?
Solved

Searching multilpe group memberships

Posted on 2008-10-28
2
Medium Priority
?
177 Views
Last Modified: 2010-04-21
Hi,

We have an all staff email address, made up of individual users and other distribution groups (All Staff - Scotland for example).  i want to run a Query to find any users who are not part of the all staff distribution list.

I had a go at a few LDAP Queries, but I could not get past checking membership of a single group, example below.

(&(&(&(|(&(objectCategory=person)(objectSid=*)(!samAccountType:1.2.840.113556.1.4.804:=3))(&(objectCategory=person)(!objectSid=*))(&(objectCategory=group)(groupType:1.2.840.113556.1.4.804:=14))))(objectCategory=user)(!memberOf=all staff)(!memberOf=All Staff - Central)(!memberOf=All Staff - Northern Ireland)))

Cheers
0
Comment
Question by:LCPete
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 1500 total points
ID: 22826899
You're better off using some VBScript logic that will chase nested group membership, so that checking against the membership of "All Staff" will return true/false regardless of whether the user is a direct or nested member.

Some examples of scripts you can use to test for nested group memberships can be found here: http://www.rlmueller.net/freecode2.htm
0
 

Author Closing Comment

by:LCPete
ID: 31510760
Thanks for pointing me in the right direction.
0

Featured Post

[Webinar] How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question