不在 OU 中时搜索 [英] Search when NOT in OU
问题描述
我想使用 LDAP 在 AD 中搜索,条件是人们不在特定的 OU 中(参见示例)
I want to search in the AD with LDAP, with a condition that people are not in a specific OU (see example)
Domain.local
- [OU] Location A
-- [OU] Users
-- [OU] Computers
- [OU] Location B
-- [OU] Users
-- [OU] Computers
- [OU] Location C
-- [OU] Users
-- [OU] Computers
在我的过滤器中,我希望所有用户,但来自位置 B/用户的用户
In my filter I want all users BUT the users from Location B/Users
这可能吗?如果是,如何?
is this possible? And if yes, how?
推荐答案
ExtensibleMatch 解释 此处 允许在 DN 路径上构建过滤器,但在 Active Directory 中不受支持.据我所知,您有以下解决方案来做您想做的事:
ExtensibleMatch explained here allow to build filters on the DN path, but it's not supported in Active Directory. As far as I know you've got the following solution to do what you want:
- 多个搜索,每个 OU 一个,除了你不想要的那个
- 两次搜索,一次全局搜索,一次用于不想要对象的 OU,然后在第一次搜索中禁止第二次搜索中的条目.
- 使用AD中的一个属性来区分位置B的用户.例如从
organizationalPerson类继承的名为OU的属性.你用locationB"设置它(它是多值的)
- Multiple search, one for each OU except the one you don't want
- Two search, one global, one for the OU you don't want objects, and you suppress the entries from the second search in the first one.
- Use an attribute in AD to make the distinction for users in Location B. For example the attribute called
OUwhich is inherited fromorganizationalPersonclass. you set it with "locationB" (it's multivaluated)
第三种解决方案是我使用的解决方案.我对您的建议是:
The third solution is the one I use. My advice in your case is :
测试您的目录中是否为用户或 inetorgpersons 使用了 OU 属性,如果是,请选择其他属性
Test if OU attribute is used in your Directory for users or inetorgpersons if so select an other attribute
(&(|(objectclass=inetOrgPerson)(objectclass=user))(ou=*))
(&(|(objectclass=inetOrgPerson)(objectclass=user))(ou=*))
通过脚本、编程、使用 LDIF 填充您选择的属性并保持使用
by scripting, by programming,by using LDIF populate the attribute you choose and keep it in use
如果您是使用 C# 的程序员,您将获得对象的父"信息,正如我在 simalary question,以便您可以根据此标准对对象进行排序.
If you are programmin with C# you've got the information of "parent" for an object as I explain in a simalary question so you can sort object on this criterium.
这篇关于不在 OU 中时搜索的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
