LDAP: Query syntax

I've basically forgotten everything I ever learned about querying AD, and now I have a need to retrieve the list of users in one particular dept (DAAS). I've determined that there is an Organizational Unit called DAAS. I just can't figure out how to limit the list to that OU.

This string works, but retrieves the entire organization;

strQueryDL = "<LDAP://" & strDefaultNamingContext & ">;(&(objectCategory=person)(objectClass=user));distinguishedName;subtree"

This string doesn't work;

strQueryDL = "<LDAP://" & strDefaultNamingContext & ">;(&(objectCategory=person)(objectClass=user)(OU=DAAS));distinguishedName;subtree"

This string doesn't work, either;

strQueryDL = "<LDAP://OU=DAAS" & strDefaultNamingContext & ">;(&(objectCategory=person)(objectClass=user));distinguishedName;subtree"

Where does that darn OU belong in this string?

Thanks! DC

2 answers

  • answered 2019-01-31 01:15 Ed Grimm

    Entries don't have to contain the OU attribute just because it's somewhere in their DN.

    You can find out the DN of all of the subtrees whose dn starts with ou=daas with

    strQueryDL = "<LDAP://" & strDefaultNamingContext & ">;(&(objectCategory=organizationalunit)(OU=DAAS));distinguishedName;subtree"
    

    Once you have that, you can use that DN where you have strDefaultNamingContext.

  • answered 2019-01-31 14:00 Gabriel Luci

    You were on the right track with the last one, but were probably just missing a comma after the OU (if the OU is at the root of the domain).

    But if you already know the distinguishedName of the OU, then you can just use that directly. The point is, the string should end up looking something like this (assuming the DN of the OU is at domain.com/DAAS):

    strQueryDL = "<LDAP://OU=DAAS,DC=domain,DC=com>;(&(objectCategory=person)(objectClass=user));distinguishedName;subtree"
    

    Ed Grimm's answer shows you how to find the OU itself, which will help you get the DN of the OU if you don't already know it.