[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Query for Domain Admins Accounts

Posted on 2006-07-05
8
Medium Priority
?
6,607 Views
Last Modified: 2008-02-01
How do i create a saved query in active directory (Windows 2003) to list all accounts who are member of Domain Admins Group?

Thanks,

JT-
0
Comment
Question by:swhcs
  • 5
  • 3
8 Comments
 
LVL 26

Expert Comment

by:Pber
ID: 17045191
Here's the LDAP syntax:

(&(objectCategory=user)(memberOf=CN=Domain Admins,CN=Users,DC=domain,dc=com))

Change the DC=Domain,DC=com to match your domain name.

Also you might have to change the CN=Users as well if you moved the OU.  Ultimately you have to have the full DN of where the domain admins group lives.

1
 
LVL 26

Expert Comment

by:Pber
ID: 17045246
Maybe some more info is needed...

When creating the saved Query
Select New then Define Query
Select Custom Search from the Find Drop down
Click Advanced and paste the LDAP syntax below:

(&(objectCategory=user)(memberOf=CN=Domain Admins,CN=Users,DC=domain,dc=com))

or just

(memberOf=CN=Domain Admins,CN=Users,DC=domain,dc=com)

0
 

Author Comment

by:swhcs
ID: 17045672
it still doesn't work...i can't even query the list of users belong to a builtin group by using the wizard either.
Here's the syntax to query for domain users arrived from the wizard:
(&(objectCategory=user)(memberOf=Domain Users*))

Any ideas?

Thanks,


0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 26

Expert Comment

by:Pber
ID: 17045727
Mine won't work either if I do it with a wildcard.  I use the full DN.

also make sure your query root is set at the root of the domain.
0
 

Author Comment

by:swhcs
ID: 17045776
We must be missing something here....Any experts out there can help?
0
 
LVL 26

Accepted Solution

by:
Pber earned 150 total points
ID: 17045898
Mine works fine

I have a custom query,
Query root is the root of the domain
Include subcontainers is checked

the LDAP syntax is:

(&(objectCategory=user)(memberOf=CN=Domain Admins,CN=Users,DC=domain,dc=com))

See this:
http://support.microsoft.com/newsgroups/default.aspx?dg=microsoft.public.win2000.active_directory&tid=53c009f1-d052-4946-91ec-d56a2ce1fb4f&p=1
1
 

Author Comment

by:swhcs
ID: 17046279
It's working now using the custom query.
(&(objectCategory=user)(memberOf=CN=Domain Admins,CN=Users,DC=domain,dc=com))

Thanks, Pber
0
 
LVL 26

Expert Comment

by:Pber
ID: 17046652
good to hear
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
Learn about cloud computing and its benefits for small business owners.
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question