Last post Jan 12, 2015 07:57 AM by Denfer06
Jan 12, 2015 04:44 AM|Denfer06|LINK
I'm looking for the LDAP query that can return the user list that have the same AD group
Here is the query I tried:
List<string> myList = new List<string>();
string ADGroup = ConfigurationManager.AppSettings["ADGroupFilter"];
DirectoryEntry Ldap = new DirectoryEntry(ConfigurationManager.AppSettings["LDAPQuery"], ConfigurationManager.AppSettings["ADReader_Login"], ConfigurationManager.AppSettings["ADReader_PWD"]);
DirectorySearcher searcher = new DirectorySearcher(Ldap);
searcher.Filter = "(&(objectCategory=person)(objectClass=user)(memberOf=CN=" + ADGroup + "))";
SearchResultCollection userList = searcher.FindAll();
this return nothing
if I remove the "memberof" part, I get the full user list so the issue is the group filter.
Jan 12, 2015 07:01 AM|PatriceSc|LINK
And what you have in ADGroup is ? Try perhaps
http://stackoverflow.com/questions/1032351/how-to-write-ldap-query-to-test-if-user-is-member-of-a-group or see exactly what is the value for a know user and do use the exact same full value.
If using a recent Framework version you could likely use
Jan 12, 2015 07:57 AM|Denfer06|LINK
After several tests I managed to get the correct query
The best way is to get the dn (distinguishedName from AD)
you can get it from the Active directory User and computers tool from your programs
locate your group in the tree view, right click on it and select Attribut editor
search the distinguishedName attribute and select View.
you just have to copy paste the view details.
The error in my case was the OU order that was different in the distinguishedName and in the tree view (don't know why).
Hope it will help others