I have groups as such:
So the goal is to get all users that are members of parent group GroupA.
I have the following filter:
(&(objectCategory=Person)(objectClass=User)(mail=*MyEmailDomain.com)(memberOf=CN=GroupB,OU=MyOU3,OU=MyOU2,OU=MyOU1,DC=MyDomain,DC=LOCAL))
Which works for the lowest level groups.
From research, it seems that this should work, but doesn't:
(&(objectCategory=Person)(objectClass=User)(mail=*MyEmailDomain.com)(memberof:1.2.840.113556.1.4.1941:=(CN=GroupA,OU=MyOU3,OU=MyOU2,OU=MyOU1,DC=MyDomain,DC=LOCAL)))
If it matters, I'm using Active Directory Explorer to get the Distinguished Names, and the LDAP Input step in Pentaho's Data Integration tool (Kettle/PDI) to retrieve the data.
I love the fact that I always find the answer to my questions as soon as I post them somewhere. I need to learn to post much earlier and maybe I will spend less time searching :)
Found a random stackoverflow post that indicated there's an error in the msdn article for this and it has too many parenthesis.
This won't work:
(&(objectCategory=Person)(objectClass=User)(mail=*MyEmailDomain.com)(memberof:1.2.840.113556.1.4.1941:=(CN=GroupA,OU=MyOU3,OU=MyOU2,OU=MyOU1,DC=MyDomain,DC=LOCAL)))
But this DOES work:
(&(objectCategory=Person)(objectClass=User)(mail=*MyEmailDomain.com)(memberof:1.2.840.113556.1.4.1941:=CN=GroupA,OU=MyOU3,OU=MyOU2,OU=MyOU1,DC=MyDomain,DC=LOCAL))
(no parenthesis around the Distinguished Name)