Re: Searching AD for user membership in specific group(s)

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

At 10:37 AM 10/1/2004, Kellogg, Chris wrote:
>Forgive me if this is a repeat or if I need to look at a specific
>source.  Point me in the right direction and I'll be happy to do the
>required reading.  Google has done nothing for me, and I fail to find
>what I need on openldap.org.

Not sure why you would look at OpenLDAP.org for information
about MS AD.  You should to Microsoft for information about
MS AD.

Anyways, this thread is itself off-topic as nothing about
how to search MS AD is specific to OpenLDAP Software.
Please take these questions to a more appropriate forum,
such as one hosted by Microsoft.  See 
http://support.microsoft.com/newsgroups/ for some
possibilities here.

Kurt



>I need to do ldap-searches of an MS Active Directory to see if a
>particular user is a member of a specific group.  I can do searches and
>get information on a specific dn, but I am completely mystified by the
>search.
>
>What search string/method should I be using to perform this check?
>Currently, I can get a DN search with this:
>
>ldapsearch -D "cn=User\, Admin,ou=User Accounts,ou=Main
>Office,dc=subdomain,dc=domain,dc=com" -h gcsrv.domain.com:3268 -b
>"dc=domain,dc=com" -W -s sub "cn=Search Group"
>
>gcsrv.domain.com is a global catalog server for the top-level domain.  I
>have several subdomains, so I need to start the search at the top.  3268
>is the cleartext port for LDAP to the Global Catalog.
>
>I need to see if "cn=testuser" is in "cn=Search Group", I'm just
>completely stuck.  Anyone have suggestions?
>
>Chris.
>
>Christopher M. Kellogg, GCFW
>Principle Network Administrator, DynCorp, A CSC Company
>6500 West Freeway Suite 600, Fort Worth, TX