Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Need to View all Groups in Active Directory, Performing search shows all groups

Posted on 2004-09-24
13
Medium Priority
?
165 Views
Last Modified: 2010-04-13
I am coming into supporting a domain that someone else setup.  I am doing security checks and inventory of users and groups.

The following groups are "missing" in AD when I view the directory strucutre:

Domain Admins
Domain Users
Enterprise Admins
Cert Publishers
DHCP Administrators
....and more

I would think that the person before me "deleted" or hid these items?

I want to export delimited text from them so I can run security checks.

Thank you in advance,
0
Comment
Question by:gizmoadria
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
  • 2
13 Comments
 
LVL 17

Assisted Solution

by:Eagle6990
Eagle6990 earned 600 total points
ID: 12144311
You can do some exporting of groups with the

net groups /domain

command from the command prompt and then

net group <Groupname> /domain

to see the members.
0
 

Author Comment

by:gizmoadria
ID: 12144499
Yes,

I am now familiar with how to export.

I would also like to be able to go into AD and see all 50+ groups in there rather than just the Builtins and then the spcific ones created for our company (there were some distribution and security groups created)

0
 
LVL 17

Expert Comment

by:Eagle6990
ID: 12144699
You can right click on the domain and do a find.  Search the entire domain and then sort by type to see all of your groups.  If you want only groups that have e-mail addresses, then you can use the Exchange tab and select only groups.
0
Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

 

Author Comment

by:gizmoadria
ID: 12145132

Clarification:
I do not want to have to do a search.  I want all groups in AD visible in the structure.
As of current, there are no filters set that I can see.


I don't need a hidden panel in my fridge, I just want to open it and see what I have to eat for dinner.
0
 
LVL 17

Expert Comment

by:Eagle6990
ID: 12145195
Oh, I don't know in that case.  Are all of the groups in a special OU that you don't know it's location?  All of ours are currently stored in the "Users" root OU rather than their respective sites.  If the person before you moved it to another OU or put it in a hidden container.

You could try going to View>Advanced Features to see hidden containers or perform a search as I specified earlier, but after doing the search, go to View>Choose Columns and add the "Published To" column and you can see where those groups are located at in the domain.  Might make finding them easier.  Are you using the normal ADUC console or a custom one that was created?
0
 

Author Comment

by:gizmoadria
ID: 12145369
Ah,  Published To will show me the location?

It looks like a vanilla console to me.
0
 
LVL 17

Expert Comment

by:Eagle6990
ID: 12145420
Yep, it shows you the location in the domain that it is currently in, including the OU
0
 
LVL 1

Accepted Solution

by:
mclean01 earned 900 total points
ID: 12153643
Do a dump of AD by going to the site: http://www.somarsoft.com/ and download DumpSEC.

It pretty good, I use it at work to dump things like accounts into Excel and check out last login times etc.  Pretty easy to use.
0
 

Author Comment

by:gizmoadria
ID: 12160758
mclean01, very helpful!!!

I still have the 1st part of the question to be answered.  For the groups that are not showing up in AD without a search, where can I place them?  Make a container and throw them in?  I don't like knowing there are unseen groups with unknown memebers.

0
 
LVL 17

Expert Comment

by:Eagle6990
ID: 12160832
Did you locate where the "missing" groups are stored at in AD?  I would make a "Groups" OU and put all of the groups in there until you get it sorted out.
0
 

Author Comment

by:gizmoadria
ID: 12162395
Eagle,

That is what I was asking.  I can see the groups if I do the following search,
Find>Advanced>Field>Group>Group Name (Pre Windows 2000)

and then I put in an asterisk

whew!  As you see, a lot of work to just view groups.
I will do that then, put all the groups that are not visible into a Groups OU for now.

That DumpSec tool is amazing Mclean!


I am going to award points to Eagle and Mclean.  If you two have additional comments, please provide today as I will award points tomorrow.
0
 
LVL 17

Expert Comment

by:Eagle6990
ID: 12162498
When you did the search, did you add the "Published at" column to see where they were located orignally?  I've never seen groups just not be shown, but they could be in an OU that you aren't aware of.  THen you could find where these groups are located and maybe they will show up by normally navigating to that OU.  There might be a reason the previous adminsitrator put them there.

We use DumpSec as well to view permissions on folders on our domain controllers
0
 
LVL 1

Expert Comment

by:mclean01
ID: 12165283
Sorry but I didn't see if this has been brought up but could the reason that you can't see any groups is because you viewing all of the objects as Containers?

1) Right click the window to the right or in a blank area (can't remember the official term - taskpad was it?)
2) Go to View and uncheck: Users, Groups and Computers as Containers

(You may have to click the Hide/Show console tree in the toolbar also)

This was the only obvious thing I could think of that would hide the groups.  (That or the previous admin actually edited the ACL on the container to prevent anyone from listing it.)
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
An overview of cyber security, cyber crime, and personal protection against hackers. Includes a brief summary of the Equifax breach and why everyone should be aware of it. Other subjects include: how cyber security has failed to advance with technol…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question