Solved

Searching multilpe group memberships

Posted on 2008-10-28
2
174 Views
Last Modified: 2010-04-21
Hi,

We have an all staff email address, made up of individual users and other distribution groups (All Staff - Scotland for example).  i want to run a Query to find any users who are not part of the all staff distribution list.

I had a go at a few LDAP Queries, but I could not get past checking membership of a single group, example below.

(&(&(&(|(&(objectCategory=person)(objectSid=*)(!samAccountType:1.2.840.113556.1.4.804:=3))(&(objectCategory=person)(!objectSid=*))(&(objectCategory=group)(groupType:1.2.840.113556.1.4.804:=14))))(objectCategory=user)(!memberOf=all staff)(!memberOf=All Staff - Central)(!memberOf=All Staff - Northern Ireland)))

Cheers
0
Comment
Question by:LCPete
2 Comments
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 500 total points
ID: 22826899
You're better off using some VBScript logic that will chase nested group membership, so that checking against the membership of "All Staff" will return true/false regardless of whether the user is a direct or nested member.

Some examples of scripts you can use to test for nested group memberships can be found here: http://www.rlmueller.net/freecode2.htm
0
 

Author Closing Comment

by:LCPete
ID: 31510760
Thanks for pointing me in the right direction.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
DNS Replication 12 68
Configuring DAG with different CU level ? 6 38
Enforcing the Duplex printing and B&W for all employee ? 9 39
GPO on certain users 17 33
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question