What is this MMC thing you speak of?
;o)
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Holme Sent: Monday, December 05, 2005 6:36 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Saved Query for Distinguished Name Contains Thanks!!!! For the
scoop, Joe!!! And yes, I LOVE ADFIND,
but it doesn’t provide a result set within the MMC… I’m trying to do an MMC (AD
UC snap-in) Saved Query as the basis for a custom Taskpad … Sorry I wasn’t clear
about that. Guess I’m out of luck. Thanks again,
though! At least I know not to keep beating my head against the
wall! Dan From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of joe It seems I have been
answering a lot of questions like this lately... You can not put parts
of the DN into the LDAP query. The only way to control what branches a query
looks at are 1.
Permissions 2. Search
base 3. Search
scope. You need to be the most
specific you need to be to either include or exclude various branches of the
tree. That being said,
someone who wanted to have those specific branches filtered out or filtered in
to the outputted return set but didn't mind actually returning a lot more data
could look to see if they can find a tool that was written by someone bright
enough to add options to let you do that. Hey there is one... It
is called adfind and has excldn and incldn switches to allow you to specify
portions of a DN of objects you would like outputted.
FYI, there is a bug in
the objects returned counter when using incldn, I have to go in and fish it out
of there. It is because I cut and pasted the excldn code to produce the incldn
section. ;o) Anyway, your query
would look something like adfind -default -f
objectcategory=computer -incldn ou=workstations Keep in mind though
that every computer in your org will be passed back to your client so if you
have 100k computers and only 10 are in the ou=workstations ou's it will seem
AWFULLY SLOW.... There is no way for me to get around
that.
joe From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Hey,
all! I am trying to create a
saved query to pull out computers that exist within a WORKSTATIONS ou; and that
OU may exist within several higher-level OUs, i.e. distinguishedName=*OU=Workstations* but the Saved Queries
interface in ADUC doesn’t seem to like distinguishedName (I’ve also tried dn=
and DN=). Any ideas, please? |