3
votes

I want to find all the users that are a member of a group in a certain OU, so my filter would look something like this:

(&(objectClass=user)(memberOf=*OU=something,OU=yep,DC=dev,DC=local))

Is there a way to run a directorysearcher on the memberof property with a wildcard?

5

5 Answers

9
votes

You need to set the OU you want to search as the root of your DirectorySearcher:

DirectoryEntry myOU = new DirectoryEntry("OU=something,OU=yep,DC=dev,DC=local");
DirectorySearcher srch = new DirectorySearcher(myOU);
srch.SearchScope = SearchScope.Subtree;

and then use just the objectCategory=person for your filter - I would use objectCategory which is single-valued and indexed and thus fast rather than objectClass (which is multi-valued and not indexed):

srch.Filter = "(objectCategory=person)";

If you still want to check for membership in a group in addition to being part of the OU, you can add this as a member-of part to the filter:

srch.Filter = "(&(objectCategory=person)(memberOf=cn=Group,ou=yep,dc=dev,dc=local))";

Not totally sure about the wildcards - in general, LDAP search filters do support wildcards, but I'm a bit hesitant about using a wildcard in a RDN like this group DN here.

Marc

2
votes

According to this thread, wildcard search for DNs are not supported in Active Directory.

0
votes

Don't specify a memberOf clause.

0
votes

Don't specify the memberOf clause. Just use "(objectClass=user)"

0
votes

Here is how i did this is the LDAP name is the group for which you need members

DirectoryEntry entry = new DirectoryEntry("LDAP://<COMPANYLDAP>/CN=<Group Name>,OU=something,OU=yep,DC=dev,DC=local");
DirectorySearcher Dsearch = new DirectorySearcher(entry);
SearchResult sResultSet = Dsearch.FindOne();
GetProperty(sResultSet, "member");



 public static void GetProperty(SearchResult searchResult, string PropertyName)
        {
            StringBuilder strb = new StringBuilder();
            if (searchResult.Properties.Contains(PropertyName))
            {

                ResultPropertyValueCollection rc = searchResult.Properties[PropertyName];
                foreach (string name in rc)
                {
                    DirectoryEntry entry = new DirectoryEntry("LDAP://<COMPANYLDAP>/" + name);
                    DirectorySearcher Dsearch = new DirectorySearcher(entry);
                    //Dsearch.Filter = name;
                    SearchResult sResultSet = Dsearch.FindOne();
                    strb.AppendLine(GetPropertyvalue(sResultSet, "displayname") + "," + GetPropertyvalue(sResultSet, "mail"));
                }


            }

            File.WriteAllText(strb.ToString(), "c:\\Users.txt");
        }