Active Directory / LDAP Question

Posted on 2006-04-11
Last Modified: 2010-04-13
I have an LDAP query that gathers the memberOf attributes for a particular user.  I want to know if there is a way to distinguish between distribution groups and security groups.  I would like to only gather the security groups for a particular user but I'm currently also getting the distribution groups too, which I don't want.
Question by:maytawn
    LVL 70

    Accepted Solution


    I don't think you could do this with an LDAP query, it's not a distinct property of the group that gives the type. This is a VbScript example of how you distinguish between the two:


    Set objADSystemInfo = CreateObject("ADSystemInfo")
    Set objUser = GetObject("LDAP://" & objADSystemInfo.UserName)

    For Each strGroupDN in objUser.GetEx("memberOf")
        Set objGroup = GetObject("LDAP://" & strGroupDN)
        intGroupType = objGroup.Get("groupType")
        If intGroupType And ADS_GROUP_TYPE_SECURITY_ENABLED Then
            WScript.Echo objGroup.Get("name") & ": Security Group"
            WScript.Echo objGroup.Get("name") & ": Distribution Group"
        End If


    LVL 1

    Author Comment

    This looks good.  So it looks like I will need to query each group to determine its type.  Can you explain this line a little more.


    Also, can you point me toward some documentation that provides a more detailed explaination of how groups are distinguished.  i.e. why do security groups tend to have long negative numbers as their value.
    LVL 1

    Author Comment

    The answer listed above ouputs correct results, but there is no explanation as to how I can distinguish between the two types.  I asked for clarification, but have not received any.  I would be agreeable to awarding partial points... but certainly not full points.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
    In the modern office, employees tend to move around the workplace a lot more freely. Conferences, collaborative groups, flexible seating and working from home require a new level of mobility. Technology has not only changed the behavior and the expe…
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now