不在 OU 时搜索 [英] Search when NOT in OU
问题描述
我想使用 LDAP 在 AD 中进行搜索,条件是人们不在特定的 OU 中(参见示例)
I want to search in the AD with LDAP, with a condition that people are not in a specific OU (see example)
Domain.local
- [OU] Location A
-- [OU] Users
-- [OU] Computers
- [OU] Location B
-- [OU] Users
-- [OU] Computers
- [OU] Location C
-- [OU] Users
-- [OU] Computers
在我的过滤器中,我想要所有用户,但来自位置 B/用户的用户
In my filter I want all users BUT the users from Location B/Users
这可能吗?如果是,如何?
is this possible? And if yes, how?
推荐答案
ExtensibleMatch 解释 此处 允许在 DN 路径上构建过滤器,但在 Active Directory 中不受支持.据我所知,您有以下解决方案来做您想做的事:
ExtensibleMatch explained here allow to build filters on the DN path, but it's not supported in Active Directory. As far as I know you've got the following solution to do what you want:
- 多次搜索,每个 OU 一个,除了你不想要的那个
- 两次搜索,一次是全局搜索,一次是针对您不需要的对象的 OU,并且您在第一次搜索中禁止第二次搜索中的条目.
- 使用 AD 中的一个属性来区分位置 B 中的用户.例如继承自
organizationalPerson类的名为OU的属性.你用locationB"设置它(它是多值的)
- Multiple search, one for each OU except the one you don't want
- Two search, one global, one for the OU you don't want objects, and you suppress the entries from the second search in the first one.
- Use an attribute in AD to make the distinction for users in Location B. For example the attribute called
OUwhich is inherited fromorganizationalPersonclass. you set it with "locationB" (it's multivaluated)
第三个解决方案是我使用的.我的建议是:
The third solution is the one I use. My advice in your case is :
测试您的目录中是否为用户或 inetorgpersons 使用了 OU 属性,如果是,请选择其他属性
Test if OU attribute is used in your Directory for users or inetorgpersons if so select an other attribute
(&(|(objectclass=inetOrgPerson)(objectclass=user))(ou=*))
(&(|(objectclass=inetOrgPerson)(objectclass=user))(ou=*))
通过脚本、编程、使用 LDIF 填充您选择的属性并保持使用
by scripting, by programming,by using LDIF populate the attribute you choose and keep it in use
如果你是 C# 的程序员,你就会得到一个对象的父"信息,正如我在 简单的问题 所以你可以在这个标准上对对象进行排序.
If you are programmin with C# you've got the information of "parent" for an object as I explain in a simalary question so you can sort object on this criterium.
这篇关于不在 OU 时搜索的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
