How to fix ADOQuery request

Question

I have this ADOQuery:

SQL.Text := 'SELECT samAccountName FROM ''GC://' + sADForestName + ''' ' +
            'WHERE objectCategory=''user'' ' +
              'AND distinguishedName=''' + sADUserName + ''' ' +
              'AND memberOf=''' + sADGroupName + '''';

And this is work fine to get group for user, but I need also check nested groups using LDAP_MATCHING_RULE_IN_CHAIN:

SQL.Text := 'SELECT samAccountName FROM ''GC://' + sADForestName + ''' ' +
            'WHERE objectCategory=''user'' ' +
              'AND distinguishedName=''' + sADUserName + ''' ' +
              'AND memberOf:1.2.840.113556.1.4.1941:=''' + sADGroupName + '''';

But this request does not executed, I'm got error when calling ADOQuery.Open; (translated from Russian): "There was one or more errors while processing the command"

This is my error with request?

one of the possible sources of error are the colons near memberOf, which could be avoided by setting ParamCheck to false. — bummi, Sep 19 '13 at 12:13
but in all samples I see this: (memberOf:1.2.840.113556.1.4.1941:=cn=Group1,OU=groupsOU,DC=x) — Alex Egorov, Sep 19 '13 at 12:17
@bummi is suggesting switching off the `ParamCheck` property of TADOQuery, not changing your SQL. Delphi may be thinking :1.2.... is a parameter which will break your SQL. Turning off ParamCheck will stop this second-guessing. Code samples in other languages may not have the same problem handling colons(:) in SQL, as they tend to use other characters to mark parameters — Matt Allwood, Sep 19 '13 at 12:34
Understand now, but with ParamCheck=False I have the same error :( — Alex Egorov, Sep 19 '13 at 12:56
@AlexEgorov: please, provide one of those samples your told about. Let us compare what should be done with what was actualy done. — AlexSC, Sep 19 '13 at 14:37
some samples: [link](http://stackoverflow.com/questions/6252819/find-recursive-group-membership-active-directory-using-c-sharp) — Alex Egorov, Sep 19 '13 at 16:59
@AlexEgorov: that links shows how to do it with native LDAP requests. That's not the same thing what you are trying to do here. — whosrdaddy, Sep 19 '13 at 17:15

Alex Egorov · Accepted Answer · 2013-09-20T06:11:55.627

Thank you all guys, I found decision using ADOCommand:

var ADOConnection, ADOCmd, Res: Variant;

    ADOConnection := CreateOleObject('ADODB.Connection');
    ADOCmd := CreateOleObject('ADODB.Command');
    try
      ADOConnection.Provider := 'ADsDSOObject';
      ADOConnection.Open('Active Directory Provider');
      ADOCmd.ActiveConnection := ADOConnection;
      ADOCmd.Properties('Page Size')     := 100;
      ADOCmd.Properties('Timeout')       := 30;
      ADOCmd.Properties('Cache Results') := False;

      sBase       := '<GC://' + sADForestName+ '>';
      sFilter     := '(&(objectCategory=person)(objectClass=user)' +
                       '(distinguishedName=' + sADUserName + ')' +
                       '(memberOf:1.2.840.113556.1.4.1941:=' + sADGroupName + '))';
      sAttributes := 'sAMAccountName';

      ADOCmd.CommandText := sBase + ';' + sFilter + ';' + sAttributes + ';subtree';
      Res := AdoCmd.Execute;

      if Res.EOF then User := ''
                 else User := Res.Fields[0].Value;
    finally
      ADOCmd := NULL;
      ADOConnection.Close;
      ADOConnection := NULL;
    end;

How to fix ADOQuery request

1 Answers1