All Apps and Add-ons

Ldapquery for getting users in the OU groups

cyber_castle
Path Finder

We are using SA-ldapsearch to pull the data from AD.

As part one of the security use cases, I need to pull all the users which are part of multiple groups from the same OU.

Say I have OU named Admin groups, inside that OU there are 300+ groups (all the group starts with adm-). Each group has 3-5 users. I need to pull the details of all the users from these 300groups.

```
| ldapsearch search="(&(objectClass=Group)(!(objectClass=computer))(sAMAccountName=adm-*))" | table sAMAccountName This will list all the Groups but not any users inside the group.


There is another search i can use to pull the user details based on the Group name

| ldapsearch search="(memberOf=CN=adm-ABCD,ou=Admin,ou=Groups,dc=xyz,dc=com)" but the issue is that i need to feed each group with an OR clause. Wild card (adm-*) doesn't work.

```

So I have 2 questions:

  1. Is there any better way to query to get all the users in the 3000+ groups in one ldapquery.
  2. Say, if i ran the first search and get all the 3000+ groups in a table, is there anyway i can pass each value in the table to the second ldapsearch (the value need to be after | ldapsearch search="(memberOf=CN=
0 Karma
Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.