[Date Prev][Date Next] [Chronological] [Thread] [Top]

Searching AD for user membership in specific group(s)

Forgive me if this is a repeat or if I need to look at a specific
source.  Point me in the right direction and I'll be happy to do the
required reading.  Google has done nothing for me, and I fail to find
what I need on openldap.org.

I need to do ldap-searches of an MS Active Directory to see if a
particular user is a member of a specific group.  I can do searches and
get information on a specific dn, but I am completely mystified by the

What search string/method should I be using to perform this check?
Currently, I can get a DN search with this:

ldapsearch -D "cn=User\, Admin,ou=User Accounts,ou=Main
Office,dc=subdomain,dc=domain,dc=com" -h gcsrv.domain.com:3268 -b
"dc=domain,dc=com" -W -s sub "cn=Search Group"

gcsrv.domain.com is a global catalog server for the top-level domain.  I
have several subdomains, so I need to start the search at the top.  3268
is the cleartext port for LDAP to the Global Catalog.

I need to see if "cn=testuser" is in "cn=Search Group", I'm just
completely stuck.  Anyone have suggestions?


Christopher M. Kellogg, GCFW
Principle Network Administrator, DynCorp, A CSC Company
6500 West Freeway Suite 600, Fort Worth, TX