Solved

Query for Domain Admins Accounts

Posted on 2006-07-05
8
5,831 Views
Last Modified: 2008-02-01
How do i create a saved query in active directory (Windows 2003) to list all accounts who are member of Domain Admins Group?

Thanks,

JT-
0
Comment
Question by:swhcs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 26

Expert Comment

by:Pber
ID: 17045191
Here's the LDAP syntax:

(&(objectCategory=user)(memberOf=CN=Domain Admins,CN=Users,DC=domain,dc=com))

Change the DC=Domain,DC=com to match your domain name.

Also you might have to change the CN=Users as well if you moved the OU.  Ultimately you have to have the full DN of where the domain admins group lives.

1
 
LVL 26

Expert Comment

by:Pber
ID: 17045246
Maybe some more info is needed...

When creating the saved Query
Select New then Define Query
Select Custom Search from the Find Drop down
Click Advanced and paste the LDAP syntax below:

(&(objectCategory=user)(memberOf=CN=Domain Admins,CN=Users,DC=domain,dc=com))

or just

(memberOf=CN=Domain Admins,CN=Users,DC=domain,dc=com)

0
 

Author Comment

by:swhcs
ID: 17045672
it still doesn't work...i can't even query the list of users belong to a builtin group by using the wizard either.
Here's the syntax to query for domain users arrived from the wizard:
(&(objectCategory=user)(memberOf=Domain Users*))

Any ideas?

Thanks,


0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 26

Expert Comment

by:Pber
ID: 17045727
Mine won't work either if I do it with a wildcard.  I use the full DN.

also make sure your query root is set at the root of the domain.
0
 

Author Comment

by:swhcs
ID: 17045776
We must be missing something here....Any experts out there can help?
0
 
LVL 26

Accepted Solution

by:
Pber earned 50 total points
ID: 17045898
Mine works fine

I have a custom query,
Query root is the root of the domain
Include subcontainers is checked

the LDAP syntax is:

(&(objectCategory=user)(memberOf=CN=Domain Admins,CN=Users,DC=domain,dc=com))

See this:
http://support.microsoft.com/newsgroups/default.aspx?dg=microsoft.public.win2000.active_directory&tid=53c009f1-d052-4946-91ec-d56a2ce1fb4f&p=1
1
 

Author Comment

by:swhcs
ID: 17046279
It's working now using the custom query.
(&(objectCategory=user)(memberOf=CN=Domain Admins,CN=Users,DC=domain,dc=com))

Thanks, Pber
0
 
LVL 26

Expert Comment

by:Pber
ID: 17046652
good to hear
0

Featured Post

Backup Solution for AWS

Read about how CloudBerry Backup fully integrates your backups with Amazon S3 and Amazon Glacier to provide military-grade encryption and dramatically cut storage costs on any platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
idle mapped drive 10 69
Trasfering FSMO roles 8 110
Access denied running PowerPivot -SQL Server 2014 on Windows Server 2012 10 58
BgInfo help 5 65
I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question