Forum Discussion

Mike_Finney_119's avatar
Mike_Finney_119
Icon for Nimbostratus rankNimbostratus
Sep 09, 2013

LDAP query for machine account?

I am still trying to flesh out our VPN solution but I am running into some issues with the client validation checks to fulfill security requirements. I would like to check to see if the remote client...
design
security
Mike_Finney_119's avatar
Mike_Finney_119
Icon for Nimbostratus rankNimbostratus
Sep 10, 2013

Uhh...not quite sure how this got turned around, but I am not trying to query the client. I am trying to perform a standard LDAP Query to my internal domain controller for the client machine name to determine if it is a valid computer account on the domain. Ideally I would then like to check to see if the computer account has the disabled flag set but that is not necessary.

 

In my policy, first I do an LDAP query for the user account entered on the logon page to determine which branch of the policy they should follow by their group membership, and if it is a user in the IT dept that is eligible for secure network access then I want to validate their client machine to see if they are using a company laptop so they would get the "full" network access list, or if they are using their home computer which is not a domain member so they would get RDP access to one of the management servers.

 

All my LDAP queries for computer objects fail with "no such member (32)". So my question is can LDAP queries for computer objects work, so I will continue to try to figure it out, or does it not work, in which case I will try to figure out something else. Thanks!!