0

I am getting all the users in specific OUs from a C# code that I wrote. You may see the code below. And I would like to know what is the equivalent LDAP query that I need to make in the Active Directory Users and Computers (ADUC) User Interface (UI) to get the same results (see attached figure).

Thank you for helping. I am quite new with LDAP and Active Directories (AD) and I appreciate any help even if my question is stupid.

C# code:

myDirectoryEntry = new DirectoryEntry("LDAP://subdomain.domain.com/OU=firstou,OU=secondou,OU=thirdou,OU=forthou,OU=fifthou,OU=sixthou,DC=subdomain,DC=domain,DC=com");
                myDirectorySearcher = new DirectorySearcher(myDirectoryEntry);
                myDirectorySearcher.PageSize = 10000;
                myDirectorySearcher.CacheResults = false;
myDirectorySearcher.Filter = "(objectCategory=user)";
myDirectorySearcher.SearchScope = SearchScope.Subtree;
            SearchResultCollection result= myDirectorySearcher.FindAll();

What goes in the ADUC LLDAP filetr UI? Click here for a picture

aragorn
  • 187
  • 3
  • 18
  • personally you can do this much simpler using `PrincipalContext` in my opinion and with less code.. do a google search on `Getting all Users from AD using PrincipalContext` I do this on a daily basis using `PrincipalContext` – MethodMan Feb 12 '16 at 15:16
  • Thanks @MethodMan for your reply. First I will need to find out what is a PrincipalContext :) As I said I am new in AD and LDAP. Secondly I would realy need an answer to my initial question if you have one. – aragorn Feb 12 '16 at 15:29
  • I can post something also it's very easy to understand PrincipalContext whether you're new coder or not.. use the debugger to step through the code also `MSDN` has examples and explanation as well – MethodMan Feb 12 '16 at 15:30

1 Answers1

0

In ADUC, click the 'Browse' button at the top right and browse to the OU you want to search.

Then in the 'Enter LDAP Query' box, put in the same query you are using in your code:

(objectCategory=user)
Gabriel Luci
  • 38,328
  • 4
  • 55
  • 84
  • Thanks a lot! That indeed did the same work. Is there also a "complete" LDAP filter to do that whithout navigating through the Browse menu in ADUC by performing an LDAP custom query in the top domain? What I am trying to understand is what would be the LDAP filter if instead of : myDirectoryEntry = new DirectoryEntry("LDAP://subdomain.domain.com/OU=firstou,OU=secondou,OU=thirdou,OU=forthou,OU=fifthou,OU=sixthou,DC=subdomain,DC=domain,DC=com"); I would write in my code: myDirectoryEntry = new DirectoryEntry("LDAP://subdomain.domain.com/"); – aragorn Feb 15 '16 at 06:28
  • You may be able to do this: (&(objectCategory=user)(distinguishedName=*OU=firstou,OU=secondou,OU=thirdou,OU=forthou,OU=fifthou,OU=sixthou,DC=subdomain,DC=domain,DC=com)) but it may be very, very slow depending on how many users you have in your domain. – Gabriel Luci Feb 15 '16 at 20:53
  • Nop this didn't worked (no idea why) but I ve seen why it would take that long if it would work. What worked was (&(objectCategory=user)(distinguishedName=*)) but this gets me ALL the users not those in specific OUs. thanks a lot Gabriel! You did helped a lot though :) – aragorn Feb 17 '16 at 09:42