7,023 questions
You should use attrlist to enumerate necessary attribute
Good point to start https://www.oreilly.com/library/view/active-directory-cookbook/9780596156305/ch04.html
LDAP filter to query email addresses
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 98%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
Rams
1
Reputation point
Hi,
I am new to LDAP filters but I have a requirement to create an LDAP filter that queries members of a security group in AD and gets members' email address. I do have the filter that queries members and returns their Name but I have no clue on how to modify the filter that it returns email addresses instead of name. Please help or suggest.
Thanks in advance.
Windows for business | Windows Client for IT Pros | Directory services | Active Directory
5 answers
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 28.999999999999996%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIE%3C/text%3E%3C/svg%3E)
Ilia Ershov 131 Reputation points2020-10-06T07:03:01.803+00:00 -
Rams 1 Reputation point
2020-10-06T08:30:01.067+00:00 Thanks. The problem is I need the LDAP filter to actually return email addresses, not sure if this is even possible. I believe we can modify LDAP filters with different criteria but they would return SamAccountName of users. For example, if I use an LDAP filter to find disabled user objects, it returns SamAccountName of all those disabled user accounts however, I need the filter to return email addresses of the users instead.
Sign in to comment -
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 28.999999999999996%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVW%3C/text%3E%3C/svg%3E)
Vicky Wang 2,736 Reputation points2020-10-08T07:15:29.477+00:00 Hi,
Thank you for posting in our forum, maybe the article in the link can help you
Hope this information can help you
Best wishes
Vicky
https://www.webspy.com/blog/useful-ldap-search-queries/
https://www.websense.com/content/support/library/web/hosted/dsc_admin/example_schema.aspx -
Vicky Wang 2,736 Reputation points
2020-10-22T09:22:37.57+00:00 Hi,
Just want to confirm the current situations.
Please feel free to let us know if you need further assistance.
Best Regards,
Vicky -
Vicky Wang 2,736 Reputation points
2020-10-29T07:39:44.047+00:00 Hi,
Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.
Best Regards,
Vicky -
Gary Reynolds 9,621 Reputation points2021-10-18T10:09:08.187+00:00 Hi @Rams
Just providing a followup post of your question.
It is possible to write a query that will return the attributes of the members of a group. However, you can't do this with standard query, you need to use a server side control to get your desired outcome. The server side control is the Attribute Scope Query control, this control takes an attribute name, which must be a Object(DN-DN) based attribute and for each member of the Object(DN-DN) attribute it will return the specified attributes of each member.
In the case of a group, the Object(DN-DN) attribute is the member attribute, and then by specifying the attributes you would like to be returned in the attribute list, you can return the email address for each member.
With the standard AD admin tools this is not easy to perform this type of query as there is no options to add the ASQ server side control to the query. LDP does have the ability to do, but it can be quiet complicated to configure.
NetTools includes a LDAP Client which will allow you to select and run ASQ based queries by just selecting one check box. The query input below can be imported into NetTools and run, it's pre-configured to ask for the group name and it will then details for each of the members. Details on how to input the query below can be found here
[Get group member details] Options=880030209934413 Server= BaseDN={getdn:{userinput:Enter group's SamAccountName}} Filter=(objectclass=*) Attributes=member,sAMAccountName, displayname, mail, pwdlastset,accountExpires,userAccountControl DisplayFilter= Filename= Sort= Controls= Authentication=1158 Separator=,For more information on how to use ASQ queries in NetTools see this post
Gary.