2

I am trying to pick up some LDAP query skills for use in my SharePoint 2013 farm. I want to constrain my people picker user the peoplepicker-searchadcustomfilter command which takes an LDAP query. For those not familiar with this the command looks like this:

stsadm -o setproperty -pn peoplepicker-searchadcustomfilter -url https://<web app url> -pv "(|(objectClass=Group)(memberof=OU=WCH,OU=Employees,DE=Company,DC=Local))"

The '-pv' parameter takes the LDAP query and the rest is for SharePoint specific.

My intention is to show only groups OR an entity, person/user or group that resides in the WCH Employees OU.

Since the picker setting will only work if the ldap is syntactically correct I am assuming that there is something wrong with my syntax to find a member of the OU I'm specifying.

When I use "(objectClass=Group)" as the value it works fine. I get back only groups from everywhere in AD. When I add the Or and the additional 'memberof' query it fails completely.

Any idea how to get any group and only users from a specific OU?

Thanks you!

CodeCompassion
  • 23
  • 1
  • 1
  • 4

1 Answers1

0

OU's are scope objects - you would have to scope your query to the OU, which I don't think you can do with poeplepicker.

So to get around that you can add a group called say PeoplePickerGroup and make all your users in that OU a member of that group. Then use something link this:

(|(objectCatagory=Group)(&(objectCatagory=person)(CN=PeoplePickerGroup,OU=WCH,OU=Employees,DC=Company,DC=Local)))
Jesus Shelby
  • 1,338