LDAP Query

For your main question, no you can not exclude specific branches in the
hierarchy when doing a subtree search. You need to either scope your queries as
single level queries or more specifically set the search bases.

If you are simply looking for a command line tool, my adfind will exclude output
from specific branches but it returns that that info in the set and simply
filters it from the output.

Now if you actually mean DomainDnsZones and ForestDnsZones, those would be
referrals to other partitions and those can be controlled by disabling referrals
on the LDAP query.



joe

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net


Ian wrote:
> Hi,
>
> I hope this is the right place to ask this. If not, my appologies.
>
> I am trying todo an LDAP lookup against a 2003 (I think) server. Now the
> server has DnsDomainForest (or something like that), which I cant connect to.
> Now the users that I am searching for are located in various OU's under the
> main DC. Is there a way that I can, with a search filter, exclude a certain
> DC from the search.
>
> For example:
> -2003.domain.com
> --OU=Users
> --OU=Groups
> --OU=Retail
> --OU=Other
> --DC=DnsDomainForest
>
> I connect to that and want to search through all of 2003.domain.com but
> exlude DC=DnsDomainForest from the search because otherwise it errors and my
> search comes back with an error.
>
> Thanks alot,
> Ian

Hi,

I hope this is the right place to ask this. If not, my appologies.

I am trying todo an LDAP lookup against a 2003 (I think) server. Now the
server has DnsDomainForest (or something like that), which I cant connect to.
Now the users that I am searching for are located in various OU's under the
main DC. Is there a way that I can, with a search filter, exclude a certain
DC from the search.

For example:
-2003.domain.com
--OU=Users
--OU=Groups
--OU=Retail
--OU=Other
--DC=DnsDomainForest

I connect to that and want to search through all of 2003.domain.com but
exlude DC=DnsDomainForest from the search because otherwise it errors and my
search comes back with an error.

Thanks alot,
Ian

Can you post the query you're using?
It sounds like you want to make a query for certain objects, but not return
the DNS entries in that query. Seeing the query would help to understand how
to better help. Include a description of exactly what you want to find and
the scope (sounds like the scope is the entire domain though).

Al


"Ian" <> wrote in message
news:22D1E8B5-2A25-442E-9EC3-...
> Hi,
>
> I hope this is the right place to ask this. If not, my appologies.
>
> I am trying todo an LDAP lookup against a 2003 (I think) server. Now the
> server has DnsDomainForest (or something like that), which I cant connect
> to.
> Now the users that I am searching for are located in various OU's under
> the
> main DC. Is there a way that I can, with a search filter, exclude a
> certain
> DC from the search.
>
> For example:
> -2003.domain.com
> --OU=Users
> --OU=Groups
> --OU=Retail
> --OU=Other
> --DC=DnsDomainForest
>
> I connect to that and want to search through all of 2003.domain.com but
> exlude DC=DnsDomainForest from the search because otherwise it errors and
> my
> search comes back with an error.
>
> Thanks alot,
> Ian