Last post May 17, 2012 05:26 AM by JRBSoftware
May 14, 2012 02:29 PM|barryman9000|LINK
How do I limit my filter to LDAP users (with or without email address) and groups? I don't want any machine/servers in my list:
DirectoryEntry entry = new DirectoryEntry(strLDAPPath, strLDAPUsername, strLDAPPassword);
DirectorySearcher search = new DirectorySearcher(entry);
search.Filter = "(&(|(objectClass=group)(objectcategory=person)(objectclass=user)))"
May 14, 2012 05:41 PM|JRBSoftware|LINK
Try filtering on samAccountType i.e.
I dont know if this is the optimal way, but it will work.
May 14, 2012 06:03 PM|barryman9000|LINK
Yeah, it looks like that worked. What is all that?! Is there some reference somewhere for samAccountTypes?
Thanks, I can easily say I'd never have guessed that one.
I found them here
May 15, 2012 02:17 AM|kushal.dwivedi|LINK
you could have tried this filter :
"objectCategory = person" includes both users and computers, if you specify objectcategory= persone and objectclass = user together, it will filter only users.
for group, you can use objectcategory=group and objectclass= group filter.
you can use OR between these two conditions to get groups and users only.
for group -> (&(objectCategory=group)(objectClass=group))
for user -> (&(objectcategory=person)(objectclass=user))
for users and groups -> (|(&(objectCategory=group)(objectClass=group))(&(objectcategory=person)(objectclass=user)))
May 15, 2012 12:05 PM|barryman9000|LINK
This one is easier to read, but doesn't return as many results. Thanks for the explaination though, very helpful.
EDIT: Sorry, it returns more results and it's easier to read. It looks like it's adding global email groups.
May 17, 2012 05:26 AM|JRBSoftware|LINK
While the values are normally quoted in decimal where they seem like a randomly chosen large number, they are actually bit values, and appear to have some logic when displayed in hexadecimal. For example SAM_GROUP_OBJECT is 0x10000000 and SAM_USER_OBJECT