All geek questions in one place

LDAP: using a filter to avoid using additional CN in Active Directory

I am trying to query almost all users in Active Directory. My regular users are in different departments, and I want to restore them. But my system users are stored in CN users, and I do not want to retrieve them.

This seems like another question , but their answer did not help me. I use the tooltip here , but it doesn't help either.

I am querying in Active Directory using JNDI. My request:

(&(objectClass=user)(!(cn:dn:=Users)))

This means all objects of the class userthat are not in the subtree Users. However, this query nonetheless returns something like this:

CN=__vmware__,CN=Users,DC=SIREDRM,DC=com

So why does this filter not work? How else can I make it work?

+3
source share
1 answer

With (! (DistinctName = *, CN = Users = DC = mydomain, DC = com)), you are trying to use an attribute with the DN syntax [Object (DS-DN)], for these LDAP attributes, you cannot use wildcards in LDAP filters.

"DistinctName" attribute: http://msdn.microsoft.com/en-us/library/ms675516%28VS.85%29.aspx

The LDAP syntax is "Object (DS-DN)" http://msdn.microsoft.com/en-us/library/ms684431%28VS.85%29.aspx

In the second link you will find a statement about the forbidden template.

, LDAP ,

(!(cn:dn:=Users))

- . : AD : http://msdn.microsoft.com/en-us/library/cc223241%28PROT.10%29.aspx .

, : . .

, , . script Microsoft , , ( , ).

http://blogs.technet.com/heyscriptingguy/archive/2004/12/07/how-can-i-return-a-list-of-all-my-computers-except-those-in-a-specified-ou.aspx

, , - - AD, , AD.

( )

+7

Source: https://habr.com/ru/post/1733490/

More articles:


All Articles