Hy friend!

I have terrible problem...

...I must read users that are in multiple OU of active directory...

for Example:

my Active Directory have 2 OU (Number1, Number2)

in Number1 there are 2 Users and in Number 2 there are 3 users.

Where is the "string query" for catch all five Users (I must have all users by ONLY One string....)?

Please Help me!
 

Short answer: You can't. At least not with a nice and quick solution. There's no way to perform a search with parallell roots. You need to start in one root and either scan one level or subtree. 

However, if you are desperate for a one-liner and don't care about performance then you could try this: 

If you know the distinguished name of the OUs then you could write a query that ORs these together. But it will not be fast (depending on the amount of data in your LDAP source).

(&(objectCategory=user)(|(distinguishedName=*OU=Number1,DC=mydomain,DC=com)(distinguishedName=*OU=Number1,DC=mydomain,DC=com)))

I would recommend you to perform one query per OU. It will be magnitudes faster for you. The killer in this scenario is the wildcard on the distinguished name. If you can do a search without wildcard, or at least use it as a suffix to an indexed attribute (Something* instead of *Something) then you will be safe. 

Thanks in advance johram.

My really problem is this:

I have a Web Application in Asp.net.

In a config file I must write LDAP query for catch all users that are in OU=Number1 and OU=Number2

I have already try your query but I have a new error: "Only LDAP connection strings are supported against Active Directory and ADAM."

 I hope that you can help me again

What does your config file look like? And where do you use this string? If we can look at your code then it will be a lot easier to help you out. Thanks!

For read all user in Active Directory in code I use this:

MembershipUserCollection _mem = Membership.GetAllUsers();

foreach (MembershipUser _mu in _mem)
    {
      String user = _mu.UserName;
      row = _dt.NewRow();
      row["User"] = user;
      flg = false;
      foreach (String _user in UsersInRole)

      { 

           ......
 

Membership have the configuration in web config because it reference to <membership> section, and after <membership> section reference to connectionString

This is a part of my Web.config 

... ..

... ....

...........
    <connectionStrings>
    <add name="ConnLdap" connectionString="LDAP://192.168.1.2/CN=Users,DC=domain,DC=com"/>
    <add name="Profile" connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=false"/>
    </connectionStrings>

... ..

... .. 

<authentication mode="Forms">
            <forms name=".Cookie" loginUrl="Login.aspx" timeout="60" path="/" defaultUrl="Default.aspx" protection="All" requireSSL="false" slidingExpiration="true"/>
        </authentication>
        <roleManager enabled="true" defaultProvider="RProvider">
            <providers>
                <clear/>
                <add applicationName="ApplicationName" name="RProvider" type="RoleProvider"/>
            </providers>
        </roleManager>
        <membership defaultProvider="ADMProvider">
            <providers>
                <clear/>
                <add connectionStringName="ConnLdap" connectionUsername="mydomain" enableSearchMethods="true" connectionPassword="password" name="ADMProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, &#xA;            Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
                <add applicationName="Application" enablePasswordRetrieval="true" enablePasswordReset="true" requiresQuestionAndAnswer="true" requiresUniqueEmail="true" passwordFormat="Hashed" WriteExceptionsToEventLog="true" name="VividoMProvider" type="MembershipProvider"/>
            </providers>
        </membership>

Like this my application works fine, but I have problem if I want all users that are in:

LDAP://192.168.1.2/CN=Users,DC=domain,DC=com

and

LDAP://192.168.1.2/OU=Number1,DC=domain,DC=com

Haven't done this myself, but I found an article that might be useful to you:

How To: Use Forms Authentication with Active Directory in Multiple Domains in ASP.NET 2.0

The technique should be the same for different OUs in the same domain I would guess.