Solved

Via Ldap how can i retrieve all group members?

Posted on 2011-09-15
11
516 Views
Last Modified: 2012-05-12
Hi,

Via Ldap how can i retrieve all group members?
So can use as a query in AD.
Thanks
0
Comment
Question by:bsharath
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 3
11 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 250 total points
ID: 36541725
You can use this in ADUC


 (&(objectcategory=person)(objectClass=user)(memberOf=DN of your group))

Thanks


Mike
0
 
LVL 11

Author Comment

by:bsharath
ID: 36541738
Thanks
But does not work

(&(&(objectcategory=person)(objectClass=user)(memberOf=IUK)))

IUK is the group name
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 36547100
When people refer to a DN, or distringuishedName, in Active Directory, it is the fully qualified name structure, as in
memberOf=CN=IUK,OU=SecondOU,OU=FirstOU,DC=domain,DC=com

Rob.
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 11

Author Comment

by:bsharath
ID: 36547331
Thanks Rob it does work
Can we just give the group name rather than whole
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 36547357
not via an ldap query using memberof, you need then entire DN

thanks

Mike
0
 
LVL 11

Author Comment

by:bsharath
ID: 36547382
Any other ways?
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 36547392
The only other way is via a script, or the command line tools, I think something like
dsquery group domainroot -name iuk* | dsget group -members

Rob.
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 36547401
If you get
dsget failed:`Target object for this command' is missing.

that means that the dsquery did not find a group name matching your string value.

Rob.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 36547494
are you just trying to run queries against AD?   Can you use third party (free) tools also?
0
 
LVL 11

Author Comment

by:bsharath
ID: 36547507
I want it via the AD queries
0
 
LVL 65

Assisted Solution

by:RobSampson
RobSampson earned 250 total points
ID: 36547525
You can't do wildcards in ADUC with MemberOf. You have to use the dsquery and dsget tools for the simplest method, or write a script to prompt from the group name.
0

Featured Post

Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article runs through the process of deploying a single EXE application selectively to a group of user.
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
The goal of the video will be to teach the user the difference and consequence of passing data by value vs passing data by reference in C++. An example of passing data by value as well as an example of passing data by reference will be be given. Bot…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question