问题
I'm trying to make an LDAP query, to get a list from all my groups/members. I can't figure out how can i do this. All my tries were unsuccesfull.
My "AD tree": mydomain.local/Mybusiness/Distribution Groups/ here are my groups
I tried with somethin' like this:
(objectCategory=user)
(memberOf=CN=Distribution Groups,OU=Mybusiness,DC=mydomain.local,DC=com)
I appreciate if somebody could help me to write an ldap query, which gives a list with my groups and the members of this groups.
Thank you.
回答1:
The query should be:
(&(objectCategory=user)(memberOf=CN=Distribution Groups,OU=Mybusiness,DC=mydomain.local,DC=com))
You missed & and ()
回答2:
Active Directory does not store the group membership on user objects. It only stores the Member list on the group. The tools show the group membership on user objects by doing queries for it.
How about:
(&(objectClass=group)(member=cn=my,ou=full,dc=domain))
(You forgot the (& ) bit in your example in the question as well).
回答3:
The good way to get all the members from a group is to, make the DN of the group as the searchDN and pass the "member" as attribute to get in the search function. All of the members of the group can now be found by going through the attribute values returned by the search. The filter can be made generic like (objectclass=*).
来源:https://stackoverflow.com/questions/2825994/ldap-query-for-group-members