Solved

AD Explorer Question

Posted on 2009-05-20
2
1,926 Views
Last Modified: 2012-05-07
Yesterday I downloaded AD Explorer by Sysinternals for the first time.  When I looked at the membership of my Domain Users group in AD Explorer, it only listed 12 members even though our domain has thousands of users.  When I entered Active Directory Users and Computers and viewed several user accounts, they were all listed as members of Domain Users but weren't listed in the Domain Users membership in AD Explorer.

Can somebody shed some light?
0
Comment
Question by:snoopfrogg
2 Comments
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 24433592

Hey,

The underlying attribute the normally shows group membership (on a group) is "member" AD Explorer will be using that one. However, if a group is set as the Primary Group the member isn't displayed in the "member" attribute, instead it's caught by linking the PrimaryGroupToken (on the group) to the PrimaryGroupID (on the user account).

I suspect that each of those 12 users have a different Primary Group set, which is why they're appearing in there. The rest won't appear because it is their Primary Group.

Chris
0
 
LVL 11

Author Comment

by:snoopfrogg
ID: 24433619
Ah!  Appreciate it Chris.  There's a really good reason why you're a Directory Services MVP!
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
google apps AD sync for groups 3 44
Exchange 2010 - securing email internally? 1 41
EXCHANGE, ACTIVE DIRECTORY 1 41
Windows DNS Zone for a Host 2 51
I'm sure that every Windows systems administrator has written, or at least used, a batch or VBS login script at some point in their career, whether it is to map network drives, install printers, or set some user preferences.  No more! With Window…
As network administrators; we know how hard it is to track user’s login/logout using security event log (BTW it is harder now in windows 2008 because user name is always “N/A” in the grid), and most of us either get 3rd party tools, or just make our…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now