Home/ Questions/Q 3949064
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-20T01:26:57+00:00

I am trying to make LDAP queries via Visual Basic. I don’t have administrator

  • 0

I am trying to make LDAP queries via Visual Basic. I don’t have administrator access to the Active Directory, but I am able to view all user objects. I don’t know what restrictions if any there are on me searching the directory via LDAP:// queries.

In the Excel application I am building, I have a column for the input of user IDs. Once a user inputs a user ID, I would like the other columns to be auto-populated based on server side information associated with that user (email address for example)

Let’s say c.Value is the User ID value that has been input to the spreadsheet: 

strUser = "CN=" & c.Value & ",OU=User Accounts,OU=Area,OU=Users,OU=Accounts,DC=joe,DC=bloggs,DC=co,DC=uk/"

Set objUser = GetObject("LDAP://" & strUser)

The problem is this — where OU=Area is known, the search is successful. However, I would like the query to check all area OUs for the UserID. As far as I can tell they are not held or mirrored in a central location. Is it possible to use Wildcards in such a query?

Does anyone have any other ideas or suggestions as to alternate ways to go about this?

Thank you,

Tom

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Before I answer your question, here are some basic background knowlege on Active Directory.

    • User objects on Active Directory contains a number of attributes.
    • CN is one of the attribute on the user object. It’s not always the same as your login user name.
    • samAccountName is string the pre-Windows 2000 Login Name. This is probably what you are looking for.
    • objects are stored hierarchically. User object can be put under OU or container

    To execute a LDAP query, you need to use an ADO connection object. You need to pass in a LDAP query string to the ADO connection object. The LDAP query string contains four parts.

    • Root path, where we start the search.
    • LDAP filter
    • Returned attributes
    • Search scope

    The LDAP query string that you should use should be something like

    <LDAP://OU=Users,OU=Accounts,DC=joe,DC=bloggs,DC=co,DC=uk>;(&(objectClass=user)(samAccountName=yourusername));adspath;subtree
    • The root path in the above example is <LDAP://OU=Users,OU=Accounts,DC=joe,DC=bloggs,DC=co,DC=uk>. It means start searching at this level
    • Since you are searching for user, the LDAP filter is (&(objectClass=user)(samAccountName=yourusername)). Of course, you need to replace yourusername to something else inside your code. If you really want to do the search on CN, change it to CN here
    • Returned attributes is a special attribute adspath, which allows you to bind to that object later
    • I am assuming you are trying to search for all user objects under the same domain. So, your search scope should be subtree

    Here is a complete sample that I guess it should do your job

    userName = "harvey"
ldapStr = "<LDAP://OU=Users,OU=Accounts,DC=joe,DC=bloggs,DC=co,DC=uk>;(&(objectClass=user)(samAccountName=" & userName & "));adspath;subtree

Set conn = CreateObject("ADODB.Connection")
conn.Provider = "ADSDSOObject"
conn.Open "ADs Provider"
Set rs = conn.Execute(ldapStr)

While Not rs.EOF
   wscript.echo rs.Fields(0)
   rs.MoveNext
Wend
    • 0