none
Finding organization units in AD RRS feed

  • Question

  • DirectoryEntry root = new DirectoryEntry("LDAP://dc=me,dc=com");
    DirectorySearcher searcher = new DirectorySearcher(root);
    searcher.Filter ="(&(objectCategory=group)(memberOf=cn=mygroup));

    My code above works fine for finding groups within groups, but does not work for Organisational groups.
    What am I going wrong?

    I need to find organization units  one hierarchy level at a time.


    Certified Geek


    • Edited by Arne MN Friday, April 17, 2015 6:44 PM
    Friday, April 17, 2015 3:55 PM

Answers

  • Link 1 does not have a filter for a specific OU.

    Link 2 works with this filter  "(&(objectCategory=organizationalUnit))"


    Certified Geek


    • Edited by Arne MN Friday, April 24, 2015 3:30 PM
    • Marked as answer by Arne MN Friday, April 24, 2015 3:30 PM
    Friday, April 24, 2015 3:19 PM

All replies

  • Maybe I'm missing something but your query is asking for groups contained inside the group 'mygroup'.  If you want to find root groups then don't ask that they be a subgroup of 'mygroup'.  The category by itself will retrieve all groups.

    Michael Taylor
    http://blogs.msmvps.com/p3net

    Friday, April 17, 2015 6:31 PM
    Moderator
  • I am not looking for all groups. I am looking organizational units. I don't know the syntax for OUs. The filter in my question is wrong.


    Certified Geek



    • Edited by Arne MN Friday, April 17, 2015 6:38 PM
    Friday, April 17, 2015 6:36 PM
  • The category for OUs is Organizational-Unit.  Change your category to that in the above query and you'd get OUs.  I would recommend downloading AD Explorer in order to explorer your AD schema and help identify the query you'll need.
    Friday, April 17, 2015 6:47 PM
    Moderator
  • you mean like this?

    "(&(objectCategory=Organizational-Unit)(memberOf=ou=EBI,ou=CORP,dc=me,dc=com))"


    Certified Geek

    Friday, April 17, 2015 7:04 PM
  • The category should filter down to OUs. I'm not an AD query expert but I don't think memberof works here.  You aren't looking for a member of a group but a child unit.  The distinguish name is a concat of the parent paths.  So if you have an OU called OU1 that is contained in OU2 which is in your domain of DC1 then the name is OU=OU1,OU=OU2,DC=DC1.  I think your query is going to need to look at the name. I've seen example of people simply getting all the OUs and then using split to get the paths (sort of like you'd do for the file system).  This is going to be slow for a large tree.

    Alternatively you could get the OUs in the root and then enumerate each one to get the child OUs and then repeat recursively (again, like a file system).

    Friday, April 17, 2015 7:59 PM
    Moderator
  • MemberOf does not seem to work. Getting all the OUs in the root will not be helpful. I don' mind if my program is slow.

    Certified Geek

    Friday, April 17, 2015 8:10 PM
  • Hi Arne,

    Please refer to check the following two links.

    http://stackoverflow.com/questions/5347096/how-can-i-get-a-list-of-organizational-units-from-active-directory

    http://stackoverflow.com/questions/1224658/how-do-i-query-an-organizational-unit-for-its-groups-with-ldap

    Hope it useful.

    Regards,


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Friday, April 24, 2015 3:19 AM
    Moderator
  • Link 1 does not have a filter for a specific OU.

    Link 2 works with this filter  "(&(objectCategory=organizationalUnit))"


    Certified Geek


    • Edited by Arne MN Friday, April 24, 2015 3:30 PM
    • Marked as answer by Arne MN Friday, April 24, 2015 3:30 PM
    Friday, April 24, 2015 3:19 PM