Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Searching an Entire Forest using Global Catalog.

Status
Not open for further replies.
DocEvil

DocEvil

Technical User
Apr 22, 2005
3
AU
Hi all,

I work for an organisation that has absorbed many others over the past few years. Now we have a few child domains in our AD forest, but we use the one domain name "@abc.com" for internet addressing.

I am currently writing an Application so my Helpdesk can automatically create mailboxes once our AD team has created the AD object. That part is easy, however the tricky bit is getting my App to make sure that the new user "Fred Bloggs" doesn't have a conflicting "Fred Bloggs" in another domain & therefore my new Fred gets "Fred.Bloggs2@abc.com".

The current search I'm doing is:

<LDAP://DC=abc,DC=com>;(&(objectCategory=person)(givenName=fred)(|(sn=bloggs)));name,distinguishedName,msExchHomeServerName,homeMDB,samAccountName,EmployeeID,ProxyAddresses

This works a treat when searching one domain, but nails me when trying to search the "Entrie Directory" like I can in ADUC.

Any suggestions on a fast, easy method of searching an Entire Forest from a GC would make my headache go away ;).

Thanks in advance.

Doc.
 
Sort by date Sort by votes
>on a fast, easy method of searching an Entire Forest from a GC

The setting up of a search on the gc is ritually like this, just like setting up for a search on a domain.
[tt]
set oRootDSE=getobject("LDAP://RootDSE")
sforest=oRootDSE.get("rootDomainNamingContext")
'... preparation of the ado search
squery="<GC://" & sforest & ">;" & sfilter & ";" & sattributes & ";subtree"
'...
[/tt]
But the problem is that the attribute set must be those which are replicated to the gc. Hence, in the sfilter and the sattributes, you are restricted to a subset of available attributes to objects in the directory.

Now, givenName and sn are not by default replicated, I think, but you have to check your directory's customized setting. You can either make them attributes replicated or, I don't know, make your attribute of Fred.Blogg@abc.com be one. But doing that must be well planned as adding attributes to gc slow the replication and also once added you won't be able to delete it. On this aspect, check out these kb articles to start with.


- tsuji
 
Upvote 0 Downvote
Correction

My last post:
>Now, givenName and sn are [red][black]not[/black][/red] by default replicated...
should be read:
Now, givenName and sn are by default replicated...

I think I have by a slip of reasoning have a _not_ too many. GivenName and sn are global catalog attributes. Hence you can safely proceed with the filter you have in mind. Just have a check on the sattributes (attributes to be retrieved) that's the message I would have to convey.

- tsuji
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Zebad
  • Locked
  • Question
TFTP interference from another host (Windows Server , VxWorks Client)
Replies
0
Views
596
Zebad
Zebad
robocat
  • Locked
  • Question
Yet another TCP RST flag problem
Replies
0
Views
527
robocat
robocat
TheFaz_
  • Locked
  • Question
Sending udp packets from fpga to the computer using Lwip tcp/ip stack using C programming
Replies
0
Views
509
TheFaz_
TheFaz_
nvn
  • Locked
  • Question
SNMPV3 msgauthoritativeEngineID and ContextEngineID
Replies
0
Views
123
nvn
nvn
d0nny
  • Locked
  • Question
Using two ADSL connections
Replies
2
Views
109
Billz66
Billz66

Part and Inventory Search

Sponsor

Back
Top