I was able to successfully use LDAP query to bring back user info from AD but I am having problems getting the OU info. What query should I use to get the OU location of the user? Thanks!
LDAP query returns whole path from domain root down to your user object.
down the path you will get several CNs and OUs. that's one meaning of OU.
but your user object might be 'member of' several other different OUs within AD in completely different paths.
so please specify what is OU in your meaning, otherwise it's hard to help.
note, I've seen your similar question here LDAP query for manager and OU, but neither it clarify your request here
+9
I believe if I query for the distinguishedName I am getting what I need. This should return the physical location of the user.
distinguishedName is just one of many properties of your user object within AD.
before you mentioned 'OU', now you mention 'physical location'. is it 'physical location' in term of where is user object located in AD structure, or is in term of your organizational structure (IT)?
the two might be totally unrelated, depends on your AD structure.
still, too many uncleanness in your question. please clarify exactly what do you need.
it might really help if you provided example what do you exactly get out of your LDAP query, how it is consistent for different users (meaning different users might be placed on different levels), and what exactly do you need out of that.
+9
I am building a termination workflow. As a part of the process I was tasked to record the current OU the user is in and then move the account to the Terminated Users OU. Does that clarify the issue?
When I query for the distinguishedName I essentially get that information. I was under the impression that a user can only be a member of a single OU...
if you do a query like
(distinguishedName=<user's DN>)
then you will get an OU/CN where your user object is placed.
if that's your target, then ok.
but you will need to save whole user's DN (not a single OU) since it will change after you move it to "Terminated Users"
but if you do a LDAP query like (one of several possible options)
(member=<user's DN>)
you will get plenty of other OUs/CNs the user object is member of.
from your question it wasn't clear which of the two you asked for.
hope it's clear now
Reply
View our Community Site Map
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.