All Apps and Add-ons

Ldapquery for getting users in the OU groups

Path Finder

We are using SA-ldapsearch to pull the data from AD.

As part one of the security use cases, I need to pull all the users which are part of multiple groups from the same OU.

Say I have OU named Admin groups, inside that OU there are 300+ groups (all the group starts with adm-). Each group has 3-5 users. I need to pull the details of all the users from these 300groups.

| ldapsearch search="(&(objectClass=Group)(!(objectClass=computer))(sAMAccountName=adm-*))" | table sAMAccountName This will list all the Groups but not any users inside the group.

There is another search i can use to pull the user details based on the Group name

| ldapsearch search="(memberOf=CN=adm-ABCD,ou=Admin,ou=Groups,dc=xyz,dc=com)" but the issue is that i need to feed each group with an OR clause. Wild card (adm-*) doesn't work.


So I have 2 questions:

  1. Is there any better way to query to get all the users in the 3000+ groups in one ldapquery.
  2. Say, if i ran the first search and get all the 3000+ groups in a table, is there anyway i can pass each value in the table to the second ldapsearch (the value need to be after | ldapsearch search="(memberOf=CN=
0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!