Pregunta

I am trying to find a query to get all groups of a person.
I have seen that there is an attribute called memberOf, but I don't know how I can use it.

I found a query, but it doesn't work for me:

(&
    (objectClass=groupOfUniqueNames)
    (uniqueMember=<user>)
)
¿Fue útil?

Solución

With external command adfind (joeware) you can extract easily direct memberships by using following parameter:

adfind -f samaccountname=youraccount memberof -list

If you are searching all direct and nested group memberships, then a bit different filter search required:

adfind -f "(member:1.2.840.113556.1.4.1941:=cn=Jim Smith,ou=West,dc=Domain,dc=com)" samaccountname -list

On this search you would get group samaccountname as an output, but you can add other attributes as well or replace samaccountname for example with displayname attribute.

More about the filters: http://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters.aspx

Licenciado bajo: CC-BY-SA con atribución
No afiliado a StackOverflow
scroll top