• State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 24 subscribers
  • Views 781 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

AD/LDAP OU Groups

marcoalabro

my clients on webhelpdesk are on specific OU in AD, i have other users form another OU that i want to include on my client list. I tried creating a group in my OU and include these users but WHD was not able to query these users. Any suggestions?

  • 0

    Could you not just do two connectors? 

    Connector 1 OU 1

    Connector 2 OU 2

  • 0 in reply to crippsb

    the OU where this certain user belongs to contains more than 1 thousand users, and, there are other users from another OU, i'm avoiding clients that don't belong to my OU.

  • 0 in reply to marcoalabro

    We had a similar cases with other applications and found groups don't help us in situations like this.  What we did was us the extensionAttribute# field(s) and populate it with the word STAFF.  That way we could do more advanced LDAP querys with it. 

    Our import is simple on our base DN and uses the below search

    (&(objectCategory=person)(objectClass=user)(extensionAttribute7=STAFF))
  • 0

    hi cripp, your solution is great but we don't have any permissions on users from another OU to edit AD attributes.

  • 0 in reply to marcoalabro

    To build on crippsb's first solution,

    1. Create a second connector with a Users DN set to the other OU (e.g. ou=Other Location,dc=domain,dc=local)
    2. Create a group in your "own" OU that contains users that you need from the other OU (e.g. cn=Outside Helpdesk Users,ou=My Location,dc=domain,dc=local)
    3. Set the Search Filter on this second OU connection to (&(objectCategory=person)(objectClass=user)(memberOf=cn=Outside Helpdesk Users,ou=My Location,dc=domain,dc=local))

    This should find all members of the "Other Location" that are members of the group called "Outside Helpdesk Users" which you have created within your own OU. This should not require any permissions for you to modify the other OU.

    An alternative solution would be to modify your original connector by expanding your Users DN base to include the next higher up part of the tree, perhaps the domain root. Set your search filter to a group you create in your own OU that contains ALL of your clients, both those who are contained in your OU and in the other OU.

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.