ldap experts: how to get a list of groups a user is a member of within the entire forest?

Chere Zhou qzhou at isilon.com
Thu May 8 01:33:28 GMT 2003

I want to do this using openldap against w2k ADS.  I found from google, 
somebody supporting ADSI from Microsoft said the following:

- bind to the GC.
- do search using DirectorySearcher with the filter 
"(&(objectClass=Group)(objectCategory=Group)(member=CN=My User...))".

I do not have DirectorySearcher to test it with.  But using 
net ads search -I <GC ip> \ 
certainly "Got 0 replies".

Anybody know how to do it, or is it not possible at all?  I hope one search 
can recursively get all of the groups, rather than just the groups the user 
is a direct member of.  I don't feel like looping through each group to 
compare with.  Better solution than that is greatly appreciated.  


More information about the samba-technical mailing list