我需要在 Active Directory 中找到特定组中的所有用户。我可以查询我想要从中获取用户的特定组的 AD,但我无法为用户查询该特定组。
以下作品:
SELECT *
FROM OPENQUERY
(ADSI
, 'SELECT cn, displayName, userPrincipalName
FROM ''LDAP://MY.CONNECTION.IS.HERE''
WHERE objectCategory=''group''
AND CN=''*TEST*''
ORDER BY CN')
上述查询返回所有类似于“test”的 AD 组。但是我如何从广告组中获取用户列表?我特别想列出所有组中类似于“测试”的用户。
try "memberOf" attribute with name of specific group.
You might want to look e.g. here, it is C# related, but I guess it will give you an impression of how user entries are constructed. You need objects of class "person" - objectCategory="person" - and containing attribute "memberOf" filled with name of group you're searching for. The whole list on result will contain all persons belonging. It should probably work with memberOf="test" as well, to include members of testA, and members of testB and members of testC, and more like for all group names matching.