Question

I am trying to find a query to get all groups of a person.
I have seen that there is an attribute called memberOf, but I don't know how I can use it.

I found a query, but it doesn't work for me:

(&
    (objectClass=groupOfUniqueNames)
    (uniqueMember=<user>)
)
Était-ce utile?

La solution

With external command adfind (joeware) you can extract easily direct memberships by using following parameter:

adfind -f samaccountname=youraccount memberof -list

If you are searching all direct and nested group memberships, then a bit different filter search required:

adfind -f "(member:1.2.840.113556.1.4.1941:=cn=Jim Smith,ou=West,dc=Domain,dc=com)" samaccountname -list

On this search you would get group samaccountname as an output, but you can add other attributes as well or replace samaccountname for example with displayname attribute.

More about the filters: http://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters.aspx

Licencié sous: CC-BY-SA avec attribution
Non affilié à StackOverflow
scroll top