Forum Discussion
Stanislas_Piro2
Aug 11, 2017Cumulonimbus
Hi, ad query filter format is standard ldap filter
|(condition1)(condition2)(condition3)
The operator is at the beginning
|(userPrincipalName=%{session.logon.last.username})(mail=%{session.logon.last.username})
- svsNov 10, 2021Cirrus
Hi Stanislas,
this is syntactically incorrect. The whole statement needs to embraced with brackets:
(|(userPrincipalName=%{session.logon.last.username})(mail=%{session.logon.last.username}))
And as many users may look for something, where either an email address or the sAMAccountName could be used:
(|(userPrincipalName=%{session.logon.last.username})(mail=%{session.logon.last.username})(sAMAccountName=%{session.logon.last.username}))
Hope that helps anyone, who is looking for especially this very bad documented search filter field in AD Query agent of the access policy.
This was successfully tested today on 16.1.2.