Solved

Unable to find all members in Active Directory groups

Posted on 2010-08-18
3
550 Views
Last Modified: 2013-12-24
I am writing a VB.Net application that lists all the groups (190+) and their corresponding members from our OU and its subOUs.  However, after trying VB.Net DirectorySearcher and an additional 4-6 different vbscripts I am incurring the same problem.  I have a group (sqlServer) that is showng to be empty, even though it has a user acount (userSQL) if I check it manually.  The subOU that holds sqlServer has another two groups, sqlAgent and sqlText, that both have userSQL as their only member and the scripts list userSQL.  I do not understand why userSQL is listed for the first 2 groups and not the third.  I have manually checked 30+ groups and this is the only anomaly so far.  I didn't post any code since it is happening with 6 different scripts.  Thanks.

P.S. I woud prefer to not remove/insert the user because of that group's function.
0
Comment
Question by:tosmserversupport
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 71

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 33466654
Hello,

The simplest explanation would be that userSQL's Primary Group is set to sqlServer. The Primary Group isn't part of the memberOf / member combination and is instead matched by the primaryGroupID and primaryGroupToken attributes.

It should be pretty easy to see in the user properties.

HTH

Chris
0
 
LVL 14

Expert Comment

by:Shabarinath Ramadasan
ID: 33466682
What is the scope of the group? Global or Domain Local or Universal?

Also, try this powershell and see the result.

Get-QADGroupMember -Identity "groupname"

To give more suggestion, please share the ldap filter you are using inside the code.

Good Luck
Shaba
0
 

Author Comment

by:tosmserversupport
ID: 33466870
Chris,

You are correct that sqlServer is userSQL's primary group.  I'm going to look into this more.  Thanks
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question