LDAP query doesn't return all accounts with specific login
I have a Windows 2008 domain that I am querying via ldapsearch and if I
use a domain administrator account I get all the users I would expect, but
if I use the service account I created for this purpose I miss random
objects.
For example:
#> ldapsearch -LLL -H ldap://domain-controller.my-domain.com:389 -b
'dc=MY-DOMAIN,dc=COM' -D 'MY-DOMAIN\administrator' -W
'(&(objectClass=Person)(sAMAccountName=*)(memberof=cn=StashTeam,ou=MyTeams,ou=MyDomainUsers,dc=MY-DOMAIN,dc=COM)(!(userAccountControl=514)))'
| grep cn:
I get a list of:
cn: Homer Simpson
cn: Marge Simpson
cn: Bart Simpson
cn: Lisa Simpson
cn: Maggie Simpson
However if I run (using my Service Account):
#> ldapsearch -LLL -H ldap://domain-controller.my-domain.com:389 -b
'dc=MY-DOMAIN,dc=COM' -D 'MY-DOMAIN\ServiceUser' -W
'(&(objectClass=Person)(sAMAccountName=*)(memberof=cn=StashTeam,ou=MyTeams,ou=MyDomainUsers,dc=MY-DOMAIN,dc=COM)(!(userAccountControl=514)))'
| grep cn:
I get a list like:
cn: Homer Simpson
cn: Lisa Simpson
cn: Maggie Simpson
No comments:
Post a Comment