i have one AD group that contains 5 users. 3 of the users are from the Domain1
and 2 are from a trusted Domain2
i have a problem getting the users from domain2
after i read out what users have access to what groups.
I'm using openquery to adsi. ( The domain and servers are 2008 R2 )
This is an expansion of this topic
Query AD Group Membership Recursively Through SQL
Update This is the query but im getting error :
select samAccountName,distinguishedName
FROM OPENQUERY(ADSI,'
SELECT samAccountName,distinguishedName
FROM ''LDAP://domain/DC=...,DC=....,DC=....''
WHERE
objectCategory=''user'' AND
memberof:1.2.840.113556.1.4.1941:= ''CN=..,OU=..,DC=...,DC=....,DC=....'' ')
This is my query that workes but im not getting the nested groups OR users from other domain.
select samAccountName,distinguishedName
FROM OPENQUERY(ADSI,'
SELECT samAccountName,distinguishedName
FROM ''LDAP://domain/DC=...,DC=....,DC=....''
WHERE
objectCategory=''user'' AND
memberof= ''CN=..,OU=..,DC=...,DC=....,DC=....'' ')
No knowledge on openquery to adsi. Only some comments:
UPDATE:
Okay, according to your link Query AD Group Membership Recursively Through SQL ,
the following should work:
SELECT samAccountName,distinguishedName
FROM OPENQUERY (ADSI, '<LDAP://domain/DC=...,DC=....,DC=....>;
(&(objectCategory=user)(member:1.2.840.113556.1.4.1941:=CN=..,OU=..,DC=...,DC=....,DC=....));samAccountName, distinguishedName;subtree');
Also, please check the functional level according to:
http://www.technipages.com/active-directory-how-to-check-domain-and-forest-functional-level
The ":1.2.840.113556.1.4.1941:=" syntax requires functional level of 2008 R2.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.