Member Login

Remember Me
Forgot Password?
Join Us!

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

Join Tek-Tips
*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.
Jobs from Indeed

Link To This Forum!

Partner Button
Add Stickiness To Your Site By Linking To This Professionally Managed Technical Forum.
Just copy and paste the
code below into your site.

LDAP subtree question

LDAP subtree question


I'm trying to get all the members of a group. most of the groups are in the Dept OU but there are some elsewhere.
I am using VBA behind a Excel worksheet
I have the following syntax that works:


Public Function getUsersInGroup(strGroup As String)

Dim myResults() As String
Dim objGroup

Set objGroup = GetObject("LDAP://CN=" & strGroup & ",OU=Finance,OU=Dept,DC=myCompany,DC=com")

If objGroup.members.Count > 0 Then
    ReDim myResults(objGroup.members.Count - 1, 1)
    myCount = 0
    For Each objUser In objGroup.members
        myResults(myCount, 0) = objUser.sAMAccountName
        myResults(myCount, 1) = objUser.DisplayName
        myCount = myCount + 1
End If

now the problem I have is that not all the departments I want to look are are in the Finance OU, so I want something like:


Set objGroup = GetObject("LDAP://CN=" & strGroup & ",OU=Dept,DC=myCompany,DC=com");subtree

or even better would be to not specify the OU at all and have it search all OU's, this kind of solution would be ideal, so something like


Set objGroup = GetObject("LDAP://CN=" & strGroup & ",DC=myCompany,DC=com");subtree

but every thime I try and add the subtree in it wont work.

Any ideas how I can do this?


RE: LDAP subtree question

Sure, the syntax is not correct. If you want to loop over all the ou under ou=dept (it is one-level), you can simplify the task by using filter.

set oou=getobject("LDAP://OU=Dept,DC=myCompany,DC=com")
for each oou_levelone in oou
    set objGroup = getobject("LDAP://CN=" & strGroup & "," & oou_levelone.distinguishedName)
    'do the thing you'are doing
    If objGroup.members.Count > 0 Then
        'etc etc
    End If

RE: LDAP subtree question

That does solve the above problem, however I over simplified the question to writing my original post, in actual fact some of the departments do not reside in the Dept OU and they are more than one OU deep, so for example one may be in

whereas another could be in

so I really need to check all the OU's rather than specify to just look in the Dept OU.

we have 15 seperate sites (each with a diffrent OU at the start, and not numbered as above (Site2))and the departments are typically 4 deep (as in the Exec, management example above)

so I wanted a single statement rather manually looping all the OU's we have


RE: LDAP subtree question

You can isolate the search part (filter) to make a recursive search of all ou under dept to emulate the subtree search. I know you don't want to.

You can make usage of full search facility using ado. Here is the complete example (with more setting you would really need in practice.)

Your subtree search uses the base pointing at ou=dept and uses filter like
    where objectClass="OrganizationalUnit"
if you continue to work within sql-dialect. It will automatically return all nested ou within dept and enumerate the target group's "direct" member. (Be careful, in the native mode, group membership can be considered nested as well. But that opens up another way to query membership that I'm not prepared to entangling the issue here.)

Red Flag This Post

Please let us know here why the post below is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!


Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close