Discussion:
LDAP Query Builder
(too old to reply)
A.M
2005-08-15 16:33:53 UTC
Permalink
Hi,



I am having some challenge to build LDAP query for my .NET application. Is
there any LDAP query builder that eases "LDAP://" style queries?



When I use "People Search" feature in Start Menu, and choose search within
Active Directory, I can find users that I need to fined, but the tool doesn't
show the LDAP query. Is there any way that I can spy on "Find People" dialog
box so see what is the LDAP query?



Any help would be appreciated,

Alan
Al Mulnick
2005-08-15 16:42:10 UTC
Permalink
You can. You can increase logging on the DC that is being used to the point
that it tells you what query it is using. You could also just read up on
the LDAP syntax to figure out what you want to exactly. As for testing, a
far better LDAP query tool would be LDP or Softerra's ldap browser.

That will show you the results of queries as you type them.

Typical query example would be looking for users with a first initial of 'a'
(&(objectCategory=Person)(givenName=a*))

You'll want to be familiar with the and'ing and or'ing of queries and what
the effect on your application can be. You'll also want to avoid some
queries while confining the queries to use indexed attributes wherever
possible. You can find a lot more information about ldap query optimization
on MSDN.

Does that help?
Post by A.M
Hi,
I am having some challenge to build LDAP query for my .NET application. Is
there any LDAP query builder that eases "LDAP://" style queries?
When I use "People Search" feature in Start Menu, and choose search within
Active Directory, I can find users that I need to fined, but the tool
doesn't show the LDAP query. Is there any way that I can spy on "Find
People" dialog box so see what is the LDAP query?
Any help would be appreciated,
Alan
A.M
2005-08-15 18:44:50 UTC
Permalink
Thank you for help.

If I run the following query in ADSI:

LDAP://cn=Begley Jeoff,OU=Vendors and Contractors,DC=canada,DC=mycorp,DC=com

It returns me the complete information about a user named "Begley Jeoff".

Can I modify the query to return the email of the user with user id:
"MYCORP\JBegley"?

Thank you,
Alan
Post by Al Mulnick
You can. You can increase logging on the DC that is being used to the
point that it tells you what query it is using. You could also just read
up on the LDAP syntax to figure out what you want to exactly. As for
testing, a far better LDAP query tool would be LDP or Softerra's ldap
browser.
That will show you the results of queries as you type them.
Typical query example would be looking for users with a first initial of 'a'
(&(objectCategory=Person)(givenName=a*))
You'll want to be familiar with the and'ing and or'ing of queries and what
the effect on your application can be. You'll also want to avoid some
queries while confining the queries to use indexed attributes wherever
possible. You can find a lot more information about ldap query
optimization on MSDN.
Does that help?
Post by A.M
Hi,
I am having some challenge to build LDAP query for my .NET application.
Is there any LDAP query builder that eases "LDAP://" style queries?
When I use "People Search" feature in Start Menu, and choose search
within Active Directory, I can find users that I need to fined, but the
tool doesn't show the LDAP query. Is there any way that I can spy on
"Find People" dialog box so see what is the LDAP query?
Any help would be appreciated,
Alan
Ulf B. Simon-Weidner [MVP]
2005-08-15 21:46:41 UTC
Permalink
Post by A.M
Thank you for help.
LDAP://cn=Begley Jeoff,OU=Vendors and
Contractors,DC=canada,DC=mycorp,DC=com
It returns me the complete information about a user named "Begley Jeoff".
"MYCORP\JBegley"?
Hi Alan,

The LDAP-Path you posted is not the query, it is the searchbase. Read what I
wrote at
http://www.windowsserverfaq.org/faq/ADQueries/LDAP-Queries.asp

To get the E-Mail Adress of that user you can use the following options:

Searchbase:
LDAP://OU=Vendors and Contractors,DC=canada,DC=mycorp,DC=com

Scope: Subtree or OneLevel - both will work in that case

Filter: (&(objectCategory=Person)(objectClass=User)(sAmAccountName=jbegley))

