Active Directory LDAP: Group membership incomplete
Posted on 2004-10-04
I have got a heavy problem with active-directory ldap access:
I try to find out which user is in wich group - or which users belong to each group.
The problem is, that in AD the "Domain Admin"-group has about 20 group members, but in LDAP-sight it has only 7 ??????
I tried [difde.exe -f export.ldf -r "(cn=Domain Admins)"] and got also 7 members.
In each way (even ADSI) there are only 7 members, but in reality and the "Active Directory Users & Computers" there are about 20 members.
One thought is, that it depends on this ActiveDirectory that was migrated (updated) from an Windows NT4-Domain. Perhaps the migrate failed for these users - I have not tried it with another domain yet.
Any thought getting that right ?
Thank you !