LDAP subtree question 1

[Sylv4n]

Hi,

I'm trying to get all the members of a group. most of the groups are in the Dept OU but there are some elsewhere.
I am using VBA behind a Excel worksheet
I have the following syntax that works:

Public Function getUsersInGroup(strGroup As String)

Dim myResults() As String
Dim objGroup

Set objGroup = GetObject("LDAP://CN=" & strGroup & ",OU=Finance,OU=Dept,DC=myCompany,DC=com")

If objGroup.members.Count > 0 Then
    ReDim myResults(objGroup.members.Count - 1, 1)
    myCount = 0
    For Each objUser In objGroup.members
        myResults(myCount, 0) = objUser.sAMAccountName
        myResults(myCount, 1) = objUser.DisplayName
        myCount = myCount + 1
    Next
End If

now the problem I have is that not all the departments I want to look are are in the Finance OU, so I want something like:

Set objGroup = GetObject("LDAP://CN=" & strGroup & ",OU=Dept,DC=myCompany,DC=com");subtree

or even better would be to not specify the OU at all and have it search all OU's, this kind of solution would be ideal, so something like

Set objGroup = GetObject("LDAP://CN=" & strGroup & ",DC=myCompany,DC=com");subtree

but every thime I try and add the subtree in it wont work.

Any ideas how I can do this?

Thanks
Sylvan

 

[tsuji]

Sure, the syntax is not correct. If you want to loop over all the ou under ou=dept (it is one-level), you can simplify the task by using filter.
[tt]
set oou=getobject("LDAP://OU=Dept,DC=myCompany,DC=com")
oou.filter=array("OrganizationalUnit")
for each oou_levelone in oou
set objGroup = getobject("LDAP://CN=" & strGroup & "," & oou_levelone.distinguishedName)
'do the thing you'are doing
If objGroup.members.Count > 0 Then
'etc etc
End If
next
[/tt]

 

[Sylv4n]

Tsuji,
That does solve the above problem, however I over simplified the question to writing my original post, in actual fact some of the departments do not reside in the Dept OU and they are more than one OU deep, so for example one may be in
OU=Finance,OU=Dept

whereas another could be in
OU=Exec,OU=Management,OU=Dept,OU=Site2

so I really need to check all the OU's rather than specify to just look in the Dept OU.

we have 15 seperate sites (each with a diffrent OU at the start, and not numbered as above (Site2))and the departments are typically 4 deep (as in the Exec, management example above)

so I wanted a single statement rather manually looping all the OU's we have

Sylvan

 

[tsuji]

You can isolate the search part (filter) to make a recursive search of all ou under dept to emulate the subtree search. I know you don't want to.

You can make usage of full search facility using ado. Here is the complete example (with more setting you would really need in practice.)

http://msdn.microsoft.com/en-us/library/aa705925(VS.85).aspx#Mtps_DropDownFilterText

Your subtree search uses the base pointing at ou=dept and uses filter like
[tt] where objectClass="OrganizationalUnit"[/tt]
if you continue to work within sql-dialect. It will automatically return all nested ou within dept and enumerate the target group's "direct" member. (Be careful, in the native mode, group membership can be considered nested as well. But that opens up another way to query membership that I'm not prepared to entangling the issue here.)