Attribute: distinguishedname,mail
--
Gruesse - Sincerely,

Ulf B. Simon-Weidner

MVP-Book "Windows XP - Die Expertentipps": http://tinyurl.com/44zcz
Weblog: http://msmvps.org/UlfBSimonWeidner
Website: http://www.windowsserverfaq.org
Al Mulnick
2005-08-15 21:48:25 UTC
Permalink
At this point, it's likely that two things would help you most:
1) Letting us know what the goals of your code are
2) seeing if a .net newsgroup couldn't be more helpful.

I think it's still worthwhile to post the goals of the code. There're
enough programmers here to be helpful. For specifics around .net s.ds it
would be best to post to those newsgroups.
Post by A.M
"MYCORP\JBegley"?
To answer the question: I wouldn't be concerned about the format of the user
id so much. In the case you show there, unless you have multiple domains,
you can assume the domain and use the samaccountname to search off of. To
be more precise, it would be something like:
(&(ojbectCategory=Person)(objectClass=User)(samaccountname=JBegley))

The objectClass=user portion is there so it won't have to search contacts as
well as user objects as Ulf previously pointed out. It's not needed for you
to succeed in your query necessarily, but it is best to be as precise as
possible to get the best results. Since samaccountname is unique in the
domain, it could be what you're after. If you have multiple domains, you'll
have to translate the NTLM style domain to LDAP domain context in order to
know where to execute the query. Something to consider.

Al
Post by A.M
Thank you for help.
LDAP://cn=Begley Jeoff,OU=Vendors and
Contractors,DC=canada,DC=mycorp,DC=com
It returns me the complete information about a user named "Begley Jeoff".
"MYCORP\JBegley"?
Thank you,
Alan
Post by Al Mulnick
You can. You can increase logging on the DC that is being used to the
point that it tells you what query it is using. You could also just read
up on the LDAP syntax to figure out what you want to exactly. As for
testing, a far better LDAP query tool would be LDP or Softerra's ldap
browser.
That will show you the results of queries as you type them.
Typical query example would be looking for users with a first initial of 'a'
(&(objectCategory=Person)(givenName=a*))
You'll want to be familiar with the and'ing and or'ing of queries and
what the effect on your application can be. You'll also want to avoid
some queries while confining the queries to use indexed attributes
wherever possible. You can find a lot more information about ldap query
optimization on MSDN.
Does that help?
Post by A.M
Hi,
I am having some challenge to build LDAP query for my .NET application.
Is there any LDAP query builder that eases "LDAP://" style queries?
When I use "People Search" feature in Start Menu, and choose search
within Active Directory, I can find users that I need to fined, but the
tool doesn't show the LDAP query. Is there any way that I can spy on
"Find People" dialog box so see what is the LDAP query?
Any help would be appreciated,
Alan
Ulf B. Simon-Weidner [MVP]
2005-08-15 21:23:32 UTC
Permalink
Post by Al Mulnick
You can. You can increase logging on the DC that is being used to the
point that it tells you what query it is using. You could also just read
up on the LDAP syntax to figure out what you want to exactly. As for
testing, a far better LDAP query tool would be LDP or Softerra's ldap
browser.
That will show you the results of queries as you type them.
Typical query example would be looking for users with a first initial of 'a'
(&(objectCategory=Person)(givenName=a*))
You'll want to be familiar with the and'ing and or'ing of queries and what
the effect on your application can be. You'll also want to avoid some
queries while confining the queries to use indexed attributes wherever
possible. You can find a lot more information about ldap query
optimization on MSDN.
Does that help?
Hi Al,

as you know the query (&(objectCategory=Person)(givenName=a*)) would return
not only users but also contacts. The query for users should be

(&(objectCategory=Person)(objectClass=User)(givenName=a*))
--
Gruesse - Sincerely,

