LDAP Query Builder

Discussion in 'Active Directory' started by A.M, Aug 15, 2005.

  1. A.M

    A.M Guest

    Hi,



    I am having some challenge to build LDAP query for my .NET application. Is
    there any LDAP query builder that eases "LDAP://" style queries?



    When I use "People Search" feature in Start Menu, and choose search within
    Active Directory, I can find users that I need to fined, but the tool doesn't
    show the LDAP query. Is there any way that I can spy on "Find People" dialog
    box so see what is the LDAP query?



    Any help would be appreciated,

    Alan
     
    A.M, Aug 15, 2005
    #1
    1. Advertisements

  2. A.M

    Al Mulnick Guest

    You can. You can increase logging on the DC that is being used to the point
    that it tells you what query it is using. You could also just read up on
    the LDAP syntax to figure out what you want to exactly. As for testing, a
    far better LDAP query tool would be LDP or Softerra's ldap browser.

    That will show you the results of queries as you type them.

    Typical query example would be looking for users with a first initial of 'a'
    (&(objectCategory=Person)(givenName=a*))

    You'll want to be familiar with the and'ing and or'ing of queries and what
    the effect on your application can be. You'll also want to avoid some
    queries while confining the queries to use indexed attributes wherever
    possible. You can find a lot more information about ldap query optimization
    on MSDN.

    Does that help?
     
    Al Mulnick, Aug 15, 2005
    #2
    1. Advertisements

  3. A.M

    A.M Guest

    Thank you for help.

    If I run the following query in ADSI:

    LDAP://cn=Begley Jeoff,OU=Vendors and Contractors,DC=canada,DC=mycorp,DC=com

    It returns me the complete information about a user named "Begley Jeoff".

    Can I modify the query to return the email of the user with user id:
    "MYCORP\JBegley"?

    Thank you,
    Alan
     
    A.M, Aug 15, 2005
    #3

  4. Hi Al,

    as you know the query (&(objectCategory=Person)(givenName=a*)) would return
    not only users but also contacts. The query for users should be

    (&(objectCategory=Person)(objectClass=User)(givenName=a*))

    --
    Gruesse - Sincerely,

    Ulf B. Simon-Weidner

    MVP-Book "Windows XP - Die Expertentipps": http://tinyurl.com/44zcz
    Weblog: http://msmvps.org/UlfBSimonWeidner
    Website: http://www.windowsserverfaq.org
     
    Ulf B. Simon-Weidner [MVP], Aug 15, 2005
    #4

  5. Hello Alan,

    you can use the "Saved Queries" Feature from Active Directory Users and
    Computers to create queries, and you are able to see the LDAP-Query it
    creates.

    For some information on LDAP-Queries look at
    http://www.windowsserverfaq.org/faq/ADQueries/LDAP-Queries.asp

    --
    Gruesse - Sincerely,

    Ulf B. Simon-Weidner

    MVP-Book "Windows XP - Die Expertentipps": http://tinyurl.com/44zcz
    Weblog: http://msmvps.org/UlfBSimonWeidner
    Website: http://www.windowsserverfaq.org
     
    Ulf B. Simon-Weidner [MVP], Aug 15, 2005
    #5
  6. A.M

    Al Mulnick Guest

    That's true; I should have been more complete about the answer. Thanks Ulf.
     
    Al Mulnick, Aug 15, 2005
    #6

  7. Hi Alan,

    The LDAP-Path you posted is not the query, it is the searchbase. Read what I
    wrote at
    http://www.windowsserverfaq.org/faq/ADQueries/LDAP-Queries.asp

    To get the E-Mail Adress of that user you can use the following options:

    Searchbase:
    LDAP://OU=Vendors and Contractors,DC=canada,DC=mycorp,DC=com

    Scope: Subtree or OneLevel - both will work in that case

    Filter: (&(objectCategory=Person)(objectClass=User)(sAmAccountName=jbegley))

    Attribute: distinguishedname,mail

    --
    Gruesse - Sincerely,

    Ulf B. Simon-Weidner

    MVP-Book "Windows XP - Die Expertentipps": http://tinyurl.com/44zcz
    Weblog: http://msmvps.org/UlfBSimonWeidner
    Website: http://www.windowsserverfaq.org
     
    Ulf B. Simon-Weidner [MVP], Aug 15, 2005
    #7
  8. A.M

    Al Mulnick Guest

    At this point, it's likely that two things would help you most:
    1) Letting us know what the goals of your code are
    2) seeing if a .net newsgroup couldn't be more helpful.

    I think it's still worthwhile to post the goals of the code. There're
    enough programmers here to be helpful. For specifics around .net s.ds it
    would be best to post to those newsgroups.
    To answer the question: I wouldn't be concerned about the format of the user
    id so much. In the case you show there, unless you have multiple domains,
    you can assume the domain and use the samaccountname to search off of. To
    be more precise, it would be something like:
    (&(ojbectCategory=Person)(objectClass=User)(samaccountname=JBegley))

    The objectClass=user portion is there so it won't have to search contacts as
    well as user objects as Ulf previously pointed out. It's not needed for you
    to succeed in your query necessarily, but it is best to be as precise as
    possible to get the best results. Since samaccountname is unique in the
    domain, it could be what you're after. If you have multiple domains, you'll
    have to translate the NTLM style domain to LDAP domain context in order to
    know where to execute the query. Something to consider.

    Al
     
    Al Mulnick, Aug 15, 2005
    #8
  9. Ulf B. Simon-Weidner [MVP], Aug 16, 2005
    #9
  10. A.M

    A.M Guest

    Thank you Al and Simon.

    Your posts helped me. Now the query works fine.
    I am bulding a WhoAmI web service to be used by InfoPath forms.
    I also had some other .NET related challanges, and the article 329986 saved
    me.

    Thank you again,
    Alan
     
    A.M, Aug 16, 2005
    #10
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.