I am trying to use a CFLDAP query to bind and search in the
Deleted Objects container of Active Directory. This would allow me
to get the sAMAccountname values of the users who have been deleted
within the last default 60 days (searching tombstone objects in
I have tried various methods including <cfldap
start="CN=Deleted Objects, DC=<domain>, DC=<com>> (I
am omitting the rest of the CFLDAP attributes in the example
above). I'm not sure if CFLDAP can even query the deleted objects
container. Has anyone had any experience with this?
It appears that you must have admin permissions to be able to
do this. If you can replicate this process using CFLDAP, you will
need to ensure that CF is running as a domain account with
Thanks for your help! I have however already explored those
solutions offered by Microsoft. Sadly, they only work in separate
programs (i.e. ldap.exe which comes with Windows Server tools).
After lots of research I have found a Java method that can bind
with the container and return the results. CFLDAP, I'm afraid is
just not capable of doing this - or at least I have had no luck
with it (I was connecting as domain admin btw).
The challenge now is to get the Java class to communicate
with the rest of my cf code.