I'm new to this way of making queries against ldap.I'm stuck on using the LDAP_MATCHING_RULE_IN_CHAIN ("member:1.2.840.113556.1.4.1941:=....
I have searched for information, I'm getting confused on how to use it.
I have a VB snippet where I'm trying to fetch all the groups a user is member of, direct or indirect. I get an empty result back.
I have some things I'm uncertain about,
- I have set the base to the root of AD, is that correct?
- Do I need to specify ObjectCategory and objectClass at all to get an result or are they "just" used to narrow the result set once something is returned?
- In the LDAP_MATCHING_RULE_IN_CHAIN ("memberOf:1.2.840.113556.1.4.1941:= I have various different suggestions to add a reference to a group, but the point here is to get a list of groups back, do I need to specify any ref. to a group to make this filter work?
I'm searching for a user "AD User" that's the CN in AD, I've tried other users with same result (nothing)
Does anyone see what I'm doing wrong here?
Private Sub Button2_Click(sender As Object, e As EventArgs) Handles Button2.Click
Dim adoCommand, adoConnection, strBase, strFilter, strAttributes
Dim objRootDSE, strDNSDomain, strQuery, adoRecordset, strName, strCN
' Setup ADO objects.
adoCommand = CreateObject("ADODB.Command")
adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open("Active Directory Provider")
adoCommand.ActiveConnection = adoConnection
' Search entire Active Directory domain.
objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://" & strDNSDomain & ">"
' Filter on user objects.
'strFilter = "(&(objectCategory=Person)(objectClass=user)"
strFilter = "(&(objectCategory=Group)"
strFilter = strFilter & "(member:1.2.840.113556.1.4.1941:=(CN=AD User,DC=hnitservice,DC=local)))"
' Comma delimited list of attribute values to retrieve.
strAttributes = "sAMAccountName,cn"
' Construct the LDAP syntax query.
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False
' Run the query.
adoRecordset = adoCommand.Execute
' Enumerate the resulting recordset.
Do Until adoRecordset.EOF
' Retrieve values and display.
strName = adoRecordset.Fields("sAMAccountName").Value
strCN = adoRecordset.Fields("cn").value
' Wscript.Echo "NT Name: " & strName & ", Common Name: " & strCN
' Move to the next record in the recordset.
adoRecordset.MoveNext
Loop
' Clean up.
adoRecordset.Close
adoConnection.Close
End Sub