care to take a crack at this?

-Timothy
 
S

SRT

Hi

you need to "and" both the subqueries

(&(&(objectClass=person)(mail=Timothy*)(&(objectClass=organizationalUnit)(!d
is
tinguishedName=OU=contractors,DC=domain,DC=com))))

HTH

shakti
 
T

Timothy H. Schilbach

Hi SRT,

Than you very much for your post. For some strange reason it doesnt work
though. Lets break it down. If I do the queries byb themselves this is what
I get:

1. (&(objectClass=person)(mail=Timothy*))

This returns 20 People

2.
(&(objectClass=organizationalUnit)(!distinguishedName=OU=contractors,DC=doma
in,DC=com))

This pulls 43 OU's (minus the 1 we filtered, so the filter is working)

Is this query too complex for the AD? I really dont want to have too iterate
through each of the 44OU's one at a time skipping the ones I dont want. I
was hoping to get it all in one query.

What is the official MS standing on this does anyone know?

-Timothy
 
S

SRT

Sorry my mistake , I gave you the wrong logic , they just wont mix.
Looks like you may need an additional clause then - you may need to look
at the memberOf attribute for the person objectclass assuming that is
populated
as expected.

Regards
Shakti
 
J

Joe Richards [MVP]

You can't build a query that excludes specific subous of a subtree search.
You either need to filter out by some other attribute or break it up into
multiple searches with deeper search bases.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Getting the LDAP descriptor from a variable user login name 2
LDAP Query Error 1
How to get the AD User Information by VB and program not in Domain 1
LDAP filter 1
performance problem with LDAP query 4
LDAP not returning contents (users) in a container (group) from AD 1
LDAP query result sorting -> Change the order of AD DCs found in the list 2
How are LDAP fields mapped to Address Book fields? 2

Top