We are using SA-ldapsearch to pull the data from AD.
As part one of the security use cases, I need to pull all the users which are part of multiple groups from the same OU.
Say I have OU named Admin groups, inside that OU there are 300+ groups (all the group starts with adm-). Each group has 3-5 users. I need to pull the details of all the users from these 300groups.
| ldapsearch search="(&(objectClass=Group)(!(objectClass=computer))(sAMAccountName=adm-*))" | table sAMAccountName This will list all the Groups but not any users inside the group.
There is another search i can use to pull the user details based on the Group name
| ldapsearch search="(memberOf=CN=adm-ABCD,ou=Admin,ou=Groups,dc=xyz,dc=com)" but the issue is that i need to feed each group with an OR clause. Wild card (adm-*) doesn't work.
So I have 2 questions:
Is there any better way to query to get all the users in the 3000+ groups in one ldapquery.
Say, if i ran the first search and get all the 3000+ groups in a table, is there anyway i can pass each value in the table to the second ldapsearch (the value need to be after | ldapsearch search="(memberOf=CN=