Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


How to: Querying AD

Published on
9,147 Points
6 Endorsements
Last Modified:
Thomas Zucker-Scharff
Veteran in computer systems, malware removal and ransomware topics.  I have been working in the field since 1985.
Let me begin by stating outright that I am NOT in any manner or form an expert in Active Directory.  I have a domain I set up about 7 years ago (When I had the only AD up and running) that has virtually nothing in it (with the exception of a little less than 20 active users).  More recently I have become the administrator of an organizational unit (OU) for my department, which is part of the AD run by our university.

So In getting back into AD administration, I have had to figure out several things on my own and with a little help from colleagues.  The up shot was that I wanted to make several distribution lists, which would reside in our GAL (Global Address Lookup) and I could use to communicate with members of my department, members of our center, etc.  

I set up the groups as distribution lists in my OU and added several names, but they would not send out.  I was telling this to someone and they asked if I had asked for permission to have the groups set up as distribution lists.  I didn't even realize I needed to do this.  I called up my local AD guru here and asked him what I needed to do to get these groups to work as distribution lists.  He was very helpful.  He changed the permissions and a setting or 2 to make them work.  And they were now working as distribution lists!

I forgot to ask him how to get a list of the members of that group (there are 178).  I did a little trolling around the web to find the answer to what I thought was a simple question.  There were many answers, most of which involved an amount of scripting I was unwilling or unable to do or permissions that I didn't have (I only have admin permissions to the OU and I wanted names and email addresses of people that resided in a different OU).  After trying several tools (powershell, which I am not at all familiar with; Quest Softwares' ActiveRoles Management Shell for Active Directory - which may have worked but there was no ui and it gave me a headache just looking at the UNIX like man pages; and the ds tools from Microsoft) I was just about ready to give up, when I remembered a tool I had downloaded and used before called LUSER (lookup user) from safetoland.com.  
Quest ActiveRoles Management LUSER startupLUSER AD screenLUSER group queryLUSER group query resultsADInfoFree startup screenADInfoFree groups screenADInfoFree ResultsI booted up luser after changing the domain and hosts files to reflect a different domain.  I entered the AD server name and went to the Active Directory tools.  Enter the letter G (group) and the distribution group name and voila, a list of the members of the group!!  So easy!  Then I remembered another AD tool I had, ADInfoFree from Cjwdev.  This one has a much nicer interface and I got the same results, a listing of the members of the group!

So if you are a poor soul like me, who is not an AD administrator, some of those other tools might not do what you want (feel free to use them anyway).  I have recommended LUSER over the years and am recommending it again.  It is an excellent tool, even if somewhat cludgy.  And ADInfoFree is another great tool you should have at your disposal if you have anything to do with active directory, but are not a Domain Admin.
  • 2
LVL 22

Expert Comment

Nice. I will try even if I'm an AD admin, but I always search some tools for our N1 team.


Expert Comment

by:Klavs R
I can offer alternative for AD Info Free - AD FastReporter Free.
It has more fields, works much faster and effectively on bigger environments, store all created reports in the local database for later usage and offers more file export formats.
LVL 30

Author Comment

by:Thomas Zucker-Scharff

Are you affiliated with this software or just a user?

Expert Comment

by:Klavs R
I am the developer of this product. This is not just an advertisement for my product, but I have deeply researched and used AD Info, and other competitors so I am confident about their pros and cons.
P.S. If it still violates community rules, then feel free to take the necessary action.

Featured Post

[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Join & Write a Comment

This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Suggested Courses

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month