Tried with below ldap queries.
ldap_query = "(&(objectCategory=Person)(objectClass=user)(member:1.2.840.113556.1.4.1941:=CN=xx,CN=Users,DC=aa,DC=ss,DC=com))"
ldap_query = "(member:1.2.840.113556.1.4.1941:=CN=xx,CN=Users,DC=aa,DC=ss,DC=com)"
Code is as below.
for hostname in <<domain.domain_controllers>>:
tls = ldap3.Tls(validate=ssl.CERT_NONE, version=ssl.PROTOCOL_TLS)
server = ldap3.Server(hostname, get_info=ldap3.ALL, mode=ldap3.IP_V4_PREFERRED, tls=tls, use_ssl=True)
with ldap3.Connection(server=server, authentication=ldap3.NTLM, auto_bind=True, password=xx, read_only=True, receive_timeout=30,user=yy) as ldap_connection:
search_parameters = {'search_base': 'DC=aa,DC=ss,DC=com', 'search_filter': ldap_query, 'attributes': ['*']}
ldap_connection.search(**search_parameters)
print(ldap_connection.entries)
It is just printing [] for all DCs, but user has groups and sub groups, as checked manually.
I am assuming that CN=xx,CN=Users,DC=aa,DC=ss,DC=com is a user object, and you are trying to find groups that have that user as a member. Am I correct?
The first query won't work, since it is searching for users that have the member attribute set. Users don't have a member attribute.
The second query would return any object that has CN=xx as a member. The only objects that have a member attribute are groups, but you could further constrain it to only groups anyway, which might improve the performance of the query (since objectClass is indexed):
ldap_query = "(&(objectClass=group)(member:1.2.840.113556.1.4.1941:=CN=xx,CN=Users,DC=aa,DC=ss,DC=com))"
There is no need to make the same query on every DC. They'll all give you the same information. If you aren't getting any results for this query, then there could be a few reasons:
(objectClass=user) (which would return all user objects) and see if you get results.distinguishedName you're using is incorrect. Verify that it is correct. You can try searching for it like this: (distinguishedName=CN=xx,CN=Users,DC=aa,DC=ss,DC=com) and see if you get results.