Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Active Directory LDAP: Group membership incomplete

Posted on 2004-10-04
5
1,438 Views
Last Modified: 2013-12-03
Hello,

I have got a heavy problem with active-directory ldap access:

I try to find out which user is in wich group - or which users belong to each group.

The problem is, that in AD the "Domain Admin"-group has about 20 group members, but in LDAP-sight it has only 7 ??????

I tried [difde.exe -f export.ldf -r "(cn=Domain Admins)"] and got also 7 members.

In each way (even ADSI) there are only 7 members, but in reality and the "Active Directory Users & Computers" there are about 20 members.

One thought is, that it depends on this ActiveDirectory that was migrated (updated) from an Windows NT4-Domain. Perhaps the migrate failed for these users - I have not tried it with another domain yet.

Any thought getting that right ?

Thank you !
Sincerely, Caronas
0
Comment
Question by:caronas
  • 3
5 Comments
 
LVL 3

Author Comment

by:caronas
ID: 12216969
p.s.: It is a Windows NT4-Domain updated with Windows 2003 Server Standard (Full Version)
0
 
LVL 8

Expert Comment

by:mxjijo
ID: 12218672

caronas,
           You question sounds more like an admin related one.
May be you should try posting this qn in OS area. Here it is more programming stuff.

good luck.
0
 
LVL 3

Author Comment

by:caronas
ID: 12218777
Hmm ... thats somewhat right, but ldap interface is used with programming only - administrators will not see that problem, because the AD User&Computer shows it all right.
0
 
LVL 3

Author Comment

by:caronas
ID: 12218811
I used some diffent methods (e.g. VBS:

set group=GetObject("LDAP://cn=Domain Admins,cn=Users,dc=mydomain, dc=de")
group.GetInfo
for each member in group.GetEx("member")
    WScript.Echo member
next
)
0
 
LVL 4

Accepted Solution

by:
Milind00 earned 500 total points
ID: 12224947
caronas,

The code you used is only returns the "member" property of the group. But, it is possible that the group can have members which are not listed in "memeber" property. This happes for "Primery Gourps".  For example - X user has primery group "Domain Admins", "X" user's primerygourp peroprty get set, not the member property of the group.

Users and Computers makes additional LDAP query to find members by looking at the primery groups of the users.

Hope this helps....

Milind
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Run Program using VBScript 3 73
Windows Drag & Drop Location 2 108
Access 2013: API code to put hidden database icon in taskbar? 8 86
Authentication of Web Services 3 89
This article describes how to programmatically preset the "Pages per Sheet" option that's available with most printer drivers.   This setting lets you do "n-Up" printing, where two, four, or more pages are printed on each sheet of paper. If your …
As more and more people are shifting to the latest .Net frameworks, the windows presentation framework is gaining importance by the day. Many people are now turning to WPF controls to provide a rich user experience. I have been using WPF controls fo…
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question