Tag Archives: ASQ

How To: Display the properties of the members of a group

This articles explains how to use the ASQ server side control to return the display name and email address of all the members of a specific group.

First go to the Search option under Users in the left hand pane, deselect the Return Users Only option, and then enter the name of the group in the username field, click Go.

Select the required group from the list of returned results and then right click on the item, from the context menu, select Use With -> LDAP Search.  This will populate the LDAP Search option with the details of the group.

Click on the More button, In the Server Side controls section, select the Attribute Scope Query option, and set the Search Scope to Base Level.

In the Attributes field enter, ‘Member, displayname, mail’ and click Go.

In this example we are only returning the display name and email address for the members, however, you can specify any of the user’s attributes you want to display, they just need to be added to the Attributes list.

With this example we don’t specifying which objects to return, we can restrict the results to only user accounts, by changing the filter to (objectclass=user) or (objectclass=group) to only return the groups that are members.

[Search]
Options=879892770981453
Server=NULL
BaseDN=
Filter=(objectclass=*)
Attributes=Member, displayname, mail
DisplayFilter=
Filename=
Sort=
Authentication=1158
Separator=,

Related items:

ASQ details
User Search
LDAP Search - Options
LDAP Favorties

Attribute Scope Query

The Attribute Scope Query (ASQ) is Server Side control that provides the ability to return the attributes of members of a Object(DN-DN) attribute, e.g. member.  The specified attributes are returned for each DN that is included in the Object(DN-DN) attribute.

For ASQ queries the LDAP Search input fields must have the set as follows, The BaseDN field must be set to the DN of the object containing the Object(DN-DN) attribute, the Search Scope must be Base Level, the Filter field is applied to the members of the Object(DN-DN) attribute, and can be used to filter\limit which items are included in the search.  The Attributes field, the first attribute named must be the name of the Object(DN-DN) attribute, followed by the list of attributes that are required.

In the above example, we are using the member attribute as the Object(DN-DN) attribute of the group object and its returns the last time the user logged on and when they last changed their password.

The filter field can be used to limit\filter the records that are returned, the filter is applied to the objects in the Object(DN-DN) attribute and will only return the objects that match the filter, i.e. setting the filter to (&(objectclass=*)(!userAccountControl|=2)) only accounts that are enabled will be returned.  This filter is using the subst feature in the filter to simplify the entry of complicated filters, see Substitutions

Advanced operations -  it’s possible to combine the Input Mode and ASQ options to query the Object(DN-DN) attribute of multiple objects in a single operation.

To do this first enable the Input Mode, by selecting the Table Input option, and select the Create Multiples option, and then paste a list of object DNs to be queried into the table view.  Update the BasedDN to be ##input and click go.  The results for DN in the Search Attribute will be displayed on an individual line.