Getting all direct Reports from Active Directory

前端未结

关注

 1  890

I\'m trying to get all the direct reports of a User through Active Directory, recursively. So given a user, i will end up with a list of all users who have this person as ma

相关标签:

1条回答

再見小時候

2020-12-25 09:01
First off, setting Scope to "subtree" is unnecessary when you already have the DN you are looking for.

Also, how about finding all objects whose "manager" property is the person you look for, then iterating them. This should generally be faster than the other way around.
```
(&(objectCategory=user)(manager=<user-dn-here>))
```
EDIT: The following is important but has only been mentioned in the comments to this answer so far:

When the filter string is built as indicated above, there is the risk of breaking it with characters that are valid for a DN, but have special meaning in a filter. These must be escaped:
```
*   as  \2a
(   as  \28
)   as  \29
\   as  \5c
NUL as  \00
/   as  \2f

// Arbitrary binary data can be represented using the same scheme.
```
EDIT: Setting the SearchRoot to the DN of an object, and the SearchScope to Base also is a fast way to pull a single object out of AD.
0 讨论(0)
发布评论:

提交评论
- 加载中...