It's not really using an attribute as your Base DN. The starting point for a search
can be SID, GUID or DN.
It works as Jimmy describes below.
Tony
---------- Original Message ----------------------------------
From: AD <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date: Fri, 22 Aug 2003 09:26:36 -0400
I never heard of using an attribute as your BaseDN.
If this worked for you I really would like to know how you did it.
Thanks
Y
From: Jimmy Andersson
Sent: Thu 21/08/2003 7:34 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute
Why not use LDP and set it like this:
Base DN <SID=S-1-5-21-709049380-3306950797-3746505139>
Filter (&(ObjectCategory=*)(name=*))
(I used a SID from my lab domain)
You might need to load the control for deleted objects, if it's deleted.
Regards,
/Jimmy
-------------------------------------
Jimmy Andersson, Q Advice AB
CEO & Principal Advisor
Microsoft MVP - Active Directory
---------- www.qadvice.com ----------
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AD
Sent: Friday, August 22, 2003 12:35 AM
To: [EMAIL PROTECTED]
Anyone know how to query AD on the ObjectSID?
My query looks like this:
(&(ObjectCategory=user)(SamAccountName=*)(ObjectSID=S15-2-4-3412341341234124
32412344))
Doesn't return anything. I know the sid must converted but I am not sure
what format it should be in.
Thanks
Y
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
