14 February 2019
- Last edited 14 February 2019
Choose scope=subtree, not scope=base nor scope=onelevel.
If that does not result in results from the nested location, then either your search filter is incorrect or the account doing the search doesn’t have permissions to read the objects (or attributes in the filter).
As far as i understand scope is for some CLI utilities. And not understand "subtree" of what? Can you print some example, please? It is seems like i not understand what you wrote. In my case i only set filter's part. I just try to describe in another words:
Is this possible to filter with mask? Also, sorry, i was got some mistake in describe, English is not my first language. This variant is true:
groups filter: CN=*,OU=groups,OU=TEST,DC=dc,DC=local
because need to exclude groups which is in another OU, but in the same baseDN: OU=groups,OU=MyOU,DC=dc,DC=local
It is not possible to change baseDN to appropriate OU because also need to search users which placed at CN=Users,DC=dc,DC=local.
I know that AD not give availability to use asterisk in DN, but may be some extented match rules give?