[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Searching AD for user membership in specific group(s)

At 10:37 AM 10/1/2004, Kellogg, Chris wrote:
>Forgive me if this is a repeat or if I need to look at a specific
>source.  Point me in the right direction and I'll be happy to do the
>required reading.  Google has done nothing for me, and I fail to find
>what I need on openldap.org.

Not sure why you would look at OpenLDAP.org for information
about MS AD.  You should to Microsoft for information about

Anyways, this thread is itself off-topic as nothing about
how to search MS AD is specific to OpenLDAP Software.
Please take these questions to a more appropriate forum,
such as one hosted by Microsoft.  See 
http://support.microsoft.com/newsgroups/ for some
possibilities here.


>I need to do ldap-searches of an MS Active Directory to see if a
>particular user is a member of a specific group.  I can do searches and
>get information on a specific dn, but I am completely mystified by the
>What search string/method should I be using to perform this check?
>Currently, I can get a DN search with this:
>ldapsearch -D "cn=User\, Admin,ou=User Accounts,ou=Main
>Office,dc=subdomain,dc=domain,dc=com" -h gcsrv.domain.com:3268 -b
>"dc=domain,dc=com" -W -s sub "cn=Search Group"
>gcsrv.domain.com is a global catalog server for the top-level domain.  I
>have several subdomains, so I need to start the search at the top.  3268
>is the cleartext port for LDAP to the Global Catalog.
>I need to see if "cn=testuser" is in "cn=Search Group", I'm just
>completely stuck.  Anyone have suggestions?
>Christopher M. Kellogg, GCFW
>Principle Network Administrator, DynCorp, A CSC Company
>6500 West Freeway Suite 600, Fort Worth, TX