HowTo: Display the properties of the members of a group

This articles explains how to use the ASQ server side control to return the display name and email address of all the members of a specific group.

First go to the Search option under Users in the left hand pane, deselect the Return Users Only option, and then enter the name of the group in the username field, click Go.

Select the required group from the list of returned results and then right click on the item, from the context menu, select Use With -> LDAP Search.  This will populate the LDAP Search option with the details of the group.

Click on the More button, In the Server Side controls section, select the Attribute Scope Query option, and set the Search Scope to Base Level.

In the Attributes field enter, ‘Member, displayname, mail’ and click Go.

In this example we are only returning the display name and email address for the members, however, you can specify any of the user’s attributes you want to display, they just need to be added to the Attributes list.

With this example we don’t specifying which objects to return, we can restrict the results to only user accounts, by changing the filter to (objectclass=user) or (objectclass=group) to only return the groups that are members.

[Search]
Options=879892770981453
Server=NULL
BaseDN=
Filter=(objectclass=*)
Attributes=Member, displayname, mail
DisplayFilter=
Filename=
Sort=
Authentication=1158
Separator=,

Related items:

ASQ details
User Search
LDAP Search - Options
LDAP Favorties

Attribute Scope Query

The Attribute Scope Query (ASQ) provides a specific query function, with the scope of the query is based on the list of values stored in an attribute with an Object(DS-DN) format. For ease of reference within these instructions we will reference this attribute as the Search Attribute.

The query input fields have specific roles for ASQ based queries, The BaseDN must be the DN of the object containing the Search Attribute for the basis of searched, the Search Scope must be Base Level, the Filter is applied to the objects in the Search Attribute, with the Attributes field, the first attribute named must be the name of the Search Attributes, followed by the list of attributes that are required.

In the above example, we are using the member attribute as the Search Attribute of the group object and its returns the last time the user logged on and when they last changed their password.

The filter field can be used to limit\filter the records that are returned, the filter is applied to the objects in the Search Attribute and will only return the objects that match the filter, i.e. setting the filter to (&(objectclass=*)(!userAccountControl|=2)) only accounts that are enabled will be returned.  This filter is using the subst feature in the filter to simplify the entry of complicated filters, see Substitutions

Advanced operations -  it’s possible to combine the Input Mode and ASQ options to query the Search Attribute of multiple objects in a single operation.

To do this first enable the Input Mode, by selecting the Table Input option, and select the Create Multiples option, and then paste a list of object DNs to be queried into the table view.  Update the BasedDN to be ##input and click go.  The results for DN in the Search Attribute will be displayed on an individual line.