Rick Hopefully this should clarify things (although given my previous form, it's only likely to confuse everyone even more :-)).
1. LDP can be any version. 2. Doesn't matter what OS LDP is running on. 3. The LDAP connection MUST be to a Windows Server 2003 DC. 4. The LDAP connection MUST NOT be to a Windows 2000 DC, even if the 2003 AD schema extensions are in place. 5. The forest and domain functional levels are irrelevant. Tony ---------- Original Message ---------------------------------- From: "Rick Kingslan" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Date: Tue, 26 Aug 2003 09:04:48 -0500 Now I'm getting confused. Tony, are you saying that yes - in fact, it should and DOES work for you regardless of version (LDP and OS) OR Yes, it does work, regardless of version (of LDP), but only if the Schema has been updated to the versions of Windows 2003? Maybe this clarification will help. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray Sent: Tuesday, August 26, 2003 7:12 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute Actually, it looks like the LDP version doesn't matter, both v3.0 and the earlier one will work. The point is that the LDAP connection must be to a Windows Server 2003 DC. The domain and forest functionality can still be Windows 2000. Tony ---------- Original Message ---------------------------------- From: "Jimmy Andersson" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Date: Mon, 25 Aug 2003 21:23:23 +0200 I know, and I posted it some time ago but it hasn't showed up on the list yet... I use LDP 3.0 in all my 'Inside AD' classes and it works perfect for all my students and clients. Note-to-self, include the LDP version in the future. :) Glad you got it working! Regards, /Jimmy ------------------------------------- Jimmy Andersson, Q Advice AB CEO & Principal Advisor Microsoft MVP - Active Directory ---------- www.qadvice.com ---------- -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AD Sent: Monday, August 25, 2003 8:53 PM To: [EMAIL PROTECTED] Rick, You found the solution to my problem. LDP version 3.0 worked flawlessly. Jimmy's solution will not work with any other. Thanks Yves ________________________________ From: Rick Kingslan Sent: Mon 25/08/2003 1:07 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute Jimmy, What version of OS and version of LDP are you doing this on? I can't get it to work either - and I'm using the Builtin Group SIDS. I would suspect that I should get a consistent return on those, but I'm getting a BAD_NAME error. ???? Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jimmy Andersson Sent: Monday, August 25, 2003 9:51 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute I've tried it again and again.... With different SIDs on existing objects, and it works every time for me. Regards, /Jimmy ------------------------------------- Jimmy Andersson, Q Advice AB CEO & Principal Advisor Microsoft MVP - Active Directory ---------- www.qadvice.com ---------- -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AD Sent: Monday, August 25, 2003 4:02 PM To: [EMAIL PROTECTED] Can anyone test the following instructions from Jimmy and let me know if it worked for you? I can't seem to get it to work. I am not searching on a deleted SID. I am searching on an existing sid that I cut and paste from an existing user. Thanks Y ________________________________ From: Jimmy Andersson Sent: Fri 22/08/2003 5:03 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute Set it like this: Base DN <SID=S-1-5-21-709049380-3306950797-3746505139> Filter (&(ObjectCategory=*)(name=*)) Don't forget the '<' and '>' on the SID, you might also need to put in the '-' symbol within the SID itself. Also you might need to check in the control 'Return deleted objects' if the object exist in the Deleted Object container. You'll find the controls in Search - Options - Controls. You also might need to Regards, /Jimmy ------------------------------------- Jimmy Andersson, Q Advice AB CEO & Principal Advisor Microsoft MVP - Active Directory ---------- www.qadvice.com ---------- -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AD Sent: Friday, August 22, 2003 9:58 PM To: [EMAIL PROTECTED] Tony, I clicked on Browse and then Search in LDP. The little window comes up. (I actually used bind first). In the base DN field I typed in "SID=S15A913838F5E5A9AABF22742D54F69" In the Filter field I type in "(&(ObjectCategory=*))" My scope is set to Subtree. I clicked on Run. The ObjectSID was a cut and paste from my attribute. I does not return anything. What am I doing wrong here? I tried SID=, objectSID=, GUID=,objectGIUD=. Any help would be appreciated. Thanks Y ________________________________ From: Tony Murray Sent: Fri 22/08/2003 10:02 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute It's not really using an attribute as your Base DN. The starting point for a search can be SID, GUID or DN. It works as Jimmy describes below. Tony ---------- Original Message ---------------------------------- From: AD <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Date: Fri, 22 Aug 2003 09:26:36 -0400 I never heard of using an attribute as your BaseDN. If this worked for you I really would like to know how you did it. Thanks Y From: Jimmy Andersson Sent: Thu 21/08/2003 7:34 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute Why not use LDP and set it like this: Base DN <SID=S-1-5-21-709049380-3306950797-3746505139> Filter (&(ObjectCategory=*)(name=*)) (I used a SID from my lab domain) You might need to load the control for deleted objects, if it's deleted. Regards, /Jimmy ------------------------------------- Jimmy Andersson, Q Advice AB CEO & Principal Advisor Microsoft MVP - Active Directory ---------- www.qadvice.com ---------- -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AD Sent: Friday, August 22, 2003 12:35 AM To: [EMAIL PROTECTED] Anyone know how to query AD on the ObjectSID? My query looks like this: (&(ObjectCategory=user)(SamAccountName=*)(ObjectSID=S15-2-4-3412341341234124 32412344)) Doesn't return anything. I know the sid must converted but I am not sure what format it should be in. Thanks Y List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/