문제

I am trying to find a query to get all groups of a person.
I have seen that there is an attribute called memberOf, but I don't know how I can use it.

I found a query, but it doesn't work for me:

(&
    (objectClass=groupOfUniqueNames)
    (uniqueMember=<user>)
)
도움이 되었습니까?

해결책

With external command adfind (joeware) you can extract easily direct memberships by using following parameter:

adfind -f samaccountname=youraccount memberof -list

If you are searching all direct and nested group memberships, then a bit different filter search required:

adfind -f "(member:1.2.840.113556.1.4.1941:=cn=Jim Smith,ou=West,dc=Domain,dc=com)" samaccountname -list

On this search you would get group samaccountname as an output, but you can add other attributes as well or replace samaccountname for example with displayname attribute.

More about the filters: http://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters.aspx

라이센스 : CC-BY-SA ~와 함께 속성
제휴하지 않습니다 StackOverflow
scroll top