Ldap 查询以获取 Active Directory 中组的用户
[英]Ldap query to get users of a group in Active Directory
问题描述
I'm trying to write a filter to get all the users of a given group in Active Directory.
我正在尝试编写一个过滤器来获取 Active Directory 中给定组的所有用户。
To that end I have the following query为此,我有以下查询
LDAPSearch("DC=test,DC=myorg,DC=com", "(objectClass=user)", 1, "name")
I'm a bit confused as to where I should give the name of the group on which to base the search on.我有点困惑,我应该在哪里给出作为搜索基础的组的名称。 As far as I know you cannot have two groups in AD with the same name.据我所知,AD 中不能有两个同名的组。
1 个解决方案
解决方案1
0 2021-05-13 09:28:04
In general, user objects have an attribute called memberOf that lists DNs of groups that a user is member of.通常,用户对象有一个名为memberOf的属性,它列出了用户所属的组的 DNs。 Therefore you can search with a filter like (&(objectClass=user)(memberOf=<DN of requested group>)) .因此,您可以使用(&(objectClass=user)(memberOf=<DN of requested group>))类的过滤器进行搜索。
Please note that due to AD design, user's primary group is not included in memberOf attribute.请注意,由于 AD 设计,用户的主要组不包含在memberOf属性中。 For most users that group would be Domain Users (unless explicitly changed), but if changed, that group will no longer list in memberOf and this query will not find such user.对于大多数用户,该组将是Domain Users (除非明确更改),但如果更改,该组将不再列在memberOf中,并且此查询将找不到此类用户。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.