Trying to amend a rule to exclude certain group from my existing functioning query... When i add the extra section to exclude, groupC, it picks up no users.
(&
(objectclass=user)
(&
(|
(memberOf=groupA)
(memberOf=groupB)
)
(!
(memberOf=CN=GroupC)
)
)
)
Have tried tweaking syntax, adding extra parenthesis, and extra &, with no change.
Active Directory requires the full distinguished name in queries when you're matching an attribute that takes a DN, like memberOf. So just CN=Group3 isn't enough, and getting no results is exactly what would happen. Besides that, your syntax is correct.
It should look more like this:
(&
(objectclass=user)
(&
(|
(memberOf=CN=groupA,OU=Groups,DC=example,DC=com)
(memberOf=CN=groupB,OU=Groups,DC=example,DC=com)
)
(!
(memberOf=CN=GroupC,OU=Groups,DC=example,DC=com)
)
)
)