I need to get some user attributes from Active Directory via ldap query. I'm using this code:
$attributes=array("cn","sAMAccountName","sn","givenname","memberof","mail","telephonenumber","mobile","useraccountcontrol","department");
$filter = "(&(objectClass=user)(sAMAccountName=".$username."))";
$result = ldap_search($ldaphandler, $domain, $filter, $attributes);
I need all nested groups, but with this query I get only the first-level group (memberof field). But for instance if a users is member of InnerGroup and InnerGroup is member of OuterGroup I would like to get both groups (InnerGroup and OuterGroup). Is it possibile?
Thank you.
To find all the groups that "user1" is a member of (see AD search filter):
Example with LDIFDE.EXE (native command line AD search on windows) :
ldifde -f t.txt -d "DC=dom,DC=fr" -r "(member:1.2.840.113556.1.4.1941:=CN=jblanc,OU=MonOu,DC=dom,DC=fr)"