So what I am trying to do is get myself a list of the AD users who belong to a specific group using ldapsearch. I attempted using “memberOf=GROUP_NAME”, but still not filtering based on that and I always get all users in the AD, here is my code:
ldapsearch -xLLL -h domain.org -D "domain\user" -W -b "DC=domain,DC=org" -s sub -x "(objectclass=user)" memberOf=cn=GROUP_NAME sAMAccountName | grep sAM | awk '{print $2}'
Any ideas what I am doing wrong here? Why isn’t the memberOf attribute filtering the users?
Advertisement
Answer
You need to fix the filter syntax and remove the 2nd -x, also memberOf expects the group dn (not just the group name) :
ldapsearch -xLLL -h domain.org -D "domain\user" -W -b "DC=domain,DC=org" -s sub "(&(objectclass=user)(memberOf=<GROUP_DN>))" sAMAccountName