搜索不用时OU [英] Search when NOT in OU

问题描述

我想与LDAP的AD进行搜索，有一个条件，人们不是在一个特定的OU（见例）

I want to search in the AD with LDAP, with a condition that people are not in a specific OU (see example)

Domain.local
- [OU] Location A
-- [OU] Users
-- [OU] Computers
- [OU] Location B
-- [OU] Users
-- [OU] Computers
- [OU] Location C
-- [OU] Users
-- [OU] Computers

在我的过滤器我希望所有用户但从位置B中的用户/用户

In my filter I want all users BUT the users from Location B/Users

是这可能吗？如果是，如何？

is this possible? And if yes, how?

推荐答案

ExtensibleMatch 解释的这里允许DN路径上建立过滤器，但它不支持在Active Directory中。据我知道你已经得到了以下的解决方案做你想做什么：

ExtensibleMatch explained here allow to build filters on the DN path, but it's not supported in Active Directory. As far as I know you've got the following solution to do what you want:

• 在多个搜索，每一个OU只是一个你不想
• 在两个搜索，一个全局，一个是你不想要的对象的OU，你想喝preSS的条目从第一个第二个搜索。
• 使用属性的广告，就区别为用户在位置B.例如称为属性欧这是从 organizationalPerson 类。你用locationB（它multivaluated）
设置它

• Multiple search, one for each OU except the one you don't want
• Two search, one global, one for the OU you don't want objects, and you suppress the entries from the second search in the first one.
• Use an attribute in AD to make the distinction for users in Location B. For example the attribute called OU which is inherited from organizationalPerson class. you set it with "locationB" (it's multivaluated)

第三个解决方案是我使用的一个。我对你的情况建议是：

The third solution is the one I use. My advice in your case is :

1. 测试，如果OU属性用于在Directory用户或inetorgpersons如果是选择其他的属性。

1. Test if OU attribute is used in your Directory for users or inetorgpersons if so select an other attribute

（及（|（对象类=为inetOrgPerson）（对象类=用户））（OU = *））

(&(|(objectclass=inetOrgPerson)(objectclass=user))(ou=*))

通过脚本，通过编程，通过使用LDIF填充你选择的属性，并保持它在使用

by scripting, by programming,by using LDIF populate the attribute you choose and keep it in use

如果你是编程与用C＃你有父母的对象的信息，因为我在<一个解释href="http://stackoverflow.com/questions/5872838/search-active-directory-for-an-ou-using-a-partial-path-to-the-ou/5874554#5874554">simalary问题所以你可以排序的对象在这个严格的标准。

If you are programmin with C# you've got the information of "parent" for an object as I explain in a simalary question so you can sort object on this criterium.

这篇关于搜索不用时OU的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！