LDAP query for group membership

  • Thread starter Thread starter A. Bladh
  • Start date Start date
A

A. Bladh

Can somebody tell me how to query the Active Directory for all users in the
domain that are not members of group A & B ?

(&(objectClass=user)( and so on something ..........or ?

/ Andreas
 
Do you want the users to not be members of a and b or do you want the users to not be members of a or b?

I.E.

They should show up if they aren't a member of both ? Not in A and not in B

or

They should show up if they aren't a member of one or the other group? Not in A or Not in B
 
(&(!(|(memberOf=CN=groupA,CN=users,DC=labdomain,DC=prv)(memberOf=CN=groupB,D
C=labdomain,DC=prv)))(objectCategory=user))

If a users is a member of GroupA and/or GroupB they will not be listed.

Regards,
/Jimmy
 
They should show up if they aren't a member of one or the other group? Not
in A or Not in B

/ Andreas

Joe Richards said:
Do you want the users to not be members of a and b or do you want the
users to not be members of a or b?
 
&(objectcategory=person)(objectclass=user)(|(!memberof=cn=groupa,ou=ouname,dc=domain,dc=com)(!memberof=cn=groupb,ou=ouna
me,dc=domain,dc=com))

That should do it for you... Note that it won't work in the following cases

1. The group you are checking for is the primary group
2. The user could be in the group through nesting.

--
Joe Richards
www.joeware.net
 
Jimmy... objectcategory=user gets translated to objectcategory=person which hits contacts and users and anything else
subclassed from person in a custom schema.

--
Joe Richards
www.joeware.net
 
True. I figured he actually wanted more than users.... In many cases people
think they just want users and don't think about other objects that might be
part of a group. Sometimes it can be very useful to know all members of a
group.

Regards,
/Jimmy
--
Jimmy Andersson, Q Advice AB
Microsoft MVP - Active Directory
---------- www.qadvice.com ----------


Joe Richards said:
Jimmy... objectcategory=user gets translated to objectcategory=person
which hits contacts and users and anything else
 
Back
Top