Characters with Accents and LDAP search

  • 1.3K Views
  • Last Post 14 April 2017
SWD1 posted this 23 October 2006

st1\:*{behavior:url(#default#ieooui) }










Hi all,

I’m using
the following script to find a user which works
fine so long as
the CN value doesn’t contain a
character with an accent, in the example below I’ve used Léo Apotheker, unfortunately the letter é
produces an ‘Object not found
error’. Does anyone have any
idea what is going on here? Is the problem with VBScript or AD?

Many thanks

Steven

Set dso =
GetObject("LDAP:")

Set objUser = dso.OpenDSObject( _

"LDAP://APHRODITE/CN=Léo
Apotheker,OU=Staff,DC=Domain,DC=Com", _

"Domain\User",
_

"password", _

ADSSECUREAUTHENTICATION + ADSSERVERBIND)

objUser.AllowLogon
= Disabled

objUser.SetInfo

-------------------------------------------------------------------This email is from Oldham Sixth Form College, but expresses the viewsof the sender and not necessarily the views of the college. The emailand any files transmitted with it are confidential to the intendedrecipient at the e-mail address to which it has been addressed. It maynot be disclosed or used by any other than that addressee, nor may itbe copied in any way. If received in error, please notifyPostmaster@osfc.ac.uk quoting the name of the sender.This message has been scanned for viruses by F-Secure Anti-Virus.Please note that we cannot accept any responsibility for anytransmitted viruses. It is, therefore, your responsibility to scanattachments (if any).

Order By: Standard | Newest | Votes
DonH posted this 14 April 2017

The presence of a NOT clause doesn’t completely kill indexing, but the NOT clause itself cannot be indexed.  The problem is that attributes that you do not have read access to are supposed to behave as if they have no values.  On a “positive” search clause the DSA can filter out results that show up in the index but that you shouldn’t be able to see, but with a NOT clause it has no way to add in the results that aren’t really in that section of the index but because of security restrictions should appear to be so. DonH 

show

darren posted this 14 April 2017

On a related note, do NOT queries still kill use of indexing in AD? I know that was the mantra many moons ago but curious if it’s still the case.

 

Darren

 

show

gazzadownunder posted this 13 April 2017

This should do the trick, I haven't tested but it should put you on the right track.
 (&(objectclass=user)(objectcategory=user)(!postOfficeBox=SRV)(company=PSEBAS)( !userAccountControl:1.2.840.113556.1.4.803:=2))
Gary.
On Apr 13, 2017 10:45 AM, adriaoramos@xxxxxxxxxxxxxxxx wrote:
Please, I need to search all user in my company that are active, don’t have the word SRV in P O BOx attribute and PSEBA Sin company attribute  . I created this ldap search, but there is something wrong in it. Can anyone help me with it?

(|(sAMAccountType=805306368)(&(isDeleted=TRUE)(objectClass=user)(!(objectClass=computer)&(objectClass=user)(!postOfficeBox=SRV)(objectClass=user)(company=PSEBAS)&(objectClass=user) userAccountControl:1.2.840.113556.1.4.803:=2))))


Imprima apenas o Essencial - Prefira as opções Frente & Verso e Branco & Preto

SABESP 3Rs: Reduzir/Reutilizar/Reciclar

Antes de imprimir pense em sua responsabilidade e compromisso com o MEIO AMBIENTE.

Este ambiente esta sujeito a monitoramento.

This environment can be checked

AVISO LEGAL As informações contidas nesse e-mail e documentos anexos são dirigidas exclusivamente ao(s) destinatário(s) acima indicados, podendo ser confidenciais e/ou legalmente privilegiadas. Qualquer tipo de utilização dessas informações por pessoas não autorizadas esta sujeito as penalidades legais. Caso você tenha recebido essa mensagem por engano, envie por favor uma mensagem ao remetente, apagando-a em seguida.

LEGAL ADVICE This message is for use by the intended recipient and contains information that may be privileged, confidential and/or under applicable law. If you are not the intended recipient, you are hereby formally notified that any use, copying or distribution of this e-mail, in whole or in part, is strictly prohibited. Please notify the sender by return e-mail and delete this e-mail from your system.



��)ߢm������+�v*�롹^�˧���r���x���i٢�f���-�����+

Thiago.Pereira posted this 13 April 2017

Pick onehttp://www.cjwdev.co.uk/Software/ADReportingTool/Info.html
Or 

LDAP Query to Find Enabled Users

(&(objectCategory=person)(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))


Sent from my iPhone


show

listmail posted this 02 November 2006

st1\:* {
BEHAVIOR: url(#default#ieooui)
}
@page Section1 {size: 595.3pt 841.9pt; margin: 72.0pt 90.0pt 72.0pt 90.0pt; }
P.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman"
}
LI.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman"
}
DIV.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman"
}
A:link {
COLOR: blue; TEXT-DECORATION: underline
}
SPAN.MsoHyperlink {
COLOR: blue; TEXT-DECORATION: underline
}
A:visited {
COLOR: purple; TEXT-DECORATION: underline
}
SPAN.MsoHyperlinkFollowed {
COLOR: purple; TEXT-DECORATION: underline
}
SPAN.EmailStyle17 {
COLOR: windowtext; FONT-FAMILY: Arial; mso-style-type: personal-compose
}
DIV.Section1 {
page: Section1
}






I don't have any problem running that script and binding to
an ID with accents...

joe
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm

show

Close