[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Getting the list of members in an AD group
2014-04-07 21:48 GMT+05:30 Mark PrÃhl <mark@mproehl.net>:
> Am 07.04.2014 15:55, schrieb Dan White:
>
>> On 04/07/14 11:06 +0530, Sankar P wrote:
>>>
>>> Hi,
>>>
>>> I have the SID of an AD group. I want to get the list of members who
>>> belong to that group. All the documentation page that I search for
>>> points me to the reverse only (i.e., getting all the groups membership
>>> information of a user).
>>>
>>> Can someone show me to the relevant way to get the users who belong to
>>> a group whose SID I have ?
>>
>>
>> ldapsearch -Y DIGEST-MD5 -U joe -H ldap://192.0.2.1 \
>> -b "dc=example,dc=com" -s "sub" "objectSid=XXX" dn
>>
>
> as an alternative you can do the following:
>
> ldapsearch -b '<sid=S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-XXXX>'
> member
>
I tried to do this using the C openldap binding and when having
"objectSid" as the filter, I get the full DN of the group but not its
members. If I just use "sid" I get nothing. The count of the results
returned is zero.
My source code is: http://paste.opensuse.org/74038351
Can you help with it ? What do I miss ? Thanks.
--
Sankar P
http://psankar.blogspot.com