I am trying to use DirSync to get all changes to users in a particular OU (using C#). From what I've read, the root of the search must be the root of the directory partition, so I'm initializing my DirectoryEntry using the path:
string strUserDirPath = "LDAP://xxx.yyy.zzz/DC=xxx,DC=yyy,DC=zzz";
and then later I'm trying to set a filter that will give me only users in a specific OU.
The problem is, whenever I try to add the OU to the filter, it filters everything out. If I say:
srch.Filter = "(&(objectClass=user)(objectcategory=person))";
that gives me all users.
The full path to the OU I want is:
"OU=aaa,OU=bbb,OU=ccc,OU=ddd,OU=eee,DC=xxx,DC=yyy,DC=zzz"
I would like to sync only users that match this complete path.
I have tried adding several things to my filter to do this, but it always ends up filtering out ALL records. I have tried the following filters to no avail:
"(&(objectClass=user)(objectcategory=person)(OU=aaa))"
"(&(objectClass=user)(objectcategory=person)(OU=aaa,OU=bbb,OU=ccc,OU=ddd,OU=eee))"
"(&(objectClass=user)(objectcategory=person)(OU=aaa,OU=bbb,OU=ccc,OU=ddd,OU=eee,DC=xxx,DC=yyy,DC=zzz))"
"(&(objectClass=user)(objectcategory=person)(memberof=OU=aaa,OU=bbb,OU=ccc,OU=ddd,OU=eee,DC=xxx,DC=yyy,DC=zzz))"
"(&(objectClass=user)(objectcategory=person)(memberOf:1.2.840.113556.1.4.1941:=OU=aaa,OU=bbb,OU=ccc,OU=ddd,OU=eee,DC=xxx,DC=yyy,DC=zzz))"
I feel like I'm probably missing something very obvious, but can't quite get it.
Can anyone offer any solutions? As a last resort, I'm thinking of just getting all users, and then programmatically filtering out the ones I don’t need. Seems clunky, but if it's what I gotta do, I will.