?
Solved

AD Explorer Question

Posted on 2009-05-20
2
Medium Priority
?
2,067 Views
Last Modified: 2012-05-07
Yesterday I downloaded AD Explorer by Sysinternals for the first time.  When I looked at the membership of my Domain Users group in AD Explorer, it only listed 12 members even though our domain has thousands of users.  When I entered Active Directory Users and Computers and viewed several user accounts, they were all listed as members of Domain Users but weren't listed in the Domain Users membership in AD Explorer.

Can somebody shed some light?
0
Comment
Question by:snoopfrogg
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 71

Accepted Solution

by:
Chris Dent earned 2000 total points
ID: 24433592

Hey,

The underlying attribute the normally shows group membership (on a group) is "member" AD Explorer will be using that one. However, if a group is set as the Primary Group the member isn't displayed in the "member" attribute, instead it's caught by linking the PrimaryGroupToken (on the group) to the PrimaryGroupID (on the user account).

I suspect that each of those 12 users have a different Primary Group set, which is why they're appearing in there. The rest won't appear because it is their Primary Group.

Chris
0
 
LVL 11

Author Comment

by:snoopfrogg
ID: 24433619
Ah!  Appreciate it Chris.  There's a really good reason why you're a Directory Services MVP!
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Let's recap what we learned from yesterday's Skyport Systems webinar.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question