Solved

Unable to find all members in Active Directory groups

Posted on 2010-08-18
3
559 Views
Last Modified: 2013-12-24
I am writing a VB.Net application that lists all the groups (190+) and their corresponding members from our OU and its subOUs.  However, after trying VB.Net DirectorySearcher and an additional 4-6 different vbscripts I am incurring the same problem.  I have a group (sqlServer) that is showng to be empty, even though it has a user acount (userSQL) if I check it manually.  The subOU that holds sqlServer has another two groups, sqlAgent and sqlText, that both have userSQL as their only member and the scripts list userSQL.  I do not understand why userSQL is listed for the first 2 groups and not the third.  I have manually checked 30+ groups and this is the only anomaly so far.  I didn't post any code since it is happening with 6 different scripts.  Thanks.

P.S. I woud prefer to not remove/insert the user because of that group's function.
0
Comment
Question by:tosmserversupport
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 71

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 33466654
Hello,

The simplest explanation would be that userSQL's Primary Group is set to sqlServer. The Primary Group isn't part of the memberOf / member combination and is instead matched by the primaryGroupID and primaryGroupToken attributes.

It should be pretty easy to see in the user properties.

HTH

Chris
0
 
LVL 14

Expert Comment

by:Shabarinath Ramadasan
ID: 33466682
What is the scope of the group? Global or Domain Local or Universal?

Also, try this powershell and see the result.

Get-QADGroupMember -Identity "groupname"

To give more suggestion, please share the ldap filter you are using inside the code.

Good Luck
Shaba
0
 

Author Comment

by:tosmserversupport
ID: 33466870
Chris,

You are correct that sqlServer is userSQL's primary group.  I'm going to look into this more.  Thanks
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
Your data is at risk. Probably more today that at any other time in history. There are simply more people with more access to the Web with bad intentions.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question