Cybergatto
Reputation: 769
LDAP Query the global catalog
I'm trying to make an LDAP query for get all the user member of a group. The problem is that this group is populated with user from multiple AD domains and I've to get all the members user with a singe query.
According to this page I can reach my goal by querying the Global Catalog.
ldapsearch -x -W -H "ldap://mydomain.local:3268" -D "CN=myuser,OU=Applicative Users,OU=Users,OU=myou,DC=mydomain,DC=local" -b " " '(&(objectclass=user)(memberof=CN=mygroup,OU=Groups,OU=myou,DC=mydomain,DC=local))
This query return only the users member of "mygroup" that resides on the domain "mydomain"
No info are retrieved for the users that come from trusted domains.
How can I do that?
Upvotes: 1
Views: 6138
Answers (1)
Brian Desmond
Reputation: 4503
The global catalog only stores group memberships for universal groups. You also won't get transitive (e.g. nested) group memberships with this query. You can use the LDAP in-chain matching operator if you need to get these also.
Upvotes: 1
Related Questions
- Active Directory Query using LDAP Query in custom search
- Querying an LDAP
- LDAP query to return user
- Get Global Catalog for a given LDAP server
- Query Active Directory in C#
- Active Directory Custom Search LDAP query
- LDAP Queries using Pattern Matching
- LDAP query issue
- LDAP Query for OU's
- Querying Active Directory with "SQL"?