0

My requirement is to get all the groups of users whose distinguishedName begins with say Auser*.

So, I created a filter in Apache Directory Studio

(&
    (objectClass=group)
    (member=CN=Auser*)
)

However, to my surprise, this does not return any results. If I change this to a particular user's distinguishedName, I am able to get results

(&
    (objectClass=group)
    (member=CN=AUser10,OU=Mygrp,DC=domain,DC=com)
)

Am I missing something ?

SimpleGuy
  • 2,764
  • 5
  • 28
  • 45

2 Answers2

1

member has Distinguished-Name-Syntax, and given it's Active Directory you are trying to search, you can't have substring matching as in a normal Directory-String attribute like cn.

Why don't you just reverse your search strategy? Do a subtree search on your domain with filter (&(objectClass=user)(cn=userprefix*)) retrieving attribute memberOf, export to CSV, remove duplicates, done.

marabu
  • 1,166
  • 7
  • 9
  • `memberOf` attribute does not store all the groups of a user (like Domain local aren't stored in `memberOf`). Hence I am querying on groups and not on user – SimpleGuy Jan 24 '17 at 04:25
  • Use memberOf for what it's worth. Export the domain local groups and use grep / findstr. – marabu Jan 24 '17 at 09:52
  • Yes tht is what I am doing... but wanted a better direct way – SimpleGuy Jan 24 '17 at 11:46
0

Please try this one :

(&
    (objectCategory=group)
    (name=Auser*)
)

distinguished name is long name containing full path + name. like : CN=Username,OU=internalFolder,OU=parentFolder,DC=domainComponentName,DC=com

For filtering by name just search on the name or other attributes you want like givenName

Mostafa
  • 3,002
  • 10
  • 52
  • 79