Solved

AD Explorer Question

Posted on 2009-05-20
2
1,992 Views
Last Modified: 2012-05-07
Yesterday I downloaded AD Explorer by Sysinternals for the first time.  When I looked at the membership of my Domain Users group in AD Explorer, it only listed 12 members even though our domain has thousands of users.  When I entered Active Directory Users and Computers and viewed several user accounts, they were all listed as members of Domain Users but weren't listed in the Domain Users membership in AD Explorer.

Can somebody shed some light?
0
Comment
Question by:snoopfrogg
2 Comments
 
LVL 71

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 24433592

Hey,

The underlying attribute the normally shows group membership (on a group) is "member" AD Explorer will be using that one. However, if a group is set as the Primary Group the member isn't displayed in the "member" attribute, instead it's caught by linking the PrimaryGroupToken (on the group) to the PrimaryGroupID (on the user account).

I suspect that each of those 12 users have a different Primary Group set, which is why they're appearing in there. The rest won't appear because it is their Primary Group.

Chris
0
 
LVL 11

Author Comment

by:snoopfrogg
ID: 24433619
Ah!  Appreciate it Chris.  There's a really good reason why you're a Directory Services MVP!
0

Featured Post

Secure Your Active Directory - April 20, 2017

Active Directory plays a critical role in your company’s IT infrastructure and keeping it secure in today’s hacker-infested world is a must.
Microsoft published 300+ pages of guidance, but who has the time, money, and resources to implement? Register now to find an easier way.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
EXCHANGE, ACTIVE DIRECTORY 4 45
Recover options for a failed domain. 4 46
AD Account lockout 11 61
Export AD group members. 1 21
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question