I need to get all users and their groups from a specific category.
Examples of users :
user | memberof
user1 | CN=group_1,OU=Groupes,OU=CR 1,DC=zcam,DC=ztech
user1 | CN=group_2,OU=Groupes,OU=CR 1,DC=zcam,DC=ztech
user2 | CN=group_2,OU=Groupes,OU=CR 1,DC=zcam,DC=ztech
user3 | CN=group_3,OU=Groupes,OU=CR 2,DC=zcam,DC=ztech
I need to get every user where memberof contains OU=Groupes,OU=CR 1,DC=zcam,DC=ztech (user1 and user2 from my example)
Following this doc (https://learn.microsoft.com/fr-fr/windows/desktop/ADSI/search-filter-syntax) I tried the following syntaxes :
DirectoryEntry ldap = new DirectoryEntry("LDAP://xxx.xxx.xxx.xxx");
using (DirectorySearcher searcher = new DirectorySearcher(ldap))
{
// Works but return everything
searcher.Filter = "(&(objectClass=user)(memberof=*))";
// Works but only for one group
searcher.Filter = "(&(objectClass=user)(memberof=CN=group_1,OU=Groupes,OU=CR 1,DC=zcam,DC=ztechh))";
// Doesn't work because searcher.FindAll().Count returns 0
searcher.Filter = "(&(objectClass=user)(memberof=*,OU=Groupes,OU=CR 1,DC=zcam,DC=ztechh))";
// searcher.FindAll().Count returns 0
foreach (SearchResult result in searcher.FindAll())
{
[...]
}
Following this (https://community.servicenow.com/community?id=community_question&sys_id=00d29fa1db101fc01dcaf3231f96197f) I tried to change the wildcard * by a % but it didn't changed the result.
Finally I have found another way to do.
In fact, this property OU=CR 1 in the memberof correspond to the division in my AD.
So I just filter like this :
DirectoryEntry ldap = new DirectoryEntry("LDAP://xxx.xxx.xxx.xxx");
using (DirectorySearcher searcher = new DirectorySearcher(ldap))
{
searcher.Filter = "(&(objectClass=user)(division=CR 1))";
foreach (SearchResult result in searcher.FindAll())
{
[...]
}
Thanks everyone for your help.