Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Active Directory LDAP: Group membership incomplete

Posted on 2004-10-04
5
Medium Priority
?
1,442 Views
Last Modified: 2013-12-03
Hello,

I have got a heavy problem with active-directory ldap access:

I try to find out which user is in wich group - or which users belong to each group.

The problem is, that in AD the "Domain Admin"-group has about 20 group members, but in LDAP-sight it has only 7 ??????

I tried [difde.exe -f export.ldf -r "(cn=Domain Admins)"] and got also 7 members.

In each way (even ADSI) there are only 7 members, but in reality and the "Active Directory Users & Computers" there are about 20 members.

One thought is, that it depends on this ActiveDirectory that was migrated (updated) from an Windows NT4-Domain. Perhaps the migrate failed for these users - I have not tried it with another domain yet.

Any thought getting that right ?

Thank you !
Sincerely, Caronas
0
Comment
Question by:caronas
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 3

Author Comment

by:caronas
ID: 12216969
p.s.: It is a Windows NT4-Domain updated with Windows 2003 Server Standard (Full Version)
0
 
LVL 8

Expert Comment

by:mxjijo
ID: 12218672

caronas,
           You question sounds more like an admin related one.
May be you should try posting this qn in OS area. Here it is more programming stuff.

good luck.
0
 
LVL 3

Author Comment

by:caronas
ID: 12218777
Hmm ... thats somewhat right, but ldap interface is used with programming only - administrators will not see that problem, because the AD User&Computer shows it all right.
0
 
LVL 3

Author Comment

by:caronas
ID: 12218811
I used some diffent methods (e.g. VBS:

set group=GetObject("LDAP://cn=Domain Admins,cn=Users,dc=mydomain, dc=de")
group.GetInfo
for each member in group.GetEx("member")
    WScript.Echo member
next
)
0
 
LVL 4

Accepted Solution

by:
Milind00 earned 2000 total points
ID: 12224947
caronas,

The code you used is only returns the "member" property of the group. But, it is possible that the group can have members which are not listed in "memeber" property. This happes for "Primery Gourps".  For example - X user has primery group "Domain Admins", "X" user's primerygourp peroprty get set, not the member property of the group.

Users and Computers makes additional LDAP query to find members by looking at the primery groups of the users.

Hope this helps....

Milind
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes how to programmatically preset the "Pages per Sheet" option that's available with most printer drivers.   This setting lets you do "n-Up" printing, where two, four, or more pages are printed on each sheet of paper. If your …
zlib is a free compression library (a DLL) on which the popular gzip utility is built.  In this article, we'll see how to use the zlib functions to compress and decompress data in memory; that is, without needing to use a temporary file.  We'll be c…
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question