[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More


How to: Querying AD

Published on
9,286 Points
6 Endorsements
Last Modified:
Thomas Zucker-Scharff
Veteran in computer systems, malware removal and ransomware topics.  I have been working in the field since 1985.
Let me begin by stating outright that I am NOT in any manner or form an expert in Active Directory.  I have a domain I set up about 7 years ago (When I had the only AD up and running) that has virtually nothing in it (with the exception of a little less than 20 active users).  More recently I have become the administrator of an organizational unit (OU) for my department, which is part of the AD run by our university.

So In getting back into AD administration, I have had to figure out several things on my own and with a little help from colleagues.  The up shot was that I wanted to make several distribution lists, which would reside in our GAL (Global Address Lookup) and I could use to communicate with members of my department, members of our center, etc.  

I set up the groups as distribution lists in my OU and added several names, but they would not send out.  I was telling this to someone and they asked if I had asked for permission to have the groups set up as distribution lists.  I didn't even realize I needed to do this.  I called up my local AD guru here and asked him what I needed to do to get these groups to work as distribution lists.  He was very helpful.  He changed the permissions and a setting or 2 to make them work.  And they were now working as distribution lists!

I forgot to ask him how to get a list of the members of that group (there are 178).  I did a little trolling around the web to find the answer to what I thought was a simple question.  There were many answers, most of which involved an amount of scripting I was unwilling or unable to do or permissions that I didn't have (I only have admin permissions to the OU and I wanted names and email addresses of people that resided in a different OU).  After trying several tools (powershell, which I am not at all familiar with; Quest Softwares' ActiveRoles Management Shell for Active Directory - which may have worked but there was no ui and it gave me a headache just looking at the UNIX like man pages; and the ds tools from Microsoft) I was just about ready to give up, when I remembered a tool I had downloaded and used before called LUSER (lookup user) from safetoland.com.  
Quest ActiveRoles Management LUSER startupLUSER AD screenLUSER group queryLUSER group query resultsADInfoFree startup screenADInfoFree groups screenADInfoFree ResultsI booted up luser after changing the domain and hosts files to reflect a different domain.  I entered the AD server name and went to the Active Directory tools.  Enter the letter G (group) and the distribution group name and voila, a list of the members of the group!!  So easy!  Then I remembered another AD tool I had, ADInfoFree from Cjwdev.  This one has a much nicer interface and I got the same results, a listing of the members of the group!

So if you are a poor soul like me, who is not an AD administrator, some of those other tools might not do what you want (feel free to use them anyway).  I have recommended LUSER over the years and am recommending it again.  It is an excellent tool, even if somewhat cludgy.  And ADInfoFree is another great tool you should have at your disposal if you have anything to do with active directory, but are not a Domain Admin.
  • 2
LVL 22

Expert Comment

Nice. I will try even if I'm an AD admin, but I always search some tools for our N1 team.


Expert Comment

by:Klavs R
I can offer alternative for AD Info Free - AD FastReporter Free.
It has more fields, works much faster and effectively on bigger environments, store all created reports in the local database for later usage and offers more file export formats.
LVL 32

Author Comment

by:Thomas Zucker-Scharff

Are you affiliated with this software or just a user?

Expert Comment

by:Klavs R
I am the developer of this product. This is not just an advertisement for my product, but I have deeply researched and used AD Info, and other competitors so I am confident about their pros and cons.
P.S. If it still violates community rules, then feel free to take the necessary action.

Featured Post

HTML5 and CSS3 Fundamentals

Build a website from the ground up by first learning the fundamentals of HTML5 and CSS3, the two popular programming languages used to present content online. HTML deals with fonts, colors, graphics, and hyperlinks, while CSS describes how HTML elements are to be displayed.

This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month