Ulf B. Simon-Weidner

MVP-Book "Windows XP - Die Expertentipps": http://tinyurl.com/44zcz
Weblog: http://msmvps.org/UlfBSimonWeidner
Website: http://www.windowsserverfaq.org
Al Mulnick
2005-08-15 21:42:49 UTC
Permalink
That's true; I should have been more complete about the answer. Thanks Ulf.
Post by Ulf B. Simon-Weidner [MVP]
Post by Al Mulnick
You can. You can increase logging on the DC that is being used to the
point that it tells you what query it is using. You could also just read
up on the LDAP syntax to figure out what you want to exactly. As for
testing, a far better LDAP query tool would be LDP or Softerra's ldap
browser.
That will show you the results of queries as you type them.
Typical query example would be looking for users with a first initial of 'a'
(&(objectCategory=Person)(givenName=a*))
You'll want to be familiar with the and'ing and or'ing of queries and
what the effect on your application can be. You'll also want to avoid
some queries while confining the queries to use indexed attributes
wherever possible. You can find a lot more information about ldap query
optimization on MSDN.
Does that help?
Hi Al,
as you know the query (&(objectCategory=Person)(givenName=a*)) would
return not only users but also contacts. The query for users should be
(&(objectCategory=Person)(objectClass=User)(givenName=a*))
--
Gruesse - Sincerely,
Ulf B. Simon-Weidner
MVP-Book "Windows XP - Die Expertentipps": http://tinyurl.com/44zcz
Weblog: http://msmvps.org/UlfBSimonWeidner
Website: http://www.windowsserverfaq.org
Ulf B. Simon-Weidner [MVP]
2005-08-16 05:57:52 UTC
Permalink
Post by Al Mulnick
That's true; I should have been more complete about the answer. Thanks Ulf.
Just trying to avoid confusion ;-)
--
Gruesse - Sincerely,

Ulf B. Simon-Weidner

MVP-Book "Windows XP - Die Expertentipps": http://tinyurl.com/44zcz
Weblog: http://msmvps.org/UlfBSimonWeidner
Website: http://www.windowsserverfaq.org
Ulf B. Simon-Weidner [MVP]
2005-08-15 21:28:35 UTC
Permalink
Post by A.M
I am having some challenge to build LDAP query for my .NET application. Is
there any LDAP query builder that eases "LDAP://" style queries?
When I use "People Search" feature in Start Menu, and choose search within
Active Directory, I can find users that I need to fined, but the tool
doesn't show the LDAP query. Is there any way that I can spy on "Find
People" dialog box so see what is the LDAP query?
Hello Alan,

you can use the "Saved Queries" Feature from Active Directory Users and
Computers to create queries, and you are able to see the LDAP-Query it
creates.

For some information on LDAP-Queries look at
http://www.windowsserverfaq.org/faq/ADQueries/LDAP-Queries.asp
--
Gruesse - Sincerely,

Ulf B. Simon-Weidner

MVP-Book "Windows XP - Die Expertentipps": http://tinyurl.com/44zcz
Weblog: http://msmvps.org/UlfBSimonWeidner
Website: http://www.windowsserverfaq.org
A.M
2005-08-16 14:52:17 UTC
Permalink
Thank you Al and Simon.

Your posts helped me. Now the query works fine.
I am bulding a WhoAmI web service to be used by InfoPath forms.
I also had some other .NET related challanges, and the article 329986 saved
me.

Thank you again,
Alan
Post by A.M
Hi,
I am having some challenge to build LDAP query for my .NET application. Is
there any LDAP query builder that eases "LDAP://" style queries?
When I use "People Search" feature in Start Menu, and choose search within
Active Directory, I can find users that I need to fined, but the tool
doesn't show the LDAP query. Is there any way that I can spy on "Find
People" dialog box so see what is the LDAP query?
Any help would be appreciated,
Alan
Loading...