Solved

Via Ldap how can i retrieve all group members?

Posted on 2011-09-15
11
518 Views
Last Modified: 2012-05-12
Hi,

Via Ldap how can i retrieve all group members?
So can use as a query in AD.
Thanks
0
Comment
Question by:bsharath
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 3
11 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 250 total points
ID: 36541725
You can use this in ADUC


 (&(objectcategory=person)(objectClass=user)(memberOf=DN of your group))

Thanks


Mike
0
 
LVL 11

Author Comment

by:bsharath
ID: 36541738
Thanks
But does not work

(&(&(objectcategory=person)(objectClass=user)(memberOf=IUK)))

IUK is the group name
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 36547100
When people refer to a DN, or distringuishedName, in Active Directory, it is the fully qualified name structure, as in
memberOf=CN=IUK,OU=SecondOU,OU=FirstOU,DC=domain,DC=com

Rob.
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 11

Author Comment

by:bsharath
ID: 36547331
Thanks Rob it does work
Can we just give the group name rather than whole
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 36547357
not via an ldap query using memberof, you need then entire DN

thanks

Mike
0
 
LVL 11

Author Comment

by:bsharath
ID: 36547382
Any other ways?
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 36547392
The only other way is via a script, or the command line tools, I think something like
dsquery group domainroot -name iuk* | dsget group -members

Rob.
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 36547401
If you get
dsget failed:`Target object for this command' is missing.

that means that the dsquery did not find a group name matching your string value.

Rob.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 36547494
are you just trying to run queries against AD?   Can you use third party (free) tools also?
0
 
LVL 11

Author Comment

by:bsharath
ID: 36547507
I want it via the AD queries
0
 
LVL 65

Assisted Solution

by:RobSampson
RobSampson earned 250 total points
ID: 36547525
You can't do wildcards in ADUC with MemberOf. You have to use the dsquery and dsget tools for the simplest method, or write a script to prompt from the group name.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
The viewer will learn how to use the return statement in functions in C++. The video will also teach the user how to pass data to a function and have the function return data back for further processing.
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question