none
fetch all users from active directory

    Question

  • <?php
    $username   = $_POST['username'];
    $password   = $_POST['password'];
    $server = 'ldap://xxxxxxx';
    $domain = '@asia.xxxx.com';
    $port       = 389;
    
    $ldap_connection = ldap_connect($server, $port);
    
    if (! $ldap_connection)
    {
        echo '<p>LDAP SERVER CONNECTION FAILED</p>';
        exit;
    }
    
    // Help talking to AD
    ldap_set_option($ldap_connection, LDAP_OPT_PROTOCOL_VERSION, 3);
    ldap_set_option($ldap_connection, LDAP_OPT_REFERRALS, 0);
    
    $ldap_bind = @ldap_bind($ldap_connection, $username.$domain, $password);
    
    if (! $ldap_bind)
    {
        echo '<p>LDAP BINDING FAILED</p>';
        exit;
    }
    else
    {
    	echo 'login successful';
    }
    
    $base_dn = "OU=Employees,OU=Accounts,OU=India,DC=asia,DC=xxx,DC=com";
    
    $dispname="Michael bratt";
    
    
    $filter ="(&(objectClass=user)(manager=CN=$dispname,OU=Accounts,OU=India,DC=asia,DC=xxxx,DC=com))";
    $attr = array("sn","givenname","employeeid","distinguishedname","displayname","samaccountName","department","manager","mail","title","thumbnailphoto");
    
    $result = ldap_search($ldap_connection,$base_dn,$filter,$attr);
    
    $rescount = ldap_count_entries($ldap_connection,$result);
    
    $data = ldap_get_entries($ldap_connection,$result);
    
    
    if ($data["count"] > 0)
    {
    for ($i=0; $i<$data["count"]; $i++)
    {
    echo "<p> sn: " . $data[$i]["sn"][0]."<br/>";
    echo "givenname: ". $data[$i]["givenname"][0] ."<br/>" ;
    echo "employeeID: " . $data[$i]["employeeid"][0]."<br/>";
    echo "distinguishedName: " . $data[$i]["distinguishedname"][0]."<br/>";
    echo "displayName: " . $data[$i]["displayname"][0]."<br/>";
    echo "sAMAccountName: " . $data[$i]["samaccountname"][0]."<br/>";
    echo "department: ". $data[$i]["department"][0]."<br/>";
    echo "manager: " .$data[$i]["manager"][0]."<br/>";
    echo "mail: ". $data[$i]["mail"][0]."<br/>";
    echo "title: " .$data[$i]["title"][0]."<br/>";
    echo "photo: " .$data[$i]["thumbnailphoto"][0]."<br/>";
    
    
    echo "<br/><br/>";
    }
    }
    else
            {
                echo "<p>No results found!</p>";
            }
    
    
    ?>

    Through the above code I am able to fetch employees under manager "michael bratt" as follows :

    sn:xxxx
    givenname: xxxxx
    employeeID: xxxxx
    distinguishedName: CN=xxxxxxx,OU=Employees,OU=Accounts,OU=India,DC=asia,DC=xxxx,DC=com
    displayName: xxxxxxxxx
    sAMAccountName: xxxxxxxx
    department: xxxxxx
    manager: CN=xxxxxx,OU=Employees,OU=Accounts,OU=India,DC=asia,DC=xxxx,DC=com
    mail: xxxxxxxxx
    title: xxxxxxxxxxxxxx

    How can I fetch all the employees from the active directory like above , ofcourse with a different filter?

    Also the no of employees is greater than 1000.


    • Edited by mbr11122 Sunday, January 29, 2017 7:19 PM
    Sunday, January 29, 2017 7:18 PM

All replies

  • The filter for everyone in the domain would be:

    $filter = "(&(objectCategory=person)(objectClass=user))"

    More than 1000 will be no problem.

    Edit: If your domain has contractors and other people, then you might define "employee" as  someone that has a manager. Then the filter would be:

    The filter for everyone in the domain would be:
     $filter = "(&(objectCategory=person)(objectClass=user)(manager=*)"

    This retrieves all users in the domain that have any manager. There should be at least one person at the top of the organization who is a manager, but does not have a manager. This person would have direct reports, but no manager. If you want to include this person (or persons) then you could use the following:

    The filter for everyone in the domain would be:
     $filter = "(&(objectCategory=person)(objectClass=user)(|(manager=*)(directReports=*)))"

    This would retrieve all users in the domain that have either a manager or direct reports. It would only exclude those that have neither. But it would include the "boss" at the top of any organization.

    The "&" is the "And" operator that combines clauses in parentheses, the "|" is the "Or" operator. The "*" is the wildcard character, so it retrieves objects where manager or directReports has any value at all.


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)


    • Proposed as answer by Akabe Sunday, January 29, 2017 9:23 PM
    • Edited by Richard MuellerMVP Sunday, January 29, 2017 9:29 PM
    Sunday, January 29, 2017 9:17 PM
  • Hi,
    Was your issue resolved? If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.
    If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.
    If no, please reply and tell us the current situation in order to provide further help.
    Best Regards,
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, February 3, 2017 8:02 AM
    Moderator