How to: Querying AD
Veteran in computer systems, malware removal and ransomware topics. I have been working in the field since 1985.
Published:
Browse All Articles > How to: Querying AD
Let me begin by stating outright that I am NOT in any manner or form an expert in Active Directory. I have a domain I set up about 7 years ago (When I had the only AD up and running) that has virtually nothing in it (with the exception of a little less than 20 active users). More recently I have become the administrator of an organizational unit (OU) for my department, which is part of the AD run by our university.
So In getting back into AD administration, I have had to figure out several things on my own and with a little help from colleagues. The up shot was that I wanted to make several distribution lists, which would reside in our GAL (Global Address Lookup) and I could use to communicate with members of my department, members of our center, etc.
I set up the groups as distribution lists in my OU and added several names, but they would not send out. I was telling this to someone and they asked if I had asked for permission to have the groups set up as distribution lists. I didn't even realize I needed to do this. I called up my local AD guru here and asked him what I needed to do to get these groups to work as distribution lists. He was very helpful. He changed the permissions and a setting or 2 to make them work. And they were now working as distribution lists!
I forgot to ask him how to get a list of the members of that group (there are 178). I did a little trolling around the web to find the answer to what I thought was a simple question. There were many answers, most of which involved an amount of scripting I was unwilling or unable to do or permissions that I didn't have (I only have admin permissions to the OU and I wanted names and email addresses of people that resided in a different OU). After trying several tools (powershell, which I am not at all familiar with; Quest Softwares' ActiveRoles Management Shell for Active Directory - which may have worked but there was no ui and it gave me a headache just looking at the UNIX like man pages; and the ds tools from Microsoft) I was just about ready to give up, when I remembered a tool I had downloaded and used before called LUSER (lookup user) from safetoland.com.
![Quest ActiveRoles Management]()
![LUSER startup]()
![LUSER AD screen]()
![LUSER group query]()
![LUSER group query results]()
![ADInfoFree startup screen]()
![ADInfoFree groups screen]()
![ADInfoFree Results]()
I booted up luser after changing the domain and hosts files to reflect a different domain. I entered the AD server name and went to the Active Directory tools. Enter the letter G (group) and the distribution group name and voila, a list of the members of the group!! So easy! Then I remembered another AD tool I had,
ADInfoFree from Cjwdev. This one has a much nicer interface and I got the same results, a listing of the members of the group!
So if you are a poor soul like me, who is not an AD administrator, some of those other tools might not do what you want (feel free to use them anyway). I have recommended LUSER over the years and am recommending it again. It is an excellent tool, even if somewhat cludgy. And ADInfoFree is another great tool you should have at your disposal if you have anything to do with active directory, but are not a Domain Admin.
So In getting back into AD administration, I have had to figure out several things on my own and with a little help from colleagues. The up shot was that I wanted to make several distribution lists, which would reside in our GAL (Global Address Lookup) and I could use to communicate with members of my department, members of our center, etc.
I set up the groups as distribution lists in my OU and added several names, but they would not send out. I was telling this to someone and they asked if I had asked for permission to have the groups set up as distribution lists. I didn't even realize I needed to do this. I called up my local AD guru here and asked him what I needed to do to get these groups to work as distribution lists. He was very helpful. He changed the permissions and a setting or 2 to make them work. And they were now working as distribution lists!
I forgot to ask him how to get a list of the members of that group (there are 178). I did a little trolling around the web to find the answer to what I thought was a simple question. There were many answers, most of which involved an amount of scripting I was unwilling or unable to do or permissions that I didn't have (I only have admin permissions to the OU and I wanted names and email addresses of people that resided in a different OU). After trying several tools (powershell, which I am not at all familiar with; Quest Softwares' ActiveRoles Management Shell for Active Directory - which may have worked but there was no ui and it gave me a headache just looking at the UNIX like man pages; and the ds tools from Microsoft) I was just about ready to give up, when I remembered a tool I had downloaded and used before called LUSER (lookup user) from safetoland.com.
I booted up luser after changing the domain and hosts files to reflect a different domain. I entered the AD server name and went to the Active Directory tools. Enter the letter G (group) and the distribution group name and voila, a list of the members of the group!! So easy! Then I remembered another AD tool I had,
ADInfoFree from Cjwdev. This one has a much nicer interface and I got the same results, a listing of the members of the group!
So if you are a poor soul like me, who is not an AD administrator, some of those other tools might not do what you want (feel free to use them anyway). I have recommended LUSER over the years and am recommending it again. It is an excellent tool, even if somewhat cludgy. And ADInfoFree is another great tool you should have at your disposal if you have anything to do with active directory, but are not a Domain Admin.
Veteran in computer systems, malware removal and ransomware topics. I have been working in the field since 1985.
Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.
Comments (4)
Commented:
Dan
Commented:
It has more fields, works much faster and effectively on bigger environments, store all created reports in the local database for later usage and offers more file export formats.
Author
Commented:Are you affiliated with this software or just a user?
Commented:
P.S. If it still violates community rules, then feel free to take the necessary action.