Solved

Query for Domain Admins Accounts

Posted on 2006-07-05
8
5,417 Views
Last Modified: 2008-02-01
How do i create a saved query in active directory (Windows 2003) to list all accounts who are member of Domain Admins Group?

Thanks,

JT-
0
Comment
Question by:swhcs
  • 5
  • 3
8 Comments
 
LVL 26

Expert Comment

by:Pber
ID: 17045191
Here's the LDAP syntax:

(&(objectCategory=user)(memberOf=CN=Domain Admins,CN=Users,DC=domain,dc=com))

Change the DC=Domain,DC=com to match your domain name.

Also you might have to change the CN=Users as well if you moved the OU.  Ultimately you have to have the full DN of where the domain admins group lives.

1
 
LVL 26

Expert Comment

by:Pber
ID: 17045246
Maybe some more info is needed...

When creating the saved Query
Select New then Define Query
Select Custom Search from the Find Drop down
Click Advanced and paste the LDAP syntax below:

(&(objectCategory=user)(memberOf=CN=Domain Admins,CN=Users,DC=domain,dc=com))

or just

(memberOf=CN=Domain Admins,CN=Users,DC=domain,dc=com)

0
 

Author Comment

by:swhcs
ID: 17045672
it still doesn't work...i can't even query the list of users belong to a builtin group by using the wizard either.
Here's the syntax to query for domain users arrived from the wizard:
(&(objectCategory=user)(memberOf=Domain Users*))

Any ideas?

Thanks,


0
 
LVL 26

Expert Comment

by:Pber
ID: 17045727
Mine won't work either if I do it with a wildcard.  I use the full DN.

also make sure your query root is set at the root of the domain.
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 

Author Comment

by:swhcs
ID: 17045776
We must be missing something here....Any experts out there can help?
0
 
LVL 26

Accepted Solution

by:
Pber earned 50 total points
ID: 17045898
Mine works fine

I have a custom query,
Query root is the root of the domain
Include subcontainers is checked

the LDAP syntax is:

(&(objectCategory=user)(memberOf=CN=Domain Admins,CN=Users,DC=domain,dc=com))

See this:
http://support.microsoft.com/newsgroups/default.aspx?dg=microsoft.public.win2000.active_directory&tid=53c009f1-d052-4946-91ec-d56a2ce1fb4f&p=1
1
 

Author Comment

by:swhcs
ID: 17046279
It's working now using the custom query.
(&(objectCategory=user)(memberOf=CN=Domain Admins,CN=Users,DC=domain,dc=com))

Thanks, Pber
0
 
LVL 26

Expert Comment

by:Pber
ID: 17046652
good to hear
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
Learn about cloud computing and its benefits for small business owners.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now