Discussion in 'Active Directory' started by gordonah, Feb 22, 2005.

  1. gordonah

    gordonah Guest

    I'm trying to search users accounts in an OU to see if they are members of a
    particular group (the specifics mean this way around gives more useful
    information), and I'm having trouble with the syntax. I'm using LDP.EXE, but
    I think my problem relates to the filter syntax, so it's probably applicable
    to other tools as well.

    If I search the OU just filtering for user accounts, (objectcategory=user),
    and returning all attributes, *, then the results windows shows all user
    accounts (as expected), and the member of attribute is populated as expected.
    When I try to filter the results for just users which are a member of the
    group in question (GRPNAME) using the syntax
    (&(objectcategory=user)(memberof=*GRP*)) then no results are returned.

    I suspect this is because I'm trying to search a multi-valued attribute (and
    to test have found I have similar problems with a groups members attribute),
    but am also wary that the attribute is a backlinked reference. Any ideas re
    how to do this with the tools provided?
    gordonah, Feb 22, 2005
  2. MemberOf is a distinguished name attribute (syntax They can only
    be found via an exact match in an LDAP filter. No wild cards are allowed.

    If you put in the full distinguished name of the group in question, it will

    Joe K.
    Joe Kaplan \(MVP - ADSI\), Feb 22, 2005
  3. gordonah

    gordonah Guest


    fantastic, thanks.


    gordonah, Feb 22, 2005
