Feb 7, 2012 at 3:56 PM
Edited Feb 7, 2012 at 4:49 PM
The AD user commands like AddUserToGroup do a query to find users. They query something like this
2012-02-07 10:18:33.4513|DEBUG|MaikKoster.Deployment.AD.Controller|Executing query "(&(objectClass=user)(|(cn=<username>)(sAMAccountName=<username>)(distinguishedName=<username>)))".
I find this to be incorrect. The problem is that all computers have an objectclass of user. So objectclass=user is not valuable. Instead, the filter to find users should include a (!(objectClass=computer)) to exclude computers. At
least in my AD, all computers have the user and computer values in objectClass. All users have user, but not computer. Looking on Google, I find that this is common. This is an issue for me because I have some objects where there is
both a user and computer object named the same.
I think the LDAP queries in the User functions should be modified to exclude objectClass=computer.
Alternately, I can specify the DN of the user I want to add so there is no confusion. My problem is that I am going to have to do a LDAP query of my own to obtain the DN.
I hope I am explaining this OK.