How can I construct a filter for DirectorySearcher to check if there is a user with a given login in a given group?
$ "(sAMAccountName = {login})";
Something like this (searching only by login) works for me, but I have no idea how to add the condition that the user should only search in one selected group, and not search the entire AD. I tried:
$ "(& (objectClass = user) (sAMAccountName = {login}) (memberOf = [{groupDistinguishedName}]))"
And these types of constructs, but in FindOne () it always gets null ... As groupDistinguishedName I gave the name in the format "CN = GroupName, CN = ..., DC = ..., DC = ..."
CodePudding user response:
A couple potential issues I see. First, there shouldn't be any square brackets []
. Also, in your example group distinguished name, you have spaces. Maybe that's just how you typed it in your question, but the real value should not have any spaces (around CN=
for example). It should exactly match what's in the distinguishedName
attribute of the group.
The complete filter should look something like this:
(&(objectClass=user)(sAMAccountName=SomeUser)(memberOf=CN=groupName,OU=Groups,DC=example,DC=com))