Solved

Active Directory LDAP: Group membership incomplete

Posted on 2004-10-04
5
1,441 Views
Last Modified: 2013-12-03
Hello,

I have got a heavy problem with active-directory ldap access:

I try to find out which user is in wich group - or which users belong to each group.

The problem is, that in AD the "Domain Admin"-group has about 20 group members, but in LDAP-sight it has only 7 ??????

I tried [difde.exe -f export.ldf -r "(cn=Domain Admins)"] and got also 7 members.

In each way (even ADSI) there are only 7 members, but in reality and the "Active Directory Users & Computers" there are about 20 members.

One thought is, that it depends on this ActiveDirectory that was migrated (updated) from an Windows NT4-Domain. Perhaps the migrate failed for these users - I have not tried it with another domain yet.

Any thought getting that right ?

Thank you !
Sincerely, Caronas
0
Comment
Question by:caronas
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 3

Author Comment

by:caronas
ID: 12216969
p.s.: It is a Windows NT4-Domain updated with Windows 2003 Server Standard (Full Version)
0
 
LVL 8

Expert Comment

by:mxjijo
ID: 12218672

caronas,
           You question sounds more like an admin related one.
May be you should try posting this qn in OS area. Here it is more programming stuff.

good luck.
0
 
LVL 3

Author Comment

by:caronas
ID: 12218777
Hmm ... thats somewhat right, but ldap interface is used with programming only - administrators will not see that problem, because the AD User&Computer shows it all right.
0
 
LVL 3

Author Comment

by:caronas
ID: 12218811
I used some diffent methods (e.g. VBS:

set group=GetObject("LDAP://cn=Domain Admins,cn=Users,dc=mydomain, dc=de")
group.GetInfo
for each member in group.GetEx("member")
    WScript.Echo member
next
)
0
 
LVL 4

Accepted Solution

by:
Milind00 earned 500 total points
ID: 12224947
caronas,

The code you used is only returns the "member" property of the group. But, it is possible that the group can have members which are not listed in "memeber" property. This happes for "Primery Gourps".  For example - X user has primery group "Domain Admins", "X" user's primerygourp peroprty get set, not the member property of the group.

Users and Computers makes additional LDAP query to find members by looking at the primery groups of the users.

Hope this helps....

Milind
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As more and more people are shifting to the latest .Net frameworks, the windows presentation framework is gaining importance by the day. Many people are now turning to WPF controls to provide a rich user experience. I have been using WPF controls fo…
Entering time in Microsoft Access can be difficult. An input mask often bothers users more than helping them and won't catch all typing errors. This article shows how to create a textbox for 24-hour time input with full validation politely catching …
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question