无法从活动目录获取用户 [英] Not able to fetch users form Active directory

问题描述

我需要获取组中存在的所有用户。我假设组G1和内部有两个子组，例如sg1，sg2，这两个组中有要获取的用户。

I need to get all users which is present inside a group. I have suppose group G1 and inside that I have two sub group Like sg1 , sg2 and these two group is having users which i want to fetch.

这是我正在使用的，但是只得到sg1和sg2，而不是其中的用户

This is what I am using but only getting sg1 and sg2 but not users inside this

searchFilter = "(&(objectCategory=*)(memberOf="+distinguishedName+"))"

有人可以帮助我如何使用户进入sg1和sg2。让我知道是否需要更多信息。谢谢！

can someone please help how can I get users inside sg1 and sg2.Let me know if more information is required.Thanks!!

更新： >

我正在尝试使用Java。

I am trying to do this using java.

通过在过滤器下方应用，我可以吸引用户但不是全部，每个子组的用户很少。

By applying below filter I am able to fetch users but not all, few users from each child group.

> searchFilter =
> "(&(|(objectClass=group)(objectClass=user))(memberOf:1.2.840.113556.1.4.1941:="+distinguishedName+"))"

推荐答案

解析所有成员（包括嵌套的）安全组（至少需要Windows 2003 SP2）

Resolves all members (including nested) Security Groups (requires at least Windows 2003 SP2)

(memberOf:1.2.840.113556.1.4.1941:=CN=GroupOne,OU=Security Groups,OU=Groups,DC=YOURDOMAIN,DC=NET)

或仅检索作为成员的用户：

Or to retrieve only users that are members:

(&(objectClass=user)(memberof:1.2.840.113556.1.4.1941:=CN=GroupOne,OU=Security Groups,OU=Groups,DC=YOURDOMAIN,DC=NET)

有已知可用于ldap查询。请确保您在Microsoft Active Directory中具有适当的权限执行查询。

There are known to work ldap queries. Be sure you have proper permissions in Microsoft Active Directory to perform the queries.

您可以使用LDAP浏览器对其进行测试嗯 Apache Studio 之类的东西。

You can test these with an LDAP Browser. Something like Apache Studio.

这篇关于无法从活动目录获取用